Worldcoin, the controversial cryptocurrency project that uses iris scans to verify users’ identity, has released security audit reports claiming most issues found during audits have been resolved ahead of its launch.
The startup announced on July 28 that it had undergone security audits by two firms, Nethermind and Least Authority. According to Worldcoin, Nethermind found 26 issues in its audit, of which 24 were marked as “fixed” and 2 were mitigated or acknowledged. Least Authority found 3 issues and made 6 suggestions, all of which have now been resolved.
The audits covered a range of security topics including DDoS resistance, implementation errors, key storage, data leaks and information integrity. Some issues stemmed from Worldcoin’s use of dependencies like Semaphore and Ethereum.
Worldcoin posted summaries of the audit reports on its GitHub page and in a tweet, saying:
“Learn more about the results of two separate security audits of the Worldcoin protocol, performed by @NethermindEth & @LeastAuthority.”
The announcements come as Worldcoin faces intense criticism over its plans to collect iris scans from hundreds of millions of users to create “digital passports” for its cryptocurrency. Privacy advocates have slammed the project, questioning the necessity of biometrics and raising concerns about data security.
However, Worldcoin co-founder Sam Altman argues that experimenting with technologies to address societal issues is important. He says Worldcoin aims to tackle the “bot problem” by verifying users’ identity, potentially enabling services like universal basic income where only “real people” would qualify.
In summary, though Worldcoin’s project remains controversial, the security audit reports suggest the startup is making efforts to address issues prior to its full launch. However, privacy experts continue to argue that iris scans represent an unnecessary invasion of privacy, and that Worldcoin must provide more transparency around data storage, security and usage to gain public trust.
