“On May 29, the CertiK platform informed the WorldCoin security team of a vulnerability that could potentially allow an attacker to become an Orb operator by bypassing the verification process,” the company claims.
In normal cases, only companies that have passed WorldCoin’s rigorous identity verification process can run an Orb operation that collects information about the iris of a user’s eye for the sake of identification.
WorldCoin’s security team confirmed the security vulnerability and promptly released a patch, the company said. The CertiK team tested and confirmed that the patch mitigated the threat.
Regulators in many countries are now expressing concerns about the vulnerability of WorldCoin user data. The Kenyan government has already suspended Worldcoin in its country, citing concerns about the use of citizens’ personal data.
Meanwhile, Worldcoin plans to expand operations by allowing governments and companies to use iris scanning and identity verification technology.