Friend.tech, the trending decentralized social media platform, has recently taken steps to address concerns surrounding a purported leak of user data. The initial report by The Block described a "leak," but it turns out that the source of the information was not a breach at all.
The controversy emerged when Banteg, an anonymous developer linked to Yearn Finance, shared a compilation of data related to Friend.tech users on GitHub. The Block initially reported this as a leak. However, Friend.tech's team promptly countered this claim, explaining that the data in question was obtained from the platform's open API, akin to viewing public tweets.
Contributors from the X platform, previously known as Twitter, clarified that the data is accessible to all. They highlighted that transactions can be easily traced through a block explorer, such as when a user purchases a share and the creator's wallet receives a 5% cut. This information is public, and the database merely compiles these open details.
Banteg's GitHub repository contained an extensive array of details from Friend.tech, including wallet addresses from over 101,000 users on Base, linked to their respective Twitter usernames. Banteg suggested that these figures indicate that 101,183 users have granted Friend.tech permission to post on their behalf.
In a lighthearted twist, a user named Satsdart humorously shared a link to the Ethereum block explorer, jokingly claiming to have uncovered a database revealing all Ethereum transactions.
Separately, blockchain analytics service Spot On Chain shed light on Friend.tech's API, noting that it disclosed certain datasets that might not be directly accessible to regular app users. A notable observation was the visibility of wallets established by some users. Spot On Chain raised concerns about potential misuse, suggesting that bots could exploit this information to preemptively purchase shares of influential accounts as soon as they join Friend.tech.
The analysis indicated that several bots have already taken advantage of this vulnerability, securing shares ahead of others by acting swiftly upon influential account registrations.
Comment 0