Banteg, an active member of the Yearn Finance community, has found a leaked database containing important personal data of friend.tech users on GitHub. The leak includes wallet addresses, Twitter IDs/avatars of more than 101,000 users. After publishing the CSV file, Banteg warned: “101,183 people has given friend tech access to posting as them, leaked db indicates.”
The data leak vulnerability in friend.tech’s API was first discovered by Spot On Chain. This security flaw enabled individuals to view the wallets created by users via the API. As a result, there has been a surge of advice urging users to revoke friend.tech’s access to their Twitter accounts.
In response, friend.tech clarified that the information came from scraping its public API and this is not a leak.
“This is just someone scraping our public API that shows the association between public wallet addresses and public Twitter usernames. It’s like saying someone hacked you by looking at your public Twitter feed.”
Launched in less than two weeks, friend.tech is a new hype in the crypto community. friend.tech allows users to tokenize their friends. Each user who signs up on friend.tech would have to link their account to Twitter. Their Twitter account is then represented by social tokens on friend.tech, which other users can buy shares of in ETH.
To invest in someone’s shares, you can simply choose the person you’re interested in and buy a specific number of shares at a given price per share. These shares represent your stake in that person’s popularity and interactions on the platform. The more popular the account, the more people want to own shares, which means these shares will increase sharply in price. Friend.tech charges a 5% fee on transactions, with the spread from trades representing the owner’s profit.
Friend.tech generated over $1 million in protocol fees on August 20, surpassing Uniswap and the Bitcoin network. Friend.tech, however, is a fledgling project, security risks are inevitable, so users should be careful before making any investment decision.
In the latest update, friend.tech also announced to rename “shares” to “keys”, which better illustrates their purpose as in-app items used to unlock your friends’ chatrooms. However, many people guessed that the social network is forced to make the above change to avoid the risk of “Shares” being called securities and getting into legal trouble.