Friend.Tech, Post.Tech and Others: Community Spots Huge Security Flaw
SocialFi apps such as Friend.Tech may expose users to hacks, says a crypto analyst | Credit: Shutterstock
Key Takeaways
- Crypto analyst warns SocialFi apps store wallet keys on the frontend.
- If SocialFI iframes are hacked, users may lose their funds.
- Friend.Tech and Post.Tech thrive despite security threats.
Friend.Tech and Post.Tech serve as innovative bridges connecting decentralized blockchain technology with mainstream social networks. These Social Finance (SocialFi) platforms seamlessly blend finance with social interaction, sparking lively discussions among blockchain enthusiasts.
SocialFi
Friend.Tech is recognized as the first-ever viral social Decentralized Application (dApp) on the Base network. It provides users with a decentralized environment to interact with their communities, free from centralized control. Just like any other social network, Friend.Tech allows its users to connect with peers, browse/create content, and create exclusive chat rooms.
Its main competitor, Post.Tech, is based on the Arbitrum blockchain. The platform allows its users to sell posts, buy profiles, and earn $ETH. On top of that, users on Post.Tech can gain income by creating content, completing tasks, trading shares, and regularly engaging with community members.
Both platforms have garnered an immense following and a skyrocketing rate of success. According to data from Dune, Post.Tech usage peaked at over 20K in less than a month, all while trading activity on the platform has crossed the $4 million mark.
In the meantime, Friend.Tech recorded $20 million in transaction volume daily, according to a Dune dashboard .
Security Threat
A developer named 0xngmi, working for crypto analytics firm DefiLlama, reports a serious threat posed by these SocialFi apps.
According to 0xngmi, “All the friend-tech clones (including the original friend tech!) store your key in frontend.” Hence, “it’s possible to steal your key or all funds with a frontend update.”
In response, a web3 privacy infrastructure called Sebastian posted a bounty for reverse engineering the API docs of the Friend Tech registration step, enabling users to register with encrypted wallets.
