Mastodon adds new security upgrade in wake of SIM-swap attacks Trending Crypto News adds new security upgrade in wake of SIM-swap attacks
Sharing is Caring

The team behind the decentralized social media platform has added a new security feature amid attempts to stem a flood of SIM-swap attacks targeting its users.

“You can now add a 2FA password to your account for additional protection if your cell carrier or email service becomes compromised,” the team explained in an Oct. 9 post on X (formerly Twitter). users will be prompted to add another password in when signing onto new devices.

“Neither the friendtech nor Privy teams can reset these passwords, so please use care when using this feature,” added.

The latest change follows several SIM-swap attacks targeting users since September.

On Sept. 30, froggie.eth was among the first in a string of users to be compromised by a SIM-swap attack, urging others to stay vigilant.

More users came forward with similar stories in the following days with an estimated 109 Ether (ETH), worth around $172,000, stolen from four users within a week. Another four users were targeted over a 24-hour period just days later, with another $385,000 worth of Ether stolen. had already updated its security once on Oct. 4 to allow users to add or remove various login methods in an attempt to mitigate the risk of SIM-swap exploits.

Several observers criticized for not implementing the solution sooner.

“Finally,” one user said, while another said: “took you long enough.”

However, a prominent creator on, 0xCaptainLevi, was more optimistic, stressing that 2FA is a “big deal” and can help push the social media platform to unseen heights:

In an Oct. 8 X thread, Blockworks founder Jason Yanowitz revealed one of the ways the SIM-swap attacks are being orchestrated. The process involves a text message that asks the user for a number change request, where users can reply with “YES” to approve the change or “NO” to decline it.

If the user responds with “NO” — the user is then sent a real verification code from and is prompted to send the code to the scammer’s number.

“If we do not hear a response within 2 hours, the change will proceed as requested,” a follow-up message shows.

“In reality, if I sent the code, my account would get wiped,” he said.

Related: Friend​.tech copycat Stars Arena patches exploit after some funds drained

The total value locked on currently sits at $43.9 million, down 15.5% from its all-time high of $52 million on Oct. 2, according to DefiLlama.

Change in total value locked on since Aug. 10. Source: DefiLlama.

Cointelegraph reached out to for comment but did not receive an immediate response.

Magazine: Blockchain detectives — Mt. Gox collapse saw birth of Chainalysis