In a significant cybersecurity breach, El Salvador’s state-operated Bitcoin wallet, Chivo, has become the target of hackers who have released part of its source code. The hacker group, known as CiberInteligenciaSV, made the code available on the black hat hacking crime forum BreachForums on April 23, escalating concerns over the security of the government-backed digital wallet.
Launched in September 2021, Chivo Wallet was introduced as part of El Salvador’s groundbreaking move to adopt Bitcoin as legal tender—the first country to do so. The wallet is designed to facilitate Bitcoin transactions for Salvadoran citizens, enabling them to buy, sell, and store Bitcoin, as well as withdraw funds from ATMs. However, since its inception, the platform has experienced several technical issues, ranging from bugs to glitches, affecting its functionality and user experience.
Details of the Hack
The hackers’ release of the source code is the latest in a series of incidents involving Chivo. Previously, in early April, the personal data of approximately 5.1 million Salvadorans, nearly the entire adult population of the country, was reportedly exposed. This breach raised serious concerns about the safety and privacy of the users’ information.
According to the hacker group’s post on BreachForums, the intention behind releasing the source code was not monetary gain but rather to expose the government wallet’s vulnerabilities. The post stated: “This time I bring you the code that is inside the Bitcoin Chivo Wallet ATMs in El Salvador, remember that it is a government wallet, and as you know, we do not sell, we publish everything for free for you.”
The leaked file, named Codigo.rar, includes a compilation of code and VPN credentials associated with the Chivo Wallet ATM network. This information could potentially allow unauthorized access to the network, further complicating the security challenges faced by the wallet.
Response and Implications
Despite the severity of the leak and the earlier data breach, the Salvadoran government has yet to officially address the issue. This lack of communication contributes to the growing uncertainty and distrust among the users of the Chivo Wallet.
Cybersecurity experts and local projects like VenariX have been vocal about the risks associated with these breaches. Prior to the code leak, VenariX took to X to alert the public about the potential exposure, indicating the gravity of the situation.
Broader Context and Future Concerns
The ongoing security issues with Chivo Wallet not only jeopardize the financial security of Salvadorans but also cast doubt on the feasibility of national digital currency initiatives. As El Salvador continues to navigate its pioneering path of Bitcoin integration, these cybersecurity breaches underline the critical need for robust security measures and transparent governmental response to protect user data and maintain public trust in digital financial infrastructure.
The situation remains fluid as the implications of the source code leak are yet to be fully understood. The Salvadoran government’s response, or lack thereof, will be crucial in shaping the future confidence in Chivo Wallet and the broader initiative of integrating Bitcoin into the country’s economy. For now, the citizens and observers alike are left waiting for definitive action and reassurance from the authorities.
Featured image credit: Rubaitul Azad via Unsplash