Author

Topic: Leak of Chivo Bitcoin ATMs code in Elsavador (Read 244 times)

sr. member
Activity: 1666
Merit: 426
I always find it hard to understand why some hackers just leak private data of regular people, people who did nothing wrong and whose private information should be nobody's business. I mean, leaking stuff about public figures or events that are of great public interest is something I can understand, but here we're talking about leaking the whole database of users of El Salvador's state wallet (which happens to be almost all the country's population).
It does show the risks of custodial wallets, though, which can be a good talking point for advocates of self-custody. I'm sorry for those whose info got leaked.
For the fun of it of course and not to mention that if you put the lives of people that aren't part of this attack, you would have it easier to ask for your demands because believe it or not, the government cares about the well-being of their people also, it's more fun for them and makes them more powerful when they do this kind of thing to those innocent people and you never know what you're going to hit when you hack indiscriminately. There's also the fact that hackers sell these data to people that will use it for malicious stuff and the more data you've got on a lot of people, the more handsome the payment is going to be for you as a hacker.
legendary
Activity: 3122
Merit: 1492
I suppose that since it is in El Salvador it will be given a lot of hype but there have been cases of hackers obtaining data even from ministries in other countries.

I disagree and why would you blame it on hate on the government. Blame it on the developers of the software behind Chivo.

I think the same. The company had an obligation not only to develop good software but to keep it updated securely.

I am certainly against KYC and storage of our personal data in a server where it can be stolen by hackers, however, are these data they collect valuable? What can they use this for? I reckon many of the people who have their identification in different sites might have their information already sold or shared to third parties.

Also, Chivo has released a statement that they were not hacked. Is this hack fake news?



Our users’ data is protected and CHIVO security has not been breached.

Source https://x.com/chivowallet/status/1782992751354655118
sr. member
Activity: 854
Merit: 424
I stand with Ukraine!
Venezuela completes its role as a promoter for Bitcoin in last bull run. They with their President Nayib Bukele made a lot of noise several years ago and Chivo wallet is one of their tools to distribute Bitcoin to their citizens.

Chivo wallet is not good to use, close source and as I remember, they requested Venezuela citizens to KYC.

Chivo Wallet Identification Verification Partner Netki Successfully Onboards 4 million users in 45 days to Facilitate El Salvador’s Official Bitcoin Adoption
Here’s how El Salvador is trying to improve the Chivo Wallet

You see, there are red flags years go. The leak recently is not strange with any centralized platform. You KYCed, you must know risk that their data base will be exploited.
full member
Activity: 1358
Merit: 207
Catalog Websites
Quote from: promise444c5
Leak of Chivo Bitcoin ATMs code in Elsavador

After leaking the entire database of Chivo users in early April, the hacker group CiberInteligenciaSV started releasing the wallet’s code.


Unedited  directly  from https://cointelegraph.com/news/el-salvador-hacks-leak-state-bitcoin-wallet

This sorce codes also  includes the  .bat,.exe, .txt......
The group  of hackers CiberInteligenciaSV seem to be interested in attacking their govenment Government ...
I don't think the hackers can score free or go free, if this information is true that hackers can have access to users wallet through the BTC ATM because El Salvador was the first country that made BTC legal tender, before other countries begin to follow their steps to adopt BTC and make it legal tender for people to use it freely in their countries.

If the BTC ATM operators cannot do something to make their ATM safe for the users, it will make the El Salvador government begin to lose courage in the country because he was the one that gives go ahead before BTC investors where everywhere in the country.

You can attack others people and go free with the evil, but the moment you start attacking the government, show that your end has come which I know that El Salvador government will deal with the hackers soon.
newbie
Activity: 56
Merit: 0
And here comes the overflow of unsold tinfoil hats.
An attack happened for sure is the government, they must do this to hit cryptocurrency, because....lol!

Don't you people understand that if a government would want to do something that would really hurt crypto they would simply ban it? Look how everyone is saying the US is against crypto yet we're riding 60k because of ETF approvals!
Seriously drop the damn tinfoil hat, it's not even funny anymore!

At this point, those look some 5g vaccine that would control your brain theory!   Grin Grin

Also, it's the source code of a wallet!
What are we saying on this forum 24/7?
Don't trust closed-source wallets?

