Site icon Check Point Blog

Check Point Research Uncovers Critical Vulnerabilities in Friend.tech WEB3 Platform

Highlights:

Friend.tech: Much more than another Social Media platform

Friend.tech represents more than a typical social media platform. It is one of the latest web3 platforms, which rely on blockchain and decentralized financial models. It operates as a decentralized ecosystem where a user’s popularity transcends mere likes and retweets – it’s transformed into tokens. Imagine it as a personality stock exchange, where value fluctuates in response to supply and demand dynamics. After connecting friend.tech’s user account with the corresponding X (formerly Twitter) account, the platform enables users to engage in the trading of popularity by purchasing and selling their “shares.”

Launched August 2023, the platform burst on the scene driving excitement from the web3 community and reporters. Within a relatively brief timespan, Friend.tech recorded an outstanding volume of 38,884 ETH, roughly amounting to $64.6 million, all distributed over 1.5 million transactions. Such performance didn’t merely garner attention; it solidified Friend.tech’s position, ranking it second in global on-chain protocol activity:

Holding shares goes beyond a financial endeavor – it’s a pathway to exclusive content and access. When you invest in shares of, let’s say, a Twitter influencer, you gain access to their unique content, a dedicated chatroom, and a direct messaging channel. In essence, it creates a tiered, token-driven system for fan interaction.

What truly enhances the value of these shares is the direct and unfiltered access they grant to the user. For Twitter personalities, the more esteemed you become, the more shareholders you draw in. This, in turn, amplifies the value of your social token.

However, as with all new things, there could be hidden flaws. While Friend.tech offers a unique way to profit from social interactions, one has to wonder: can it really keep our data safe? More importantly, can it ensure our chats remain private and out of reach from unwanted viewers? With the rise of decentralized social platforms, these concerns are crucial, reminding us that security matters in our digital world.

What did CPR find?

Our findings identified critical vulnerabilities that, if exploited, could give an attacker the ability to:

Responsible disclosure and collaboration with Friend.tech

On September 5th, 2023, CPR shared its discoveries with the Friend.tech team, aiming to enhance the safety and security of the platform’s users’ experience. CPR recommends all users remain vigilant and keep best security practices top of mind.

 

Exit mobile version