The decentralized finance (DeFi) landscape is no stranger to security breaches, with recent headlines highlighting the vulnerability of various platforms. However, a DeFi analyst is sounding the alarm, suggesting that a potential hack on Friend.tech, a decentralized social media network on Base, a layer-2 platform backed by Coinbase, could be even more devastating than the recent Balancer breach, where over $238,000 worth of assets were reportedly stolen.
The analyst’s assessment stems from the belief that Friend.tech faces many vulnerabilities, making it particularly susceptible to malicious attacks. Firstly, any exploit initiated from the platform’s front end could result in Friend.tech users losing funds merely by “opening the app.” This alarming scenario means users wouldn’t need additional actions to fall victim to an attack.
Secondly, the analyst highlights the risk associated with the compromise of Friend.tech’s direct iframe. This development element allows users to embed links from various sources, including social media or search engines. While direct iframes offer flexibility, they also introduce significant security risks by permitting potentially corrupted HTML code insertion.
Thirdly, the analyst draws attention to the potential consequences of a breach in Friend.tech’s privy iframe. This component holds the private keys, facilitating user connections with non-custodial wallets like MetaMask. Privy iframes are integral to DeFi, serving as the foundational infrastructure for decentralized exchanges (DEXs) and non-fungible token (NFT) marketplaces on public networks like Ethereum or the BNB Chain.
One key feature of privy iframes is their non-custodial nature, giving end-users control over their private keys while maintaining strict isolation to prevent unauthorized access. If compromised, the privy iframe could lead to the loss of funds, as it holds 2/3 shards, akin to losing private keys.
Comparatively, the Balancer breach, which occurred on September 19, saw the front-end of the DeFi protocol exploited. Peckshield, a blockchain security platform, estimated a theft of at least $238,000 in assets before Balancer warned against interacting with the platform. Some users reported being asked to change chains and approve potentially malicious contracts when interacting with the protocol.
According to DeFiLlama, a DeFi protocol analysis portal, over $7 billion in assets have been lost through various hacks. Notable breaches include the $2.7 million stolen in the Remitano breach and the staggering $61 million loss in the Curve exploit.
As the DeFi space continues to evolve, the security of these platforms remains a pressing concern. The vulnerabilities highlighted by the DeFi analyst underscore the importance of rigorous security measures and continuous vigilance in the rapidly expanding world of decentralized finance. Users and investors must exercise caution and due diligence to mitigate potential risks associated with these platforms.