- MEV Bots Loot $2 Million from Friend.tech Accounts - September 16, 2023
- Bot Stops the Hacker From Stealing 2,800 ETH ($5.5) from Curve Finance Exploit - September 14, 2023
- BNB Chain: $53M Triumph - September 12, 2023
A massive cyber-attack hit Friend.tech, a burgeoning social application rooted in the Base blockchain. According to reports on Twitter, approximately 113 MEV bots managed to pilfer over 20,000 keys directly from Friend.tech accounts, accumulating an illicit profit close to $2 million. The bot tagged as 0xCC…Cc85 emerged as the most lucrative offender, netting about $580,000 from just 96 keys.
The scale of the bot assault peaked on August 21, registering a staggering 216,000 successful transactions juxtaposed against 308,000 unsuccessful ones. This tumultuous bot activity threw a spanner in the works for Base’s network, jamming several transactions in the process.
Operational on the Base blockchain, Friend.tech provides a platform for users to synergize their Twitter profiles with a tailor-made wallet address. These keys, at their core, are tantamount to a tokenized version of a Twitter persona.
The intrigue surrounding Friend.tech is palpable, as evidenced by its meteoric rise. In the first 24 hours since its debut, the platform accrued a whopping $1.12 million solely in commissions. As of the latest update, this figure has surged past $2.8 million, outstripping even Uniswap, a titan in the decentralized exchange realm. Further burnishing its credentials, a mere week post-launch, Friend.tech notched a total value of blockchain capital (TVL) at $5.98 million, with its transactional volume hovering around 13,150 ETH (an equivalent of $13 million).
Data Breach Fallout
To compound the challenges, Friend.tech finds itself grappling with a severe data breach. A database, replete with granular details of over 100,000 Friend.tech users, made an unsanctioned appearance on GitHub. This leaked dataset incorporates wallet addresses tethered to the Base blockchain, corresponding Twitter handles, and even sheds light on users’ funding avenues.
One GitHub user, delving into the data leak, points to the platform’s permissions as a plausible weak link. He conjectures that unwitting Friend.tech users might have inadvertently granted the app sweeping rights, including posting on Twitter on their behalf, possibly without a comprehensive understanding or unequivocal consent.
As the aftermath of these cyber onslaughts unfolds, it remains crucial for Friend.tech to bolster its security protocols and assuage its burgeoning user base.