Security Vulnerability in the Orb Operator Verification Process
Worldcoin, a project name that is often a hot topic, recently faced major challenges in terms of security as reported by CertiK. The Worldcoin project provides prizes for participants who are willing to become part of the World ID ecosystem by scanning their eyeballs using a tool they call Orb.
According to CertiK, a security specialist company, there is a loophole in the operator verification stage, which if exploited by irresponsible individuals, could result in Orb operating without having to pass verification and without having a valid ID.
Security Vulnerability Notice from CertiK
CertiK has reported this vulnerability to the Worldcoin security team in the usual manner of hackers in charge of finding bugs (white hat hackers). This issue has since been resolved. However, this discovery further muddies the global controversy over privacy issues and how data is handled by the project.
Worldcoin Controversy and Ethical Issues
A number of critics have suggested that the project launched by OpenAI founder Sam Altman has the potential to be a "dystopian catastrophe". Moreover, this project has a very secretive nature and has raised questions from regulators.
The success of this project relies heavily on mass adoption. Millions of people around the world are willing to sell their eyeball data for about $50.
Clarification from Worldcoin
A Worldcoin spokesperson said that CertiK is not an official Worldcoin auditor and they appreciate the contribution that has been made. He explained that this bug only allows attackers to create inactive Operator accounts, it does not allow anyone to bypass the manual review process in creating an Operator account, and no access to Orbs or data is activated through the bug.
Worldcoin claims they were attracting 400,000 new users per week in mid-July, and that number has risen to over 545,000 as of this writing.
Their website also states that 366 Orbs have gone live in the last week, and 2,000 Orbs are in production.
Source: Cointelegraph.
