Tag: friend.tech

Friend.tech Faces Data Leak and Security Concerns

The Friend.tech project, which has recently garnered significant attention in the crypto community due to its rapid financial growth, is now facing scrutiny over data leak and security concerns. A tweet from Cos raised alarms by suggesting that over 100,000 Twitter accounts corresponding to certain wallet addresses have been compromised. This breach poses a significant privacy threat, as these addresses could potentially be linked to unveil more private information about users.

Further adding to the security concerns, Spot On Chain highlighted potential vulnerabilities with the Friend.tech platform. Despite generating an impressive 2,953 ETH (approximately $5M) in fees within just 11 days and the current value of all shares standing at 4,435 ETH (around $7.4M), the project has issues such as potential “data leaks via API” and the unsettling ability for users to “buy/sell shares without an invitation code from the contract.”

Amid these concerns, the platform has also seen an influx of bot activity. DeFiyst pointed out the ongoing Miner Extractable Value (MEV) war on Friend.tech’s Base, with bots improving exponentially since the open-sourcing of the first snipers last week.

Since its launch, Friend.tech has become a buzzword in the crypto community. High-profile figures, such as Garry Tan, President & CEO of Y Combinator, have announced their association with Friend.tech. However, in light of emerging security and data leak concerns, potential investors and users are advised to exercise caution and conduct thorough research before engaging with the project.

Friend.Tech Boosts Security with CoolWallet on Base Chain

Friend.tech, a decentralized social media platform operating on Base’s Ethereum layer-2 chain, has been a significant contributor to Base’s recent growth. Base is a secure, low-cost, builder-friendly Ethereum layer-2 chain designed by Coinbase to bring the next billion users on chain. It has become a favorite for DApp developers and early investors due to its outstanding performance and the innovative projects it attracts.

According to the latest data, the platform has surpassed one million daily active users and has a total value locked (TVL) exceeding $35 million. The platform allows users to buy “shares” of other users to chat with them, emphasizing the concept that “Your network is your net worth.”

However, this rapid growth has also attracted cybersecurity threats, notably phishing attacks. These social engineering tactics have been a significant concern in the Web3 sector, with losses already amounting to $650 million as of June 2023. High-profile individuals like Mark Cuban and Vitalik Buterin have also fallen victim to such attacks. To mitigate these risks, Friend.tech strongly recommends its users to employ hardware wallets for enhanced asset security.

In response to these security challenges, CoolWallet, a hardware wallet maker that natively supports the Base ecosystem, has initiated a Web3 Guardian competition. This campaign aims to raise awareness about its Web3 SmartScan feature, which proactively screens all Web3 transactions and flags any malicious behavior or smart contract vulnerabilities. The SmartScan feature is available on the CoolWallet App and offers an added layer of protection against phishing attempts.

To further promote Web3 asset protection, CoolWallet is launching a global competition with generous rewards for participating users. The competition aims to enhance user security awareness and encourage the use of SmartScan for safer transactions. This move is particularly timely, given the increasing number of phishing attacks targeting not just individual users but also high-profile personalities in the crypto space.

The Web3 Guardian competition is expected to draw significant attention, especially among Friend.tech users who are already concerned about asset security. The competition will not only offer rewards but also educate users on the importance of transaction screening, a feature that is often overlooked but crucial in the current landscape of frequent cyber attacks.

SlowMist Report: 10 Crypto Incidents Unveiled

The blockchain and cryptocurrency domain continues to battle against a variety of security threats, as elucidated in the SlowMist Weekly Security Report for the period October 1 – October 7, 2023. The report sheds light on ten distinct security incidents impacting entities across the spectrum, from individual token ventures to large-scale platforms, underlining the financial toll exerted by these attacks.

Statistical Overview

Total Security Incidents: 10

Noteworthy Trend: A surge in DNS Hijacking Attacks and Discord compromises.

Severe Impact: Stars Arena bearing the brunt with a loss approximating $3,000,000.

Incident Breakdown

1. Galxe (2023-10-06): A case of unauthorized access via DNS hijacking led to the misappropriation of visitors’ funds, affecting 1,120 users, with a financial fallout of around $270,000.

2. MCT (2023-10-06): DNS domain hijacking unfolded, enabling the potential upload of private keys to a fraudulent domain. Though the loss remains undisclosed, precautionary actions were advised.

3. Fake CommEx token (2023-10-06): An orchestrated liquidity withdrawal in a rug pull scenario saw the deployer walking away with approximately $154,000.

4. Friend.tech (2023-10-05): Four users were subjected to SIM card swap attacks, resulting in a collective loss nearing $385,000.

5. Stars Arena (2023-10-05): A glaring security breach within the platform’s smart contract framework led to a heist of about $3,000,000.

6. DePay (2023-10-05): The platform endured a flash loan attack, albeit with a relatively minor loss of $827.

7. Metropolis World (2023-10-05): The compromise of the platform’s Discord server was reported, though the loss hasn’t been quantified.

8. GEMIE (2023-10-02): A hack on the Discord server led to the distribution of phishing links. The users were cautioned against interaction, with the loss yet to be specified.