Summer is coming, drop the tinfoil or you're going to cook your brain!
I have dropped the tinfoils hats.  Grin

And you reminded me to look at it from another standpoint which is very valid. The hackers probably figured that its a closed-sourced wallet and took advantages of its vulnerabilities. They should have had it a long time coming.

Knowing this vulnerability of closed wallets, why did the government adopt it?

I think the blame is on them for knowingly putting the sensitive data of their country men and women at risk. I hope that they will be humble enough to admit it and look for opened-source wallet options to avoid a repeat.
Do you expect any less from a country known for its extreme corruption and crime? Just because they've adopted BTC doesn't mean they've improved. If anything, making BTC their legal tender makes them seem more illegitimate.
sr. member
Activity: 450
Merit: 220
And here comes the overflow of unsold tinfoil hats.
An attack happened for sure is the government, they must do this to hit cryptocurrency, because....lol!

Don't you people understand that if a government would want to do something that would really hurt crypto they would simply ban it? Look how everyone is saying the US is against crypto yet we're riding 60k because of ETF approvals!
Seriously drop the damn tinfoil hat, it's not even funny anymore!

At this point, those look some 5g vaccine that would control your brain theory!   Grin Grin

Also, it's the source code of a wallet!
What are we saying on this forum 24/7?
Don't trust closed-source wallets?

Summer is coming, drop the tinfoil or you're going to cook your brain!
I have dropped the tinfoils hats.  Grin

And you reminded me to look at it from another standpoint which is very valid. The hackers probably figured that its a closed-sourced wallet and took advantages of its vulnerabilities. They should have had it a long time coming.

Knowing this vulnerability of closed wallets, why did the government adopt it?

I think the blame is on them for knowingly putting the sensitive data of their country men and women at risk. I hope that they will be humble enough to admit it and look for opened-source wallet options to avoid a repeat.
legendary
Activity: 4410
Merit: 4766
Some news outlets indicated that about 60% of Chivo wallet users in El Salvador stopped using the wallet after the $30 incentive offered by the government. This means that many of these people were only interested in the money and not fascinated by using Bitcoin. Some persons might claim that this hack has some political undertone but we all know that hackers can attack individuals, organizations, and governments for different reasons. Some hacked do it for fun, money, and other reasons.

Quote
This time I bring you the code that is inside the Bitcoin Chivo Wallet ATMs in El Salvador, remember that it is a government wallet, and as you know, we do not sell, we publish everything for free for you
https://cointelegraph.com/news/el-salvador-hacks-leak-state-bitcoin-wallet

From the comments of the hackers (CiberInteligenciaSV), I would have to join the bandwagon of people who believe that it is an attack on the government of Nayid Bukele. These hackers specifically mentioned the government and didn't want any ransom.

the $30 incentive thing bottlenecked and broke due to el salv being conned by a LN 'adviser' telling them to use LN instead of bitcoin as a backbone of chivo in 2021
LN had bottlenecks and caused alot of users to be unable to claim their $30 due to liquidity issues of LN. within 3 months el salv closed it and replaced the backbone with a CEX(alphapoint) as the accounting and withdrawal system(custodian) of chivo value/transfers. majority of people just gave up after the first phase and didnt use chivo again. even under alphapoint CEX custodian services.

not all el salv citizens even used chivo in initial LN phase and not everyone signed up to alphapoint in second phase. so the "over 5 million" is an exaggeration. the database the script kiddies ARE SELLING is a con in-of-itself.. (scammers selling to scammers)

as for the 'hackergroup'(script kiddies) giving ATM files for free.. thats because its public info, anyone can find the ATM masterdocs, the ATM manufacturer is not even el salvadorian.. the manufacturer sells ATM's and maintenance guides/access to files to franchises like its candy

you dont need to hack a government to get the files. and there was no government hack to get them..
these files are just a phase two promotion by skill-less script kiddies, hoping of proving they are hackers.. but they failed

there initial phase of the database of citizens is their hope of a money maker. hoping scammers would buy the database.. which the script kiddies didnt get much custom so doubled down pretending to be hackers of the ATM files as hope of proof of being legit hackers.. and as i said failed to prove anything

legendary
Activity: 1050
Merit: 1100
Hackers will not hesitate to launch their attack irrespective of being on the government or the people, all they want is an illegal means of acquiring other people's fund and data to use against them, this is not the first of its kind happening when you discovered that government is under attack, but this time, not only the government of El-Salvador, but the people were also affected because they have been using this same chivo wallet right from the time their government made a free and voluntarily aid of donation of $30 worth of bitcoin to every user of same wallet in other to help encourage the use of bitcoin, the hackers will not look at the good deeds that others are benefiting from, all they know is about themself, how i wish chivo wallet is not a centralized wallet, at least it could have been more better if it's a non-custodial bitcoin wallet.

