Security Breach: Leaked Database Exposes User Information on friend.tech
A pseudonymous core contributor to Yearn Finance, Banteg, has published a leaked database containing critical details of users on the friend.tech platform. The leaked information includes over 101,000 users’ Ethereum addresses and corresponding Twitter usernames. Banteg also revealed that these users had granted friend.tech the ability to post on their behalf, potentially without full understanding or consent.
Key Points:
1. Leaked Database: Banteg released a GitHub repository containing a CSV file with detailed user data, including funding sources and usernames.
2. Permissions Issue: Banteg highlighted that 101,183 users had given friend.tech access to post as them, indicating a potential privacy concern.
3. API Leak: Spot On chain analysts discovered that friend.tech’s API exposed users’ wallet information, allowing anyone to view wallets created by users.
4. friend.tech Platform: Operating on Coinbase-incubated Layer 2 chain Base, friend.tech allows trading “shares” in Twitter accounts, granting shareholders access to private chat rooms.
5. Growing Popularity: With recent high-profile signups, friend.tech has generated over $1.42 million in protocol fees in the last 24 hours, making it one of the top three crypto projects in terms of user-paid fees.
Hot Take:
The security breach and privacy concerns surrounding friend.tech’s leaked database highlight the importance of caution when granting permissions to third-party applications. It serves as a reminder for crypto users to thoroughly understand the access they provide and the potential risks involved.
By
By
By
By
