Privacy Breach at Friend.tech: Wallet Addresses and Usernames of 101,000 Users Exposed
Friend.tech has suffered from a major privacy breach that has led to the unauthorized disclosure of sensitive information pertaining to more than 101,000 individuals.
Banteg, a core contributor to popular DeFi project Yearn Finance, has published a repository of publicly available scraped data on GitHub, revealing critical details of over 101,000 users on the Friend.tech platform.
The exposed information includes wallet addresses on Base and corresponding Twitter usernames.
“101,183 people have given friend.tech access to post as them, leaked db (database) indicates,” Banteg said in a Monday tweet.
However, the privacy breach doesn't stop there. Banteg also highlighted a concerning situation regarding Friend.tech's permissions.
It appears that these users may have granted Friend.tech the ability to post on their behalf, possibly without fully comprehending the extent of the permissions granted or giving their explicit consent.
The breach came to light when Spot On Chain analysts discovered that Friend.tech's API had inadvertently "leaked" information.
They revealed that through the API, it was possible to view wallets created by users, with associated Twitter usernames.
Launched as a beta version on August 11, Friend.tech allows users to tokenize their social networks by purchasing and selling "shares" of their connections.
Friend.tech applies a 5% fee on transactions, with the owner profiting from the trade spread. The project is built on Coinbase's layer-2 network Base.
Friend.tech Says the Information Was Already Public
Friend.tech responded to the incident by trying to downplay the severity of the breach.
They claimed that the information was publicly available through their API, implying that scraping it is similar to looking at someone's public Twitter feed.
"This is just someone scraping our public API that shows the association between public wallet addresses and public Twitter usernames," they said in a recent tweet.
The privacy concerns surrounding Friend.tech comes as the platform has gained significant traction recently, attracting high-profile signups and accumulating protocol fees exceeding $1.42 million in the last 24 hours.
The driving force behind this project is believed to be a developer operating under the pseudonym Racer.
Racer has previously designed social media networks such as TweetDAO and Stealcam, both of which were based on non-fungible tokens (NFTs).
With Friend.tech, Racer aims to attract crypto influencers with substantial fan bases, providing them the opportunity to earn royalties from trading fees.
Additionally, the platform is also seeking to strengthen relationships between Web3 projects, venture capitalists, and important figures in the crypto industry.