- Several Friend.tech users have reported that their accounts have been hacked.
- The Web3 social media platform’s security model has come under scrutiny amid the reports.
- The recent scrutiny adds to concerns over its privacy and revenue model.
Friend.tech easily ranks among the breakout crypto sensations of 2023. Launched on the Coinbase incubated Ethereum Layer 2 Base in August, the Web3 social media platform has attracted over 312,000 users and generated over $18 million in revenue.
Despite its rapid success, however, several aspects of the platform’s model raise red flags. In the latest instance, Friend.tech’s security model has come under scrutiny as several users have reported that their accounts have been hacked and drained.
In a tweet on Tuesday, October 3, SlowMist founder “Evilcos” brought attention to growing reports of Friend.tech account hacks, most of which appear to be SIM swap exploits, with at least two users reporting a combined loss of about 42 ETH (worth approximately $70k at the time of writing).
Meanwhile, users who registered their Friend.tech accounts using email do not appear safe either, with at least one reported incident where a user claims to have been exploited for 6.5 ETH (worth approximately $10.3k).
The growing reports of hacks have unsurprisingly attracted criticism. Evilcos, who described Friend.tech as a centralized platform that always ran the risk of data leaks, bashed the platform for failing to implement basic security controls that could have mitigated hacks like the SIM swap exploit.
"There's not even a 2FA," the SlowMist founder noted, highlighting that these vulnerabilities are a big attraction for bad actors.
Two-factor authentication, also called two-step verification, is a security model that requires users to provide two verification credentials to gain access to an account. These credentials typically include a password and a randomly generated and time-limited security token. 2FA offers better security than a single authentication model and has been touted as a way to prevent SIM swap scams. However, as highlighted by Evilcos, Friend.tech lacks this feature.
Friend.tech’s security flaws are compounded by its privacy model, which makes it easy for accounts to be linked to the real-world identity of users, as highlighted by a data leak in August 2023.
Aside from emerging security flaws, the social media platform, which allows users to trade “Keys” associated with Twitter accounts, has also been scrutinized for its revenue model, which appears to benefit and encourage bots instead of real users.
As recently highlighted by Wu Blockchain, bots have earned a sizable portion of Friend.tech’s revenue. Specifically, the data shows that 450 bots raked in $5.9 million, representing 34% of the platform’s total revenue.
Nonetheless, the continued criticisms and apparent flaws do not appear to be dissuading users, as one of the users who claimed to have lost 22 ETH when his account was hacked asserted that he still wanted to use the app.
"Also I want to say, I still like FriendTech. I still want to use the app. I recognize that balancing security and a smooth UX is hard, and I don't blame the FT team for what happened to me," he tweeted.
On the Flipside
- SIM swap hacks are common on other platforms like Twitter, with Ethereum’s Vitalik Buterin briefly losing control of his account to scammers in September 2023.
- Friend.tech is still in beta mode, implying that there is still a chance for improvement.
Why This Matters
Friend.tech has enjoyed rapid success since its launch. However, growing concerns highlight the risks of failing to prioritize security and privacy.
Read this to learn more about Friend.tech’s recent resurgence:
Friend.tech’s Revenue Skyrockets Against Rising Criticism
Learn more about Coinbase’s Base TVL slump:
Coinbase’s Base TVL Slumps Despite Friend.tech Strides