Some news outlets indicated that about 60% of Chivo wallet users in El Salvador stopped using the wallet after the $30 incentive offered by the government. This means that many of these people were only interested in the money and not fascinated by using Bitcoin. Some persons might claim that this hack has some political undertone but we all know that hackers can attack individuals, organizations, and governments for different reasons. Some hacked do it for fun, money, and other reasons.

Quote
This time I bring you the code that is inside the Bitcoin Chivo Wallet ATMs in El Salvador, remember that it is a government wallet, and as you know, we do not sell, we publish everything for free for you
https://cointelegraph.com/news/el-salvador-hacks-leak-state-bitcoin-wallet

From the comments of the hackers (CiberInteligenciaSV), I would have to join the bandwagon of people who believe that it is an attack on the government of Nayid Bukele. These hackers specifically mentioned the government and didn't want any ransom.
legendary
Activity: 3248
Merit: 1402
Join the world-leading crypto sportsbook NOW!
I always find it hard to understand why some hackers just leak private data of regular people, people who did nothing wrong and whose private information should be nobody's business. I mean, leaking stuff about public figures or events that are of great public interest is something I can understand, but here we're talking about leaking the whole database of users of El Salvador's state wallet (which happens to be almost all the country's population).
It does show the risks of custodial wallets, though, which can be a good talking point for advocates of self-custody. I'm sorry for those whose info got leaked.
hero member
Activity: 714
Merit: 521
Leak of Chivo Bitcoin ATMs code in Elsavador

After leaking the entire database of Chivo users in early April, the hacker group CiberInteligenciaSV started releasing the wallet’s code.


Unedited  directly  from https://cointelegraph.com/news/el-salvador-hacks-leak-state-bitcoin-wallet

This sorce codes also  includes the  .bat,.exe, .txt......
The group  of hackers CiberInteligenciaSV seem to be interested in attacking their govenment Government ...

Hackers will not hesitate to launch their attack irrespective of being on the government or the people, all they want is an illegal means of acquiring other people's fund and data to use against them, this is not the first of its kind happening when you discovered that government is under attack, but this time, not only the government of El-Salvador, but the people were also affected because they have been using this same chivo wallet right from the time their government made a free and voluntarily aid of donation of $30 worth of bitcoin to every user of same wallet in other to help encourage the use of bitcoin, the hackers will not look at the good deeds that others are benefiting from, all they know is about themself, how i wish chivo wallet is not a centralized wallet, at least it could have been more better if it's a non-custodial bitcoin wallet.
legendary
Activity: 2912
Merit: 6403
Blackjack.fun
I'm not familiar with this groups or any hacking groups, but I will speculate that they:

1. hate the government of El Salvador, specially their President for being a crypto friendly
2. this groups are being back up by some people who wanted to bring down the government

This is my suspicion. It is an indirect attack on the president. To bring in fear and doubt in the hearts of El Salvadorians to potentially their undermine trust in the bitcoin and cryptocurrency as a whole.


And here comes the overflow of unsold tinfoil hats.
An attack happened for sure is the government, they must do this to hit cryptocurrency, because....lol!

Don't you people understand that if a government would want to do something that would really hurt crypto they would simply ban it? Look how everyone is saying the US is against crypto yet we're riding 60k because of ETF approvals!
Seriously drop the damn tinfoil hat, it's not even funny anymore!

At this point, those look some 5g vaccine that would control your brain theory!   Grin Grin

Also, it's the source code of a wallet!
What are we saying on this forum 24/7?
Don't trust closed-source wallets?


It really indicates that a group of people is interested in them or is from them. Means he must be from the system (government) or maybe he is the enemy of the El-Salvador Govenrment.

Summer is coming, drop the tinfoil or you're going to cook your brain!
legendary
Activity: 1372
Merit: 2017
I suppose that since it is in El Salvador it will be given a lot of hype but there have been cases of hackers obtaining data even from ministries in other countries.

I disagree and why would you blame it on hate on the government. Blame it on the developers of the software behind Chivo.

