A group of hackers called “CiberInteligenciaSV” is threatening the security of the government of El Salvador: yesterday the criminals freely published all the details related to the source code of the Bitcoin wallet “Chivo” in a black hat forum, also revealing access to the VPN.
A few days earlier, the same group had leaked the personal information of 5.1 million Salvadorans within a database, undermining the privacy of the community.
It is not yet clear what the intentions of the hacker group are, but apparently there seems to be a willingness to engage in dialogue with the country’s top political leaders.
Se'i tatou va'ai i fa'amatalaga uma i lalo.
Hacker against El Salvador: information such as the source code and VPN credentials of the Bitcoin Chivo wallet published
On April 23, with a move that caught the entire Latin America off guard, the hacker group CiberInteligenciaSV reveals confidential information about the source code of the Chivo bitcoin wallet from El Salvador and the VPN access credentials within the black hat hacking forum BreachForums.
This is what was reported by the cybersecurity experts VenariX, who in a post on X, cited the details of the attack also attaching a message from the Telegram channel where CiberIntelligenciaSV would have warned of the data breach.
Here is what the message says verbatim:
“Tonight we will publish part of the source code and VPN access belonging to Chivo Wallet, for free as always, unless one of you government snoops wants to talk”
It seems as if the group of hackers intends to speak with Bukele or with one of the representatives of his political party Nuevas Ideas, presumably with the intention of carrying out blackmail or extortion.
A few hours after the warning from malicious hackers, here comes the publication of the file “Codigo.rari” containing the data of the source code and the VPN credentials to the ATM network of the Chivo wallet, which we remind you represents the government wallet of El Salvador.
CiberInteligenciaSV in the telegram group then invited members to privately request additional files from the data leak if they were interested.
The attack comes after the same gang of criminals on April 5 had spread, always within the same black hat forum, 144 GB of files concerning personal information of 5.1 million Salvadoran citizens.
These information include the full name of each individual, a unique identification number, the date of birth, the address, and a high-definition image of their face.
Probably the two data leaks are related to each other and the same Salvadoran citizens whose privacy has been compromised would have downloaded the Bitcoin wallet of El Salvador in recent months/years.
This story reminds us how KYC and centralized databases in the world of cryptocurrencies, if not managed properly, can represent a danger rather than a form of protection. Fortunately, for the moment it seems that no satoshi has been touched from the Salvadoran wallet, but the worst may still be yet to come.
The authorities of the country, as well as the government, have preferred a press silence to a prompt response: no statement has been released.
The launch of the Chivo wallet and the latest Bitcoin-related initiatives in the country
The Bitcoin wallet of El Salvador “Chivo” represents the State wallet introduced with the pro-bitcoin law of September 7, 2021, along with the implementation of the cryptocurrency as legal tender, which has effectively become the official currency alongside the US dollar.
Chivo is a simple wallet that allows Salvadoran citizens to buy, sell, and store Bitcoin with extreme ease.
However, the tool was not appreciated by the entire population, who have reported multiple times the presence of bugs and technical issues: some have reported not even being able to redeem the $30 prize, promised by President Nayib Bukele himself, to all citizens who would have installed the wallet.
Despite the various difficulties, El Salvador continues its challenge of bitcoinizing the country, introducing more and more technological infrastructures around the new State currency.
During last summer, for example, it emerged that the government was working on installing Lightning Network technology in over 100 Chivo ATMs, in order to allow a smarter use of the Bitcoin blockchain with faster transactions and at the same time significantly cheaper.
Meanwhile, private individuals are also modernizing, adding Lightning Network as the default Bitcoin payment channel for daily transactions.
The race for cryptographic evolution in the Latin country is also supported by the recent initiative known as “Volcano bonds“: these represent state bonds with a 10-year maturity that allow investing in the country’s growth, subsidizing the construction of “Bitcoin City” and reducing sovereign debt.
The country’s volcano plays a key role in this story because, thanks to the support of the miner Luxor Technology, it will power the cryptocurrency network contributing to its mining.
The mined bitcoins serve as a reward for bondholders and mark the beginning of capital markets based on crypto within the country
Source: https://en.cryptonomist.ch/2024/04/24/the-hacker-group-ciberinteligenciasv-brings-the-government-of-el-salvador-to-its-knees-and-publicly-leaks-the-source-code-of-the-bitcoin-chivo-wallet/