Chivo Wallet, the embattled crypto wallet sponsored by the government of El Salvador, appears to be the subject of another large-scale security breach, as a hacking group released snippets of the wallet’s source code on a public forum.
On Tuesday, the cybercrime group known as CiberInteligenciaSV leaked part of the source code and VPN credentials of the Chivo Wallet Bitcoin ATM network on black hat hacking crime forum BreachForums.
“This time I bring you the code that is inside the Bitcoin Chivo Wallet ATMs in El Salvador, remember that it is a government wallet, and as you know, we do not sell, we publish everything for free for you,” wrote the hacker group.
Prior to the hack, the group told members of their Telegram channel that they intended to release part of Chivo’s source code “unless the government snoops and wants to talk,” suggesting the release was some kind of retaliation against El Salvador’s government, although the nature of the hackers demands from them remains unclear at the time of writing.
The latest breach comes after the same group released the personal data of approximately 5.1 million Salvadorans — a database that was linked to the Chivo Wallet, according to a report from Bitcoin.com earlier this month.
That database held over 144 gigabytes of data and contained the full name, unique identity number, date of birth, address, telephone, email, and a high-definition picture of every citizen included in it.
The El Salvador government’s woes with respect to the Chivo Wallet, however, date back even further than the latest security breaches. When Chivo was first launched in 2021, some of the country’s citizens stole other people’s credentials to open multiple different accounts and claim a $30 signup bonus that was on offer.
The wallet’s rollout was, in itself, far from smooth, with a number of users reporting downtime and download issues, prompting the government to take the system down for five hours and implement upgrades to the wallet.
A research paper published by economists from the National Bureau of Economic Research in April 2022 found that the majority of Chivo’s users had abandoned the wallet shortly after its launch.
At the time of writing, the El Salvador government has not issued any statements in regards to the Chivo Wallet security breach.