DefiLlama Founder: friend.tech and Its Forked Versions Store User Keys on the Front End, Which Can Easily Lead To Front-End Attacks

September 21, the founder of DefiLlama, 0xngmi, stated on social media that "currently, friend.tech and all forked versions store users' keys on the front end, so it is possible to steal users' keys or all funds through front-end updates. Some people may not store the complete key on the front end, but they have the key in the front-end memory, so they are vulnerable to supply attacks in any case."

DeFiLlama friend.tech

Comments

All Comments

Recommended for you

CointimeSG ·

Ethereum 2024 Staking Insights & Analysis

What shaped Ethereum in 2024? It seems pretty challenging to find a common denominator, but there were some milestones no one can’t argue about being included. Here are my top-3 picks in chronological order:
CointimeSG ·

The high-stakes fight to define “money transmitter”

Plus: A rough guide to Anoncasting
CointimeSG ·

State of Cardano Q3 2024

Cardano (ADA) is a Proof-of-Stake (PoS) Layer-1 network launched in 2017. Cardano aims to provide security, scalability, and functionality to decentralized applications and systems building atop the network. In addition to its community of developers, node operators, and projects, Cardano is supported by entities like Input Output Global (IOG), Cardano Foundation, EMURGO, and others. These entities support the network’s development, adoption, and finances as Cardano moves toward the age of Voltaire, the final phase of its roadmap.
Odos DAO: Phishing email attacks related to the "ODOS Loyalty Program" have appeared, reminding users to be vigilant

Odos DAO posted on X platform, stating that they have noticed phishing email attacks related to the "ODOS Loyalty Program" in the community and reminded users to be cautious. Odos DAO and ODOS will not send emails to users. All official communication is only conducted through verified Twitter accounts. Do not click on any suspicious links.
Report: 165 security incidents have occurred in the Web3 field so far in 2024, with losses exceeding US$2.3 billion

According to a report summarizing key security trends in 2024 by Cyvers, Web3 network threats will increase sharply in 2024, resulting in losses of over 2.3 billion US dollars and a total of 165 security incidents. Although the loss amount is 40% higher than in 2023 (1.69 billion US dollars), it is still 1.42 billion US dollars lower than in 2022 (3.78 billion US dollars). It is worth noting that 1.3 billion US dollars of stolen funds were recovered this year.
CointimeSG ·

Bitcoin Tumble Triggered $1.4 Billion in Liquidations

Altcoins have felt the sting, too. Ethereum was down 16% over a 24-hour period at one point, with XRP plunging 18% and Dogecoin 26%.
CointimeSG ·

Tether to make $775 million 'strategic investment' in Rumble, shares rally 44.6%

Tether, the world’s largest stablecoin issuer, has made a “strategic investment” of $775 million into the right-leaning streaming platform Rumble. Last month, it announced it would allocate up to $20 million of its excess cash reserves to bitcoin.
CointimeSG ·

Analyzing the Movement of Capital Across the Solana Asset

The last two years have been remarkable for Solana, recording a staggering price appreciation of +2,143%. In this article, we utilize the new breakdown metrics for Solana to inspect and understand the underlying capital flows responsible for the dramatic ascent.
CointimeSG ·

Bitcoin is Not an Uncorrelated Asset

Also Two Weeks of Inflows for the Bitcoin ETFs and Hawkish Tone at the Fed
Phishing ad links impersonating Virtuals Protocol appear in Google search results

according to Scam Sniffer, there are currently phishing ads impersonating Virtuals Protocol appearing in Google search results. If users click on these links to connect their wallets and sign transactions, these fraudulent ads may steal users' assets. Users should be careful to identify and prevent theft.