A recent analysis by a core developer behind DeFiLlama suggests that a hack on Friend.tech, a decentralized social media network on Base, a layer-2 platform backed by Coinbase, could be more devastating than the recent breach on Balancer.
The analyst identified three ways in which Friend.tech users could lose funds if the platform is hacked:
- Direct iframe compromise: If Friend.tech’s direct iframe is compromised, a hacker could gain unauthorized access to the user’s funds. The direct iframe allows users to embed links, which can be from social media or even Google. This makes it easy for hackers to inject malicious code into the platform.
- Privy iframe compromise: Friend.tech’s privy iframe holds the private keys, allowing users to easily connect the dapp with their non-custodial wallets such as MetaMask. A hack on the privy iframe could lead to loss of funds, as the user would lose control of their private keys.
- Privy iframe data loss: If Friend.tech’s privy iframe loses data, funds wouldn’t be accessible since they hold 2/3 shards, essentially equating to losing private keys.
The analyst’s assessment is particularly concerning given the recent hack on Balancer, a DeFi protocol that allows users to create and manage custom liquidity pools. In that hack, at least $238,000 of assets were stolen by hackers who exploited the protocol’s front-end.
The Friend.tech hack could be even more devastating than the Balancer hack because it could involve the loss of not only funds, but also private keys. This would make it impossible for users to recover their assets, even if the platform is fixed.
Friend.tech users are advised to take precautions to protect their funds, such as using strong passwords and enabling two-factor authentication. They should also avoid interacting with the platform until the security vulnerabilities have been addressed.