Worldcoin Security Flaw: Unauthorized Access to Orb Operator Role Discovered

CertiK Discovers Serious Security Flaw in Worldcoin’s Code


In late May, CertiK, a blockchain auditing firm, discovered a serious security flaw in Worldcoin’s code that would have allowed an unauthorized user to gain access and become an Orb operator, bypassing the stringent verification process.

The Flaw

With this flaw, CertiK adds, the intruder could have easily circumvented Worldcoin’s strict standards to set up to become an Orb operator.

Twitter Announcement

Rigorous Process

Becoming an Orb Operator is rigorous and includes identity verification, vetting interviews, and meeting specific company requirements. For example, a verified Orb operator must operate a local licensed company and have a team to add people, those who scan their iris, into the Worldcoin ecosystem. Orb operators are compensated in stablecoins or fiat.

Potential Consequences

If the flaw has gone unnoticed, individuals who are not properly identified or screened may be able to become orb operators and collect sensitive iris information from users.

Immediate Action

CertiK said that the Worldcoin security team acted immediately, validating the vulnerability and implementing a fix to eliminate the threat.

Security Audit Report

On July 28, Worldcoin published a comprehensive security audit report.

Under Scrutiny

The Worldcoin protocol has come under scrutiny from cybersecurity firms, Nethermind and Least Authority, which have identified several vulnerabilities.

Addressing Vulnerabilities

They analyzed vulnerable areas, developed strategies to protect against malicious business and attacks, and advised the implementation of defenses against malicious activity and exploitation.

The Nethermind audit, for example, revealed 26 protocol issues, most of which were successfully addressed during the verification process. The rest has been acknowledged and dealt with. On the other hand, the lesser authority identified three problems and proposed six solutions.

Commitment to Security

Worldcoin has worked hard, resolving or planning to address all identified issues in accordance with their commitment to maintaining a secure system.

Kenya Suspends Worldcoin Activities

This week, Kenya suspended all Worldcoin activities in the country. They want to investigate the risks to the public and how the data is being used.

Worldcoin, on the other hand, said it has suspended services in Kenya to manage high demand but will work with local officials to explain their privacy measures.

Expansion and Investigation

Despite this, Riccardo Massiera of Tools for Humanity, the group behind Worldcoin, said they will continue to expand where they are welcome.

Germany, France and the United Kingdom are investigating Worldcoin and determining if it complies with their databases.

Related Stories

Leave a Reply