Cryptocurrency NewsWorldcoin's Security Flaw Uncovered by CertiK

Worldcoin’s Security Flaw Uncovered by CertiK

In late May, CertiK, a blockchain audit firm, uncovered a significant security flaw in Worldcoin’s code that could have allowed an unauthorized user to gain access and become an Orb operator, bypassing the rigorous verification process.

CertiK explained that the flaw would have enabled the intruder to easily evade Worldcoin’s stringent onboarding criteria for becoming an Orb operator, which includes ID verification, vetting interviews, and meeting specific company requirements. For example, a verified Orb operator must run a licensed local business and have a team to onboard individuals who use iris scanning to join the Worldcoin ecosystem. These Orb operators are compensated in stablecoins or fiat currency.

Had this vulnerability gone undetected, unverified individuals could have become Orb operators and accessed sensitive iris information from users.

Fortunately, Worldcoin’s security team took prompt action, validating the vulnerability and implementing a fix to eliminate the threat.

On July 28, Worldcoin released a comprehensive security audit report. The protocol underwent audits by cybersecurity firms, Nethermind and Least Authority, which identified several weaknesses. They analyzed vulnerable areas, developed protective strategies against harmful actions and attacks, and recommended defenses against malicious activities and exploitation.

For instance, the Nethermind audit identified 26 protocol issues, most of which were successfully addressed during the verification process. The remaining issues were acknowledged and resolved. Meanwhile, the Least Authority identified three problems and proposed six solutions.

Worldcoin demonstrated diligence in resolving or planning to address all identified issues, as part of their commitment to maintaining a secure system.

Recently, Kenya suspended all Worldcoin activities in the country to assess risks to the public and potential misuse of data. On the other hand, Worldcoin explained that they halted services in Kenya due to high demand but are willing to cooperate with local officials to clarify their privacy measures.

Despite this suspension, Ricardo Macieira from Tools for Humanity, the group behind Worldcoin, stated that they will continue expanding to other regions where they are welcomed.

In addition, Germany, France, and the UK are investigating Worldcoin to determine whether the platform complies with their data regulations.


Join us

- Advertisement -