Patched Worldcoin bug could have made Orbs vulnerable to remote takeovers: CertiK Patched Worldcoin bug could have made Orbs vulnerable to remote takeovers: CertiK
The issue was reported about a month before launch and was quickly patched.
2 min read
Updated: Mar. 6, 2024 at 3:27 pm UTC
Cover art/illustration via CryptoSlate. Image includes combined content which may include AI-generated content.
Blockchain security firm CertiK revealed on Aug. 3 a vulnerability in Worldcoin that could have potentially allowed attackers to take over Orbs.
The bug, before it was patched, would have allowed an attacker to bypass verification procedures to become an operator of Orbs. Those Orbs are Worldcoin’s eye-scanning devices and are installed in public locations around the world.
This means the attacker would not need to exist as a company, have proper ID verification, or undergo a vetting interview to act as an operator, according to CertiK.
CertiK said it informed Worldcoin of the issue before the latest public announcement and stated that the project had patched the vulnerability. CertiK added that it has verified and confirmed that the fix entirely prevents the threat. The security firm also said it will post further details of the vulnerability and the patch.
Worldcoin separately acknowledged the issue in a statement to CryptoSlate but emphasized that the vulnerability was never exploited in practice.
Worldcoin said that the issue “did not allow anyone to bypass the manual review for establishing an Operator account” and said that “at no point was access to Orbs or data enabled through the bug.” It added that the issue was resolved within 24 hours.
The company added that CertiK is not an official auditor but thanked it for its contribution and invited others to submit similar security findings.
Bug was reported one month before launch
CertiK said that it informed Worldcoin of the security issue on May 29, about one month prior to the project’s public launch on July 24.
Worldcoin’s launch saw some success, with early gains in WLD token prices and seemingly high enrollment rates. Much of Worldcoin’s popularity appears to be based on the involvement of Sam Altman, best known as the CEO of OpenAI โ the company behind the popular ChatGPT chatbot.
Despite Worldcoin’s popularity, the project is highly controversial due to the risks of having a company control vast amounts of user biometrics data. The fact that Worldcoin experienced an early security issue will unlikely inspire confidence in critics.
Mentioned in this article
Author 
Mike Dalton
Before transitioning to crypto writing in 2018, Mike studied library and information sciences. Currently, he resides on Canada's West Coast.
Editor Editor 
Jacob Oliver
Jacob Oliver is a recovering academic and English teacher turned crypto journalist and web3 writer. He holds a Ph.D. from the University of Washington.
Latest Worldcoin Stories
In this article
Worldcoin
$4.76573
Worldcoin’s mission is to build the worldโs largest identity and financial network to serve as a public utility, giving ownership to everyone.
OpenAI
OpenAI is an AI research and deployment company committed to ensuring that general-purpose artificial intelligence helps all of humanity.
CertiK
Founded in 2018 by professors of Yale University and Columbia University, CertiK is a pioneer in blockchain security, utilizing best-in-class AI technology to secure and monitor blockchain protocols and smart contracts.
Sam Altman is the CEO of OpenAI, an AI research and deployment company since 2019.