I think the same. The company had an obligation not only to develop good software but to keep it updated securely.
hero member
Activity: 1386
Merit: 513
Payment Gateway Allows Recurring Payments
This sorce codes also  includes the  .bat,.exe, .txt......
The group  of hackers CiberInteligenciaSV seem to be interested in attacking their govenment Government ...
This is just absurd, because first the government's wallet platform gave people an offer of $30 bonus so they signed up, and even the citizen of El Salvador stole each other's data to claim the $30 bonus for signing up. Well, that's not new, bad actors exist all over the world. What really shocked me is this group of hackers has been hacking a lot of data from El Salvador, I mean I just checked the threads they had made on Breachforum.

All of them are providing us the data on El-Salvador Citizens. It really indicates that a group of people is interested in them or is from them. Means he must be from the system (government) or maybe he is the enemy of the El-Salvador Govenrment. Who knows the reality. He can be caught easily if they have the good resources.
legendary
Activity: 4410
Merit: 4766
lets clarify something about the ATM's

the bitcoin ATM are NOT el salv state owned ATM's related to chivo
instead its a bitcoin ATM company that has been operating pre 2020(2018+) that came into el salvador 2021+ and got permission to put ATM's in locations of el salvador from 2021+

anyone can get an ATM and then get access to the source files on the internal device..
having the ATM files proves nothing. and doesnt even prove a hack

the ATM's are a private franchise set up by some crypto guy who wanted to profit out of setting up ATM's in many locations.... including elsalvador,

however they are ATM's anyone can buy and then get the source data from one of those devices without setting foot in el salvador nor needing to remote hack anything in el salvador
to me i feel its more of a boring story exaggerated to sound dramatic by not explaining how easy anyone can get to the files. just by buying one ATM from source company

the ATM company/franchise are not some government department/central bank of el salv that created the ATM's and its not related to chivo incidents

..
chivo is a separate software/system/network which the hacker group said they also hacked as a separate event previously.. however i feel this too is an exaggeration. they say they have a database of over 5 million users personal information..
... however 5 million people did not sign up to chivo..
the error in the 'hackers' promoted database promotion is that they cant possibly have a database of over 5million el salvadorians due to the fact that not everyone signed up to chivo to achieve such a 5 million total (even common sense: children and elderly)

...

this seems more like script kiddie wannabe hackers just pretended to hack a database(scam) and want to sell the database knowing those who buy it(other scammers) wont then do anything legally as recourse of being scammed, as admitting they have a fraudulent database puts themselves in a illegal position themselves (scammers scamming scammers)

and as said the latter downloaded files of a ATM are public domain anyway of general ATM that can be purchased.. and is unrelated to chivo
so this to me, is the script kiddie wannabe hacker getting source ATM files from a atm manufacturer. and then trying to make a claim they are genuine hackers to hope it proves their in-genuine userdatabase is genuine..

if anything i feel that the script kiddies simply bought a few ATM's and set them up and just gathered some info from users that used THEIR ATM and then added random details they found from a phone book/open datasource of public info of citizens to fill a list to make it seem like a legit database(these tricks are done alot)
..
meanwhile all this nonsense is then causing people in el salvador to be now afraid of their data(not breached) and now giving more bad rep/distrust to bitcoin and distrust of el salv gov. even though i feel this scriptkiddy didnt breach anything bitcoin sensitive/private nor gov sensitive/private
legendary
Activity: 3122
Merit: 1492
Leak of Chivo Bitcoin ATMs code in Elsavador

After leaking the entire database of Chivo users in early April, the hacker group CiberInteligenciaSV started releasing the wallet’s code.


Unedited  directly  from https://cointelegraph.com/news/el-salvador-hacks-leak-state-bitcoin-wallet

This sorce codes also  includes the  .bat,.exe, .txt......
The group  of hackers CiberInteligenciaSV seem to be interested in attacking their govenment Government ...

I'm not familiar with this groups or any hacking groups, but I will speculate that they:

1. hate the government of El Salvador, specially their President for being a crypto friendly
2. this groups are being back up by some people who wanted to bring down the government
3. maybe they want to attack Chivo itself
4. for black mail and extortion

In any case, just like in any other hacks, perhaps Chivo will have to upgrade their security and not let this happen again.

