Friend.tech recently experienced a significant privacy violation resulting in the unintended release of confidential data of over 101,000 users.
Banteg, an essential participant in the renowned DeFi initiative Yearn Finance, has uploaded a collection of openly accessible data on GitHub, uncovering vital information about more than 101,000 Friend.tech users.
The disclosed data features wallet addresses on Base and the associated Twitter handles.
In a tweet from Monday, Banteg remarked, “101,183 individuals granted friend.tech permission to post on their behalf, as indicated by the leaked database.”
But the privacy issues extend beyond the initial breach. Banteg has drawn attention to a troubling aspect of Friend.tech’s permissions.
It seems that these users might have inadvertently allowed Friend.tech the right to post for them, potentially without fully understanding the permissions they were granting or without their clear approval.
The breach became evident after analysts from Spot On Chain found that Friend.tech’s API had unintentionally exposed the data.
Through the API, analysts discovered that it was possible to access wallet details set up by users, along with linked Twitter handles.
Debuted in its beta phase on August 11, Friend.tech enables users to monetize their social networks by buying and selling “shares” related to their connections.
Friend.tech imposes a 5% transaction fee, with the profit from the trading margin going to the owner. The platform operates on Coinbase’s layer-2 network, Base.
Friend.tech Says the Information Was Already Public
In response to the incident, Friend.tech attempted to minimize the gravity of the situation.
They argued that the exposed data was openly accessible via their API, suggesting that accessing it was akin to viewing someone’s public Twitter profile.
In a recent tweet, they commented, “This is essentially someone accessing our public API, which displays the link between public wallet addresses and public Twitter usernames.”
The privacy issues associated with Friend.tech arise at a time when the platform has been gaining momentum. It has recently seen signups from prominent figures and has recorded protocol fees surpassing $1.42 million in just the past day.
Friend.tech’s remarkable ascent has now ranked it among the top three cryptocurrency projects based on user-incurred fees.
The primary architect behind this initiative is thought to be a developer known by the pseudonym, Racer.
In the past, Racer has been credited with crafting social media platforms like TweetDAO and Stealcam, both built on the foundation of non-fungible tokens (NFTs).
With Friend.tech, Racer’s objective is to appeal to crypto influencers boasting significant followers, granting them a chance to garner royalties from transaction fees.
Moreover, the platform aims to foster stronger ties among Web3 projects, venture capitalists, and key personalities in the cryptocurrency realm.