El Salvador’s government-operated Bitcoin wallet, Chivo, has once again come under cybersecurity scrutiny as a hacker group known as CiberInteligenciaSV has exposed sensitive information. Recently, this group released part of the source code for the Chivo wallet, specifically targeting the software running its ATM network. The leak was posted on the black hat hacking forum BreachForums, and included VPN credentials and a compilation of code, freely distributed without any cost, emphasizing the group’s intent to publicly expose the government wallet.
This latest security breach follows a significant exposure event in early April, where personal data for approximately 5.1 million Salvadorans, nearly the entire adult population, was reportedly leaked. The incident highlighted a major privacy concern for the nation, which has adopted Bitcoin as legal tender. The adoption aims to integrate Bitcoin into everyday financial activities, promoting Chivo as the official BTC wallet that facilitates transactions like purchases and withdrawals at ATMs.
Despite the gravity of the situation, the Salvadoran government’s response to the breaches has been notably absent. No official statements have been issued regarding the initial data hack or the subsequent source code leak, creating confusion and concern about the government’s handling of cybersecurity for the national cryptocurrency infrastructure. This lack of communication may further erode public trust in Chivo, which has already been criticized for technical issues since its introduction.
The release of Chivo’s source code could have broader implications for the security of the wallet users and the integrity of El Salvador’s financial systems embracing Bitcoin. Cybersecurity experts and local projects like VenariX are actively monitoring the situation and have warned the public about potential risks associated with the leaks. As the situation develops, it underscores the challenges of maintaining robust digital security in the face of determined and skilled cyber adversaries.
