Crypto currency investors have been promoting the friend.tech platform on social media for the past few days. Today, it was revealed that the platform has been hacked. The crypto platform, which was exploited through API, could not prevent the leakage of data of 101 thousand users. The data was published on GitHub.
Banteg, who contributed to Yearn Finance, published a leaked database containing critical user data on the friend.tech platform as a GitHub repository. This database includes the Ethereum addresses of more than 101,000 users and their corresponding Twitter usernames.
Banteg’s actions went beyond the data pool. Banteg also emphasized a problematic situation regarding the permissions of friend.tech, claiming that these users gave permission to friend.tech to share posts on their behalf.
“The leaked db (database) shows that 101,183 people have given access to post on friend.tech as themselves.”
This statement came after the publication of a CSV file containing detailed user data, including funding sources and usernames. The information was disclosed after on-chain analysts claimed to have discovered that friend.tech’s API had leaked information.
Applications that you authorize through your Twitter account can perform various actions on your behalf, including sharing posts and DMs. If you do not restrict permissions or control the permissions you have granted, it can have serious consequences.
Users can review the applications they have granted access to their Twitter (X) accounts and the scope of those permissions in the Settings/Applications section.