Content Directory:

· SIM card stolen by hackers

· Is Verizon SMS verification a security vulnerability?

· Vitalik also experienced SIM Swap before

On October 3rd, @darengb posted on social media platform X (formerly Twitter) stating "I just had my SIM card swapped and 22 ETH was stolen from me." It is reported that all the keys owned by the user on friend.tech as well as the user's keys held on other people's accounts have been sold. Currently, the remaining ETH in the user's wallet has been depleted. "If your Twitter account is searched for your real name, your phone number can be found, and this could happen to you," @darengb added.

SIM card stolen by hackers

Real names and phone numbers were obtained through a Twitter account search, which led to the theft of friend.tech account keys. The underlying logic behind this was that the user's SIM card, which was bound to the account, was replaced by hackers.

@darengb also described in his tweet the detailed process of his friend.tech being stolen. "Earlier today, I started receiving spam emails every minute, which caused me to mute my phone (I think this is the key), so I didn't see Verizon's text message telling me someone was trying to access my account. Things happened quickly, and Verizon gave me almost no response time. I opened FriendTech, thinking there was an error because my chat room was empty. I tried to look at Octav, and then saw other people's tweets about SIM card swapping on FT. It was then that I realized what had happened."

This incident has also sparked intense community comments, among which @IncomeSharks posted stating, "The same thing happened to me, and those people sent me spam messages first. Because the operator will not wait for me to approve the request, if I do not reply within 10 minutes, they will approve the SIM card exchange. Mobile operators are too bad! SIM exchange should not be a problem."

@AloshyAkasoto said, "This is not just a friend.tech issue, but also because their wallet provider, privy, allows users to register with their phone numbers. Unfortunately, phone numbers are the weakest link in network security. All dApps using privy as their wallet provider may have the same vulnerability."

Verizon SMS verification may be a security vulnerability

However, as early as September 18th, @Montana_Wong mentioned in a tweet that "I am a fan of friend.tech, but I am afraid to hold funds there. Because 1. Your wallet balance is public information 2. It uses SMS for identity verification. If you have a high enough balance, you will become a target for SIM swapping... Hackers will throw away the keys you hold and take out your dollars."

And the telecommunications industry behind friend.tech is supported by Verizon. Verizon obtained a patent approval from the US Patent and Trademark Office in 2019, which mentioned a data system related to blockchain and virtual SIM cards. According to the patent document, this system will provide special user accounts for virtual SIM cards (vSIM) and can activate this SIM card on the device. After the SIM card is activated, a message will be published on the blockchain network to confirm this activation behavior.

Related reading: "Verizon applies for virtual SIM card blockchain patent to improve activation speed and security"

Virtual SIM cards are not a new concept. They can be used for network registration on devices that do not provide physical SIM cards, such as Apple Watch. The blockchain confirmation technology provided by Verizon will improve activation speed and security. Blockchain can encrypt user data and ensure that only one device is using this vSIM card at the same time.

Last January, Verizon posted a job listing for a partner manager on LinkedIn, indicating the company's plans to enter the fields of NFT, Web 3, and metaverse. In response to the SIM card swap incident, @CryptoWithNickstated that Verizon has implemented a new feature called "Num Lock" to combat SIM card swapping.

However, community members still question this. @wholeisticguy posted on Twitter, "The process and technology are fundamentally insecure, and no one can guarantee it. SMS, your SIM card, and your phone number are not secure and cannot be guaranteed to be secure. Never use them to protect anything, and anything that uses them to guarantee security is insecure."

Vitalik has also experienced SIM Swap before

The loss caused by the replacement of SIM cards seems to be nothing new in the encryption industry. BlockBeats reported on September 10th that Vitalik, the co-founder of Ethereum, had his Twitter account hacked and phishing links were posted. According to ZachXBT, the hacker stole about $691,000. On September 12th, Vitalik posted on social media that he had retrieved his T-mobile account and confirmed that the previous attack was a SIM card swap attack. September 12th.

Vitalik explained that, as far as X is concerned, holding a phone number is enough to reset its account password. He had previously seen the advice that "phone numbers are not secure, do not use them for identity verification," but did not realize the problem. It is currently speculated that the phone number was leaked when registering for Twitter Blue.

Welcome to join the official BlockBeats community:

Telegram Subscription Group: https://t.me/theblockbeats

Telegram Discussion Group: https://t.me/BlockBeats_App

Official Twitter Account: https://twitter.com/BlockBeatsAsia