Analyst: Friend.tech Front-End Breach Could Be More “Devastating” Than Balancer’s

2023-9-22 03:00

One of the core developers behind DeFiLlama, a portal that analyzes decentralized finance (DeFi) protocols, believes that a hack on Friend.tech, a decentralized social media network on Base, a layer-2 platform backed by Coinbase, will be more “devastating” than the recent breach on Balancer whose front-end was exploited and over $238,000 worth of assets reportedly stolen. 

In the analyst’s assessment, the social media network can be compromised in three ways, stating that any exploit initiated from the front end could see Friend.tech users lose funds simply by “opening the app,” adding that they won’t have “to do anything.”

3 Ways Friend.tech Users Can Lose Funds If Hacked

Upon analyzing Friend.tech’s security model, the analyst explained that if their direct iframe was compromised, a hacker could gain unauthorized access to the user’s funds.

In web development, the direct iframe allows users to embed links, which can be from social media or even Google. All the developer needs is to enable HTML addition before formatting using CSS.

While the direct iframe is easy to use and flexible, it also introduces security risks. This is because by allowing anyone to insert HTML code, malicious agents can choose to embed corrupted code.

Besides direct iframe, the analyst also pointed out a hack on Friend.tech’s privy iframe can lead to loss of funds. He notes that the platform’s privy iframe holds the private keys, allowing users to easily connect the dapp with their non-custodial wallets such as MetaMask.

Privy iframe is critical in DeFi, forming the critical infrastructure for decentralized exchanges (DEXs) and non-fungible token (NFT) marketplaces operating on public networks like Ethereum or the BNB Chain. 

A privy iframe allows developers to embed a Privy wallet. A Privy wallet is non-custodial, meaning the end-user has control of the necessary private keys. At the same time, they are isolated to ensure that user private keys cannot be accessed by third parties or even other code.

Moreover, the analyst notes that if Friend.tech’s privy iframe loses data, funds wouldn’t be accessible since they hold 2/3 shards, essentially equating to losing private keys.

The Balancer Hack

On September 19, the front-end of Balancer, a DeFi protocol that allows users to create and manage custom liquidity pools, was hacked. Peckshield, a blockchain security platform, estimated that at least $238,000 of assets had been stolen before Balancer asked users not to interact with the portal. When interacting with the protocol, some users noted that they were requested change chains and approve malicious contracts.

Statistics from DeFiLlama states that at least $7 billion of assets have been stolen through hacks. According to the DeFi analytics platform, besides the Balancer hack, other notable exploits resulting in significant loss include the Remitano breach where hackers stole $2.7 million, and Curve’s where over $61 million was lost.

Similar to Notcoin - Blum - Airdrops In 2024

origin »

Balancer (BAL) на Currencies.ru

$ 0 (+0.00%)
Объем 24H $0
Изменеия 24h: 0.00 %, 7d: 0.00 %
Cегодня L: $0 - H: $4.4735
Капитализация $0 Rank 99999
Доступно / Всего 0 BAL

balancer decentralized devastating tech friend front-end breach

balancer decentralized → Результатов: 52


BREAKING: Balancer V2 Pools Under Threat, LP Users In Race Against Time To Withdraw Funds

Balancer, a decentralized finance (DeFi) protocol operating on the Ethereum blockchain, has recently disclosed a critical vulnerability impacting several of their V2 Pools.   While emergency measures have been implemented successfully to safeguard a significant portion of Total Value Locked (TVL), a portion of funds remains at risk.

2023-8-23 19:58


Фото:

Balancer (BAL) Unveils MetaStable Pools, Partners with Lido (LDO) to Deepen ETH, stETH Liquidity

DeFi protocol Balancer (BAL) unveils MetaStable Pools, joins forces with Lido to deepen ether (ETH) and staked ether (stETH) liquidity. Balancer Launches MetaStable Pools Balancer, a leading decentralized finance (DeFi) platform recently announced its partnership with Ethereum staking solution Lido (LIDO) to launch MetaStable Pools with joint pool incentives.

2021-8-17 11:00


Фото:

DeFi Protocol Balancer (BAL) Unveils Capital-Efficient Stable Pools

Leading DeFi protocol Balancer (BAL) has launched capital-efficient stable pools on Balancer V2. Balancer V2 Introduces Stable Pools In a bid to stand out in the competitive decentralized finance (DeFi) landscape, Balancer today announced the launch of stable pools which makes the protocol the first AMM with at least three different type of pools –Read More

2021-7-8 18:35


Ledger Integrates DeFi Platform ParaSwap Into Ledger Live; Quickly Swap Ethereum Tokens in Wallet

Blockchain company Ledger has announced the integration of decentralized finance (DeFi) platform ParaSwap into its Ledger Live app. Paraswap Becomes First Platform To Integrate On Ledger Live ParaSwap is a decentralized exchange (DEX) aggregator that supports various DeFi protocols, including Uniswap, Sushiswap, Balancer, and Curve.

2021-6-16 18:50


Coinbase Pro to List Balancer (BAL) and Ren (REN) In A Push Towards The DeFi Ecosystem

In an announcement on October 1, Coinbase revealed two new listings – Balancer (BAL) and Ren (REN) – expected to start trading on Coinbase Pro starting October 6 officially. The latest move shows Coinbase's commitment to the decentralized finance world following the listing of over 10 DeFi tokens in the past three months, including Uniswap […] The post Coinbase Pro to List Balancer (BAL) and Ren (REN) In A Push Towards The DeFi Ecosystem first appeared on BitcoinExchangeGuide.

2020-10-2 17:11