The team behind the viral decentralized social media platform friend.tech has refuted a report which claimed that the personal information of more than 100,000 of its users was “leaked.”
The now-amended report, first posted by The Block, suggested that data posted by Banteg, a pseudonymous developer for Yearn Finance, was “leaked” information.
The friend.tech team however clarified that the information came from scraping its public API.
“It’s like saying someone hacked you by looking at your public Twitter feed,” the official friend.tech account argued.
This is just someone scraping our public API that shows the association between public wallet addresses and public Twitter usernames.
It’s like saying someone hacked you by looking at your public Twitter feed.
— friend.tech (@friendtech) August 21, 2023
The post also received input from X’s (formerly known as Twitter) Community Notes contributors.
“The underlying data is public and anybody can work it out reading a block explorer: if you buy a share, 5% goes to the creator’s wallet and he will have needed to fund his wallet. The database only scraps that public info,” read the community note.
Banteg originally published a repository of the publicly-available scraped data, containing details of users on the friend.tech platform on GitHub.
101,183 people has given friend tech access to posting as them, leaked db indicateshttps://t.co/yYYDqzUoON
— banteg (@bantg) August 21, 2023
This data included wallet addresses on Base, linked to the corresponding Twitter usernames for more than 101,000 users.
“101,183 people have given friend.tech access to post as them, leaked db (database) indicates,” Banteg wrote.
Banteg also gave criticism to the inaccurate interpretation of their initial post.
Meanwhile, X users also joined in to poke fun at the situation, with one user Satsdart posting a link to the Ethereum block explorer, humorously claiming that he had discovered “a leaked database showing ALL transactions on eth.”
i just found a leaked database showing ALL transactions on eth look guys https://t.co/4rrC6sBYJM
— satsdart (@satsdart) August 21, 2023
Notably, Banteg’s release of the data followed a post from blockchain analytics service Spot On Chain which found that friend.tech’s API revealed specific sets of information not immediately available to everyday users of the app.
2. The API of @friendtech also leaks the information
You can check the wallet generated by FriendTech by this API:https://t.co/uqb7V0FxLi
Just replace “0x317931c6b64f6058f688c7d62e84e1491a319dff” with the address you see on the contract. pic.twitter.com/mGrRax4Jd6
— Spot On Chain (@spotonchain) August 21, 2023
The most prominent example was that wallets created by certain users can be viewed through the API.
When asked how this information could be used, Spot On Chain said it could be used to game the system by allowing bots to near-immediately purchase shares of big accounts as soon as they signed up to friend.tech.
“A lot of bots have already taken advantage of this, it monitors the contract, finds the big KOL, and buys shares before others,” wrote Spot On Chain.