unknown but my assumption is that they are running a scaled down version of a telco and virtually routing phone calls to their own infra that pulls login codes from their phone 2FA service and sends them through the fragment site after you authenticate with your TON wallet
Pretty cool! They don’t really need their token at all to do that (in fact, it adds a lot of friction), but I get it they’re trying to build utility.