Friend.tech has been pronounced one of the biggest crypto sensations of 2023 a number of times. Indeed, the August launch of the Web3 social networking platform on the Ethereum Layer 2 Base incubated by Coinbase drew over 312,000 members and brought in more than $18 million in revenue.
Despite its quick success, there are several concerns about the model of the platform. Since some users have reported having their accounts hacked and their funds stolen, Friend.tech’s security strategy has recently come under fire.
On Tuesday, October 3, SlowMist’s founder “Evilcos” alerted followers about an increase in reports of Friend.tech account breaches. The majority of these incidents seem to be SIM swap vulnerabilities, with at least two users reporting a combined loss of 42 ETH (about $70k at the time of writing).
Users that created Friend.tech accounts using their email addresses do not appear to be safe either; there has been at least one reported incident in which a user claims to have been taken advantage of for 6.5 ETH (equal to about $10.3k).
As expected, the growing number of hacker reports has sparked criticism. Evilcos pointed out Friend.tech’s failure to implement basic security measures that could have thwarted hacks like the SIM swap attack. He characterized the platform as centralized, with a constant risk of data leaks.
The founder of SlowMist remarked: “There’s not even a 2FA,” underscoring how appealing these vulnerabilities are to criminals.
Users need two verification credentials for account access when using two-factor authentication, often called two-step verification. These credentials usually involve a password and a randomly generated temporary security token.
2FA earns praise for its capacity to counter SIM swap fraud due to the heightened security it offers compared to single authentication methods. Evilcos noted that Friend.tech lacks this crucial feature.
Friend.tech’s privacy strategy, which allows linking accounts to users’ real-world identities, worsens the platform’s security issues, as a data leak revealed in August 2023.
The social media network, which enables users to trade “Keys” linked to Twitter accounts, has also come under scrutiny for its income strategy, which seems to favour and encourage bots rather than actual users. This is in addition to newly discovered security problems.
Wu Blockchain recently pointed out that a significant amount of Friend.tech’s earnings had come from bots. The data specifically reveals that 450 bots generated $5.9 million, or 34% of the platform’s overall revenue.
Friend.tech’s DeFi protocol has drawn a lot of interest since its introduction in the middle of August. According to the most recent report, the decentralised social networking site generated over 10,000 ETH in revenue.
Another notable achievement includes the substantial increase in total value locked (TVL) within the Friend.tech DeFi protocol, which has now exceeded 30,000 ETH, reaching a total of 30,165 ETH. This amply reflects the participants in the protocol’s developing commitment and trust.
Friend.tech’s sniper bots, with over 450 in operation and a collective profit exceeding $5.9 million, now constitute a remarkable 34% of the creator’s total earnings. This underscores the effectiveness of Friend Tech’s algorithms and the potential of automated trading tools in the DeFi sector.