Oddbean new post about login | logout Ooof this is bad. A 144 GB database full of personal information about adult El Salvador residents was leaked. There are unconfirmed rumors that this leak stems from Chivo, the bitcoin wallet offered by the El Salvadorian state. Always remember that KYC is the illicit activity. https://protos.com/hacker-doxxes-nearly-every-adult-in-el-salvador/
KYC IS THE ILLICIT ACTIVITY nostr:note1dgwfwrwz8kvnanmym7tfsywgxl6es4ycju3vumpyh0je4q36ecnsptfwlw
I don't know if Atlas21 is a trustworthy website but they also have an article on this https://atlas21.com/hacker-publishes-data-of-almost-the-entire-population-of-el-salvador/
Yes, Atlas21 is a trustworthy Bitcoin-oriented website! The guy who founded it is a brilliant journalist!
Who is he?
I'm pretty convinced that omw of the founders and main journalists is Feferico Rivi, italian guy.
You are correct https://bitcoinmagazine.com/authors/federico-rivi
Hey. Yep I’m behind Altas21. The rumor is unconfirmed yet but honestly it’s very difficult to define it only as a “rumor”. The day after the news came out, someone published a script to try a brute force attack with the password “123456” on Chivo’s server. The script works and the server responds. The timing is suspect, at least.
Is it really a brute force if the only password they use is 123456 and it's directed against one server? I read that people correlated the information with whatever information you need to sign up with Chivo but I also find that odd, won't most applications (especially banking related) collect mostly the same data? I'll call it a rumor until someone can prove that it came from Chivo's database. Also, looks like you need a link to your nostr profile here: https://atlas21.com/author/federico-rivi/
There’s also another coincidence: the number of Chivo’s downloads and the the number of people involved in the data leak. In my country they say: “three coincidences make a proof”, which is obviously not true, but it’s at least highly, highly, highly suspicious.
New evidence came out last night https://atlas21.com/el-salvador-group-of-hackers-publishes-chivo-wallet-atm-code/
Thanks for keeping us updated🤙
Update: Chivo responded but didn’t provide actual answers. https://atlas21.com/chivo-our-users-data-are-safe/
If you trust your Government you're gonna have a bad time
No, I’m completely confident that all of the companies forced to collect my PI are totally secure, fully competent, and every single employee has my best interest at heart. 🤣
Unfortunately it had to be expected that something like this would happen nostr:nevent1qqsx58yhphprmxf7eajdl95cz8yr0avc2jvfwgkwdsjthev6sgavufcpzpmhxue69uhkummnw3ezuamfdejsyg9j6ecdu5ajw6gups6qqgjmvhp45fksvzfme3qlfrluw8sfqluafgpsgqqqqqqsgrdavr
I'd venture to assume that the biggest problem with custodial solutions isn't necessarily an internal rugging but the fact that its a central point of failure. Your custodial funds are just one password away from being compromised. nostr:nevent1qqsx58yhphprmxf7eajdl95cz8yr0avc2jvfwgkwdsjthev6sgavufcpz3mhxue69uhhyetvv9ujuerpd46hxtnfdupzpvkkwr098vnkj8qvxsqzykm9cddzd5rqjw7vg86gllr3uzg8l822qvzqqqqqqyzkglmj
KYC = breach of public trust (look that up in a blacks law dictionary, breach of trust is a very very serious offense) nostr:nevent1qvzqqqqqqypzpvkkwr098vnkj8qvxsqzykm9cddzd5rqjw7vg86gllr3uzg8l822qyghwumn8ghj7mn0wd68ytnhd9hx2tcpzemhxue69uhk2er9dchxummnw3ezumrpdejz7qpqdgwfwrwz8kvnanmym7tfsywgxl6es4ycju3vumpyh0je4q36ecnsgm05xq
You'll learn to appreciate Monero's total delisting from CEX. Where's no data there are no data breaches
https://www.google.com/amp/s/www.theblock.co/amp/post/290523/el-salvador-bitcoin-wallet-suffers-source-code-vpn-access-leak
"[..] leaked on Tuesday snippets of the wallet's source code". Isn't this wallet open sourced on Github by Galoy? Or am I mixing them up?
They didn't even anonymize or mask the data, or archive anything. Absolutely idiotic. And they had all sorts of data they didn't have any possible use for.
Another proof you can’t trust a government even if it’s pro-bitcoin…
I can't believe Chico is this old and nobody secured the data set.
Afaik using Chivo is not even mandatory there… One can use Strike or any other wallet. This probably shows the downside of having a popular president who receives a lot of trust - people install and use whatever he recommends…
I think they got the data from the registry office to send everyone the initial $30.
It would be hilarious if it wasn’t so sad.
The thing that upsets me most is that none of the articles seem to think it's weird that it's even possible to leak this data. They all think the leak is the problem, not the data collection, handling, and complete lack of information security. I bet anyone working on this database could see all this data. 😱
No download links. Fake. 👎 You should be ashamed.
😂
Why are people these days so afraid of this info being public? Used to have everyone's phone, address, and name in giant yellow books.
Which yellow book contained SSN's?
For that, you just needed to raid mailboxes.
This is awesome, it just proves KYC isn't the way to go. Unfortunately, at the cost of the el Salvadoran
