TechFlow — On August 22, Spot on Chain responded to the data leak incident on friend.tech, stating that although the wallet addresses in the API were generated by friend.tech, it is easy to trace back to the wallets used to fund those addresses—a fact many users are unaware of. Therefore, friend.tech should explicitly mention this in its privacy policy.
API breaches occur when the API is manipulated or abused. The current access control level is poorly designed, allowing numerous bots to easily manipulate prices. When a high-profile KOL joins, bots can front-run purchases immediately. friend.tech could adjust API permissions—for example, restricting tweet visibility only to Keys (formerly Shares) buyers—which would somewhat reduce bot activity (though not completely eliminate bots). It is recommended that friend.tech update its smart contract to better prevent bot exploitation, thereby improving user experience.





