A hacker group known as CiberInteligenciaSV recently exposed more information about El Salvador’s state-run Bitcoin wallet, Chivo, by releasing part of the software wallet’s source code on a black hat hacking forum. This came after the group leaked the personal data of millions of Chivo users earlier in the month. The hacker group claimed that they do not sell the information they obtain but make it freely available to the public. Cybersecurity project VenariX had warned of an incoming Chivo source code data leak on Monday, citing a post from the hacker group’s Telegram channel. The government of El Salvador has not yet released an official statement regarding either of these security breaches.
El Salvador introduced Chivo in September 2021, along with its decision to implement Bitcoin as legal tender in the country. This meant that Bitcoin could be used as an official currency, including for tax payments, alongside the US dollar. However, the rollout of Chivo faced challenges from the start, with many users reporting software bugs and technical glitches. Some users did not receive the promised $30 for downloading the wallet, while others encountered difficulties withdrawing money from Chivo ATMs. The Salvadoran government had announced plans to install lightning network technology at over 100 Chivo ATMs across the country to allow for faster and lower-fee Bitcoin transactions.
The hacker group CiberInteligenciaSV previously released over 144 GB of data containing the personal information of 5.1 million Salvadorans who had downloaded the Chivo wallet. This stolen information included each user’s full name, unique identifying number, date of birth, address, and a picture of their face. The group has now released more information, including the file Codigo.rar, which contains code and VPN credentials for El Salvador’s Chivo ATM network. The release of this information on the dark web raises concerns about the security and privacy of Chivo users, as their personal data is now compromised.
The ongoing security breaches involving Chivo raise questions about the safety of using a state-run Bitcoin wallet. The Salvadoran government has yet to address these issues publicly, leaving users concerned about the security of their personal information and financial transactions. The leaks of source code and personal data by hacker groups highlight the vulnerabilities of government-run digital wallets and the potential risks associated with using them. It remains to be seen how the government will respond to these security breaches and what measures will be taken to protect Chivo users moving forward.
The leaks of source code and personal data by hacker groups have raised concerns about the privacy and security of Chivo users in El Salvador. The government’s implementation of Bitcoin as legal tender and the rollout of the Chivo wallet have faced challenges and criticisms since their inception. With ongoing security breaches and data leaks, the Salvadoran government will need to take decisive action to address these issues and restore confidence in using Chivo for financial transactions. The hacking incidents underscore the importance of cybersecurity measures in safeguarding users’ personal information and financial assets in the digital age.