I disagree and why would you blame it on hate on the government. Blame it on the developers of the software behind Chivo. The hackers are always everywhere looking for their next victim. It can be hackers from China, Russia, North Korea, America, Germany, Australia, everywhere! If there is a weakness, it will be attacked. We can very much be certain of this. What we should learn from this is it confirms our argument that KYC does not make it more safer for the users, this is making it more dangerous.
legendary
Activity: 1904
Merit: 1563
I'm not familiar with this groups or any hacking groups, but I will speculate that they:

1. hate the government of El Salvador, specially their President for being a crypto friendly
2. this groups are being back up by some people who wanted to bring down the government
3. maybe they want to attack Chivo itself
4. for black mail and extortion

In any case, just like in any other hacks, perhaps Chivo will have to upgrade their security and not let this happen again.
I don't know about the hating the government of El Salvador but most of these hackers do it for the challenge and the thrill of doing this, they've got circles talking about this and I'm sure that somebody that's investigating these hacking incidents are going to be getting wind of what's the motive and the why the hacks happened. I don't think that they hate the government too, it's bitcoin ecosystem of El Salvador that they've attacked, if they really hated the government, they would've done something much worse like hacking their financial infrastructures, leaking the data of their government employees, messing with the power grid or the traffic system of the country. Nonetheless, it's still a sad thing that they've been had on this one, it's going to create rifts in trusting the current administration about the bitcoin adoption there if this thing can lead to people losing their bitcoins.
legendary
Activity: 3346
Merit: 3125
I'm not familiar with this groups or any hacking groups, but I will speculate that they:

1. hate the government of El Salvador, specially their President for being a crypto friendly
2. this groups are being back up by some people who wanted to bring down the government

This is my suspicion. It is an indirect attack on the president. To bring in fear and doubt in the hearts of El Salvadorians to potentially their undermine trust in the bitcoin and cryptocurrency as a whole.

True, this was a move to break the trust of El Salvador people to the president and to Bitcoin, as the article mentions "almost the entire adult population of the country", that's massive, a crazy branch of security that makes from all that people a target for the scammers.

From the start i believe it was a terrible idea for El Salvador to launch their own wallet, they should let people to use any wallet software they want, is a stupid idea to do a KYC process for a wallet, that goes against bitcoin nature.
sr. member
Activity: 450
Merit: 220
I'm not familiar with this groups or any hacking groups, but I will speculate that they:

1. hate the government of El Salvador, specially their President for being a crypto friendly
2. this groups are being back up by some people who wanted to bring down the government

This is my suspicion. It is an indirect attack on the president. To bring in fear and doubt in the hearts of El Salvadorians to potentially their undermine trust in the bitcoin and cryptocurrency as a whole.

Quote
In any case, just like in any other hacks, perhaps Chivo will have to upgrade their security and not let this happen again.
This can never  be over emphasized. It is a call to action for them, I would prioritize security measures of these ATMS over aesthetics if I were the president going forward.

The damage has already been done and we will see how the people of El Salvador takes it and the effect it would have on the economy. The government must act quickly to do what must be done and get those responsible.
hero member
Activity: 2632
Merit: 833
Leak of Chivo Bitcoin ATMs code in Elsavador

After leaking the entire database of Chivo users in early April, the hacker group CiberInteligenciaSV started releasing the wallet’s code.


Unedited  directly  from https://cointelegraph.com/news/el-salvador-hacks-leak-state-bitcoin-wallet

This sorce codes also  includes the  .bat,.exe, .txt......
The group  of hackers CiberInteligenciaSV seem to be interested in attacking their govenment Government ...

I'm not familiar with this groups or any hacking groups, but I will speculate that they:

1. hate the government of El Salvador, specially their President for being a crypto friendly
2. this groups are being back up by some people who wanted to bring down the government
3. maybe they want to attack Chivo itself
4. for black mail and extortion

In any case, just like in any other hacks, perhaps Chivo will have to upgrade their security and not let this happen again.
sr. member
Activity: 476
Merit: 299
Learning never stops!
Leak of Chivo Bitcoin ATMs code in Elsavador

After leaking the entire database of Chivo users in early April, the hacker group CiberInteligenciaSV started releasing the wallet’s code.


Unedited  directly  from https://cointelegraph.com/news/el-salvador-hacks-leak-state-bitcoin-wallet

This sorce codes also  includes the  .bat,.exe, .txt......
The group  of hackers CiberInteligenciaSV seem to be interested in attacking their govenment Government ...
Jump to: