Certik has found a bug that has already been fixed by the Worldcoin team.
Obviously, Worldcoin is not a risk-free protocol.
A security vulnerability related to the operator system Orb of the Worldcoin project has been discovered by cybersecurity company CertiK.
Company informed today, August 4, a security breach was discovered (and has already been fixed) could allow attackers to become Orb operators without any legal authority.
The special device that Worldcoin uses to perform a biometric scan of the iris and face of its users to verify their identity is called the “Orb” (orbe in Spanish). As reported by CriptoNoticias, those who pass this scanning process are compensated in WLD tokens.
Sphere Operators are the people responsible for scanning. Under normal circumstances, it is necessary to go through a selection process to become a realm operator. The vulnerability discovered by Certik would open up the possibility for people who are not properly registered to use the devices.
Error was discovered by CertiK and reported to Worldcoin on May 29th.. However, Worldcoin has been scanning the iris for more than a year and today it has over 2 million registered people in the world. The possibility remains open that before May 29, some illegal operator could have carried out the scan.
Worldcoin Confirmed Security Breach
The Worldcoin security team, according to information provided by CertiK, confirmed the existence of a security breach and promptly took corrective action. CertiK guarantees that it has carried out the checks and that the solution has eliminated the threat.
Details of the find and how the vulnerability was fixed will be published in the future, the cybersecurity company said.
Worldcoin is an organization founded by Sam Altman (co-creator of ChatGPT), whose activities are in question due to risks your users may face on privacy and disclosure of personal data.
In fact, the information provided by the company itself in its Terms and Conditions shows that while security measures are in place, there is a risk of data leakage, hacking and misuse of information.
Several countries, including France, Germany and Kenya, have expressed concern and are evaluating the legitimacy of Worldcoin.