On August 5th, Cointelegraph, a leading blockchain media in the United States, published a lengthy review, reporting the discovery of security vulnerabilities in the Worldcoin system by CertiK, a renowned Web 3.0 security audit company. "This vulnerability could allow attackers to bypass the verification process and become an Orb Operator without any interview or ID support," said the report. "Orb Operators do not need to be companies."
In the article titled "Worldcoin Orb Vulnerability: CertiK," Cointelegraph also pointed out that the Worldcoin security team confirmed and fixed the issue within 24 hours of receiving the information from CertiK, and it was confirmed that the problem had not been exploited.
"CertiK is not the official audit institution of Worldcoin, and we greatly appreciate the contribution they have made," said a spokesperson for Worldcoin to Cointelegraph.
In addition to Cointelegraph, several other U.S. media outlets have also been tracking this matter. Well-known blockchain media Decrypt published an article titled "Worldcoin Bug Allowed Anyone to Become Orb Operator: CertiK" quoting CertiK.
The media quoted CertiK's official explanation, stating that "Under normal circumstances, only legitimate companies that have passed Worldcoin's strict identity verification process can operate Orb to collect users' iris information. However, this vulnerability allows the other party to become an Orb Operator without being a regular company, without going through appropriate identity verification, and without undergoing interview scrutiny and other routine audits and restrictions."
On the same day, DailyCoin also published a news release on the related topic. In addition to reporting on the Worldcoin vulnerability disclosed by CertiK, it also pointed out the risks of "fake Orb operators beyond data privacy." - DailyCoin "CertiK Uncovers Major Worldcoin Vulnerability: What Is at Stake?".
In addition to the above-mentioned media, BSC News, News.bitcoin, Watcher Guru and many other top domestic blockchain media including PAnnews, Golden Finance, etc. have actively reported on it. In addition to reporting the events themselves, different media have also deeply analyzed the potential hazards brought about by the vulnerabilities from different angles. The large-scale spontaneous attention from the media is enough to prove that security issues have become a major focus of attention in the industry.
It is reported that in June this year, CertiK was awarded a $500,000 reward by SUI for successfully discovering and reporting a new security threat on the SUI network called "Hamster Wheel". In less than two months, CertiK once again discovered a security vulnerability on an important platform that could have serious consequences - the Worldcoin system vulnerability. This discovery further confirms CertiK's sustained efforts and determination in the field of Web 3.0 security. As an industry leader, CertiK stated that it will continue to invest and study diligently to protect the future of the industry in the face of growing network threats and increasingly complex security challenges.
