One of the core developers behind DeFiLlama, a portal that analyzes decentralized finance (DeFi) protocols, believes that a hack on Friend.tech, a decentralized social media network on Base, a layer-2 platform backed by Coinbase, will be more “devastating” than the recent breach on Balancer whose front-end was exploited and over $238,000 worth of assets reportedly stolen.
In the analyst’s assessment, the social media network can be compromised in three ways, stating that any exploit initiated from the front end could see Friend.tech users lose funds simply by “opening the app,” adding that they won’t have “to do anything.”
3 Ways Friend.tech Users Can Lose Funds If Hacked
Upon analyzing Friend.tech’s security model, the analyst explained that if their direct iframe was compromised, a hacker could gain unauthorized access to the user’s funds.
In web development, the direct iframe allows users to embed links, which can be from social media or even Google. All the developer needs is to enable HTML addition before formatting using CSS.
While the direct iframe is easy to use and flexible, it also introduces security risks. This is because by allowing anyone to insert HTML code, malicious agents can choose to embed corrupted code.
Besides direct iframe, the analyst also pointed out a hack on Friend.tech’s privy iframe can lead to loss of funds. He notes that the platform’s privy iframe holds the private keys, allowing users to easily connect the dapp with their non-custodial wallets such as MetaMask.
Privy iframe is critical in DeFi, forming the critical infrastructure for decentralized exchanges (DEXs) and non-fungible token (NFT) marketplaces operating on public networks like Ethereum or the BNB Chain.
Go to Source to See Full Article
Author: Dalmas Ngetich
Tip BTC Newswire with Cryptocurrency
Donate Bitcoin to BTC Newswire
Donate Bitcoin Cash to BTC Newswire
Donate Ethereum to BTC Newswire
Donate Litecoin to BTC Newswire
Donate Monero to BTC Newswire
Donate ZCash to BTC Newswire
