Some customers of Buddy.tech, a decentralized social community that lets folk aquire and promote “keys” linked to their X accounts, reported being exploited in a SIM swap assault on Tuesday.

A SIM swap assault occurs when a scammer programs a cell telephone provider into switching another user’s cell number to a SIM in his or her possession. As soon as the scammer has received regulate over the user’s cell number, they can alternate the passwords to the entire sufferer’s accounts that require two-factor authentication.

Obtained sim swapped. It sounds as if dude become in a plight to originate it from an apple store and switched it to an iphone SE. Don't aquire my keys, that wallet is compromised.@friendtech

— sumfattytuna 🪺⛓️ (@sumfattytuna) October 4, 2023

I become factual SIM swapped and robbed of twenty-two ETH by potential of @friendtech

The 34 of my beget keys that I owned had been equipped, rugging someone who held my key, the entire other keys I owned had been equipped, and the remainder of the ETH in my wallet become drained.

In case your Twitter account is doxxed to your true… pic.twitter.com/5wA86mjYEG

— daren (pal, pal) (@darengb) October 3, 2023

A alternative of customers centered by the SIM-swap attacker reported having their ETH stolen from their accounts on the Buddy.tech platform.

“In case your Twitter account is doxxed to your true name, your cell telephone number may perhaps perhaps most likely most likely be found, and this may perhaps perhaps most likely occur to you,” wrote X user “@darengb.”

“I opened FriendTech and notion there become a worm because my Chat become empty, I tried having a note at Octav and then saw another particular person’s tweet about SIM swapping on FT [Friend.tech] and that’s after I noticed what had came about.”

Experiences of funds being drained on Buddy.tech started as early as final week, but the attacker doesn’t seem like shut to stopping. The scammer has netted over 234 ETH, rate around $385,000, from four plenty of Buddy.tech customers over a 24-hour period, in step with blockchain transaction files traced by on-chain sleuth ZachXBT.

The identical scammer profited $385K (234 ETH) previously 24 hours off SIM swapping four plenty of FriendTech customers. pic.twitter.com/03BoBEqGax

— ZachXBT (@zachxbt) October 4, 2023

ZachXBT has previously warned of SIM swap attacks that have centered folk in the crypto space, with a reported $13.3 million having been stolen by procedure of 54 SIM swaps. Included in the list of SIM Swap victims had been the Aptos Community, PleasrDAO and Metis DAO.

It’s rate noting that Buddy.tech itself isn’t at risk, nor has the code on its platform been exploited by hackers. Even though SMS two-factor authentication is widely notion of as an added preventive measure, on this case, interestingly it become the downfall of customers who added that as a security probability.

“When an account is compromised, scammers strive to procedure a sense of urgency with a unsuitable claim to empty your sources. Never use SMS 2FA and as an alternate use an authenticator app or security key to get accounts,” stated ZachXBT in an August X submit.