LUCKNOW (CoinChapter.com) — Banteg, an anonymous core contributor to Yearn Finance, has unveiled a “leaked” repository on GitHub containing the sensitive data of friend.tech users.
This data breach includes wallet addresses on Base and corresponding Twitter usernames of more than 101,000 users.
friend.tech at Fault?
Banteg’s move to publish the repository came with a stark warning:
The repository contained a CSV file with intricate user data containing funding sources and usernames. Moreover, Banteg brought attention to an unsettling situation regarding the permissions granted by these users to friend.tech.
The revelation of the compromised information stems from the findings of Spot On chain analysts. They assert that friend.tech’s API leaked crucial data, allowing unauthorized access to users’ wallet addresses and other sensitive details.
This alarming vulnerability even enables viewing wallets users create through the exposed API.
Operating as a web3 social application on the Layer 2 chain Base, friend.tech provides a platform for trading “shares” in Twitter accounts. This feature allows shareholders exclusive entry into private chat rooms. However, the recent data breach and privacy concerns overshadow the platform’s security measures and user protection protocols.
Rapid Growth and Staggering Protocol Fees
Despite the security challenges, friend.tech has witnessed a surge in popularity due to its recent high-profile signups.