Bitget App
Trade smarter
Buy cryptoMarketsTradeFuturesCopyBotsEarn
Friend.tech Security Model Under Fire as Users Report Hacks

Friend.tech Security Model Under Fire as Users Report Hacks

DailyCoinDailyCoin2023/12/09 13:21
By:DailyCoin
  • Several Friend.tech users have reported that their accounts have been hacked.
  • The Web3 social media platform’s security model has come under scrutiny amid the reports.
  • The recent scrutiny adds to concerns over its privacy and revenue model.

Friend.tech easily ranks among the breakout crypto sensations of 2023. Launched on the Coinbase incubated Ethereum Layer 2 Base in August, the Web3 social media platform has attracted over 312,000 users and generated over $18 million in revenue .

Despite its rapid success, however, several aspects of the platform’s model raise red flags. In the latest instance, Friend.tech’s security model has come under scrutiny as several users have reported that their accounts have been hacked and drained.

No 2FA

In a tweet on Tuesday, October 3, SlowMist founder “Evilcos” brought attention to growing reports of Friend.tech account hacks , most of which appear to be SIM swap exploits, with at least two users reporting a combined loss of about 42 ETH (worth approximately $70k at the time of writing).

这几天陆续有用户出现 ft( https://t.co/xvDZPEKscJ ) 账号被黑资产被盗情况,之前说过 ft 是中心化的,而且有信息泄露风险(这个风险一直存在)。你的 ft 账号要么是手机号注册,要么是 Gmail 邮箱或 Apple 账号,连个 2FA 都没,作恶者们当然紧盯着这些玩烂的攻击方式。 https://t.co/Pxzfefw0ZA

— Cos(余弦)😶‍🌫️ (@evilcos) October 3, 2023

Meanwhile, users who registered their Friend.tech accounts using email do not appear safe either, with at least one reported incident where a user claims to have been exploited for 6.5 ETH (worth approximately $10.3k).

The growing reports of hacks have unsurprisingly attracted criticism. Evilcos, who described Friend.tech as a centralized platform that always ran the risk of data leaks, bashed the platform for failing to implement basic security controls that could have mitigated hacks like the SIM swap exploit.

"There's not even a 2FA," the SlowMist founder noted, highlighting that these vulnerabilities are a big attraction for bad actors.

Two-factor authentication, also called two-step verification, is a security model that requires users to provide two verification credentials to gain access to an account. These credentials typically include a password and a randomly generated and time-limited security token . 2FA offers better security than a single authentication model and has been touted as a way to prevent SIM swap scams. However, as highlighted by Evilcos, Friend.tech lacks this feature.

Friend.tech’s security flaws are compounded by its privacy model, which makes it easy for accounts to be linked to the real-world identity of users, as highlighted by a data leak in August 2023.

Aside from emerging security flaws, the social media platform, which allows users to trade “Keys” associated with Twitter accounts, has also been scrutinized for its revenue model, which appears to benefit and encourage bots instead of real users.

Bots Dominate

As recently highlighted by Wu Blockchain, bots have earned a sizable portion of Friend.tech’s revenue. Specifically, the data shows that 450 bots raked in $5.9 million, representing 34% of the platform’s total revenue.

Firend tech protocol revenue has exceeded 10,000 ETH, reaching 10,644.8 ETH; at the same time, friend tech TVL has exceeded 30,000 ETH, reaching 30,165 ETH. More than 450 friend tech sniper bots have earned over $5.9 million, accounting for 34% of creators’ revenue.…

— Wu Blockchain (@WuBlockchain) October 2, 2023

Nonetheless, the continued criticisms and apparent flaws do not appear to be dissuading users, as one of the users who claimed to have lost 22 ETH when his account was hacked asserted that he still wanted to use the app.

"Also I want to say, I still like FriendTech. I still want to use the app. I recognize that balancing security and a smooth UX is hard, and I don't blame the FT team for what happened to me," he tweeted .

On the Flipside

  • SIM swap hacks are common on other platforms like Twitter, with Ethereum’s Vitalik Buterin briefly losing control of his account to scammers in September 2023.
  • Friend.tech is still in beta mode, implying that there is still a chance for improvement.

Why This Matters

Friend.tech has enjoyed rapid success since its launch. However, growing concerns highlight the risks of failing to prioritize security and privacy.

Read this to learn more about Friend.tech’s recent resurgence:
Friend.tech’s Revenue Skyrockets Against Rising Criticism

Learn more about Coinbase’s Base TVL slump:
Coinbase’s Base TVL Slumps Despite Friend.tech Strides

0

Disclaimer: The content of this article solely reflects the author's opinion and does not represent the platform in any capacity. This article is not intended to serve as a reference for making investment decisions.

PoolX: Locked for new tokens.
APR up to 10%. Always on, always get airdrop.
Lock now!

You may also like

BTC breaks through $95,500

Cointime2024/11/27 16:33

BTC breaks through $95,000

Cointime2024/11/27 16:33