9. VendX (2023-10-02): Similar to Metropolis World and GEMIE, VendX’s Discord server fell prey to compromising activities.

10. Fake EigenLayer Token (2023-10-01): An exit scam on a counterfeit token resulted in a windfall for the deployer, with losses accumulating to around $300,000.

Recommendations

In light of the persistent menace of social engineering and phishing forays, coupled with smart contract vulnerabilities, the crypto community is urged to exercise vigilance. The diverse nature of the attacks spotlighted this week emphasizes the indispensability of robust, multi-faceted security strategies. While certain entities suffered crushing financial setbacks, others showcased prompt response mechanisms to curb potential damages. The report accentuates that regular testing and updates, alongside cautious interaction with digital platforms, are cardinal in diluting security risks.

Friend.tech Users Lose $385K in Ether to SIM-Swap Scammer

On October 5, 2023, a blockchain investigator by the name of ZachXBT stated that a single scammer had stolen 234 ETH, which is roughly comparable to $385,000, from four customers of Friend.tech over the course of a single day. A SIM-swap assault was carried out by the con artist in order to acquire unauthorised access to the accounts of the victims. It was determined that the same hacker who had drained the accounts of the four victims was responsible for the theft of the assets.

One of the victims, who goes by the Twitter handle “KingMgugga,” reported the incident while it was happening in real time, saying that they were “getting f—ing sim swapped watching it happen.” Another user who goes by the name “holycryptoroni” stated that they had a similar experience by adding, “I got swapped sorry.” In the early part of this week, four more customers of Friend.tech reported losing a combined total of around 109 ETH as a result of SIM-swap or phishing attempts.

It has been brought to people’s attention that the website Friend.tech, which is a platform that enables users to buy “keys” for access to private chat rooms, does not have very solid security measures. A company that specialises in ecosystem tools called Manifold Trading projected that twenty million dollars out of Friend.tech’s total worth of fifty million dollars locked might be at danger. The company strongly suggested that Friend.tech use two-factor authentication (2FA) in order to beef up the account’s level of protection.

The incident has also revived demands for Twitter to adopt two-factor authentication (2FA) security measures. This is particularly the case following the high-profile SIM-swap hack that occurred in September on the account of Ethereum co-founder Vitalik Buterin. Users are encouraged to delete their phone numbers from their social media profiles by “0xfoobar,” who is the founder and CEO of wallet security company Delegate. This is done in order to reduce potential hazards.

The Friend.tech incident comes amid growing concerns about the vulnerability of two-factor authentication (2FA) systems to SIM-swap attacks. On April 27, 2023, a report by Blockchain.News highlighted that a recent update to Google’s Authenticator app, which stores one-time codes in cloud storage, has raised security questions. The update makes users susceptible to SIM-swap attacks, where scammers can trick telecom operators into associating a victim’s phone number with their own SIM card. If a hacker gains access to the user’s Google password, they could compromise all authenticator-linked applications.

Stars Arena Recovers Majority of Stolen Crypto

Web3-based social media platform, Stars Arena, has made a significant recovery of the crypto assets lost during a security breach on October 7, 2023. As per the update shared on October 11, 2023, via a tweet, the platform successfully reclaimed approximately 90% of the stolen funds. The total amount stolen was 266,104 Avalanche (AVAX) tokens, which, at the time, had a market value of around $3 million, as reported by Blockchain.News. The recovery came after the platform reached a settlement with the individual responsible for the exploit. The compromised funds were returned, excluding a 10% bounty fee given to the exploiter, which amounted to 26,610 AVAX, plus an additional 1,000 AVAX that was apparently lost in a bridge during the exploit, totaling a 27,610 AVAX bounty.

Stars Arena received back a sum of 239,493 AVAX, processed in two separate transactions, each comprising 119,246 AVAX. The bounty, valued at nearly $257,000 at the time, served as a compensatory measure for the individual responsible for the exploit.

Following the recovery, Stars Arena has taken strides to bolster its security framework to prevent similar incidents in the future. The platform disclosed that it has developed a new smart contract to secure the returned funds before re-launching. As a part of the ongoing effort to enhance security, the platform is in the final stages of conducting an audit on the new contract. Initially, on October 7, the platform had notified its community about the significant security breach caused due to a flaw in the smart contract that led to the draining of funds.

In a follow-up update, Stars Arena revealed that it has secured additional funding to address the security lapse and has engaged a development team to conduct a comprehensive security audit. However, details regarding the nature of the exploit have yet to be disclosed.

This wasn’t the first security issue faced by Stars Arena. Merely two days before the major exploit, on October 5, a smaller security breach occurred, though the hackers could only manage to steal around $2,000 worth of assets. The root cause was identified as a vulnerable price function in the platform’s smart contract, which allowed the exploiter to sell user shares at no cost and receive AVAX in return. The vulnerability was later patched by the platform.

The security challenges aren’t unique to Stars Arena as its main competitor, Friend.tech, has also witnessed targeted SIM-swap attacks. In response, Friend.tech has recently enhanced its security features to thwart such attempts.

Exit mobile version