Worldcoin: This security flaw allowed anyone to become an operator
- CertiK confirmed that the fix provided by Worldcoin eliminated the threat.
- Experts and sovereign governments have become wary of the project.
Web3 security firm CertiK said it spotted a security loophole in the recently launched Worldcoin [WLD] project, which allowed any hacker to gain unauthorized access to the ecosystem.
1/ On May 29th, CertiK reported a security vulnerability to #WorldCoin’s security team that could potentially allow an attacker to become an Orb operator by bypassing the verification process.
— CertiK (@CertiK) August 3, 2023
Is your portfolio green? Check out the Worldcoin Profit Calculator
Worldcoin’s security on the radar
CertiK stated that by exploiting the vulnerability, bad actors could have evaded Worldcoin’s verification and participation criteria to become an Orb operator.
A Worldcoin operator is typically a local business unit, tasked with promoting the project in their local communities and increasing participation. In return, these operators are paid for their efforts.
Under normal circumstances, individuals having a registered local business is the entry criteria to apply for the position. This follows subsequent identification checks and vetting interviews.
However, in the aforementioned security flaw, attackers could bypass all of these stringent checks and still become an operator.
But don’t start panicking if you are reading this. CertiK revealed that the vulnerability was reported to the Worldcoin team who “promptly” resolved the issue. Moreover, CertiK also confirmed that the fix mitigated the threat.
Worldcoin remains controversial
While the danger was averted, the disclosure contributed to serious concerns about data privacy and security that have dominated headlines since the launch of the project last month.
Co-founded by OpenAI CEO Sam Altman, Worldcoin is a cryptocurrency project that aims to become the world’s largest identity and financial network. The onboarding process involves iris scans, which as per the creators, confirms humanness and eliminates bots’ involvement. In return, users get free WLD tokens.
However, this very biometric scanning process has become a sticking issue. Ethereum [ETH] co-founder Vitalik Buterin raised concerns about privacy, accessibility, centralization and security in an elaborate blog post.
How much are 1,10,100 WLDs worth today?
The apprehensions have travelled far and wide, prompting even sovereign governments to act up. Earlier this week, the Kenyan government suspended Worldcoin over privacy concerns. The development was significant because Kenya was a popular destination for the project, with people scrambling to get WLD tokens at registration centers.
At the time of writing, WLD was valued at $2.28, per CoinMarketCap.