In a significant cybersecurity development, the source code for the software running El Salvador’s government-operated Chivo bitcoin ATMs has been leaked by a hacker.
The leaked materials include .exe, .txt, .bat, and .reg files, shedding light on the inner workings of the infrastructure behind President Nayib Bukele’s pet project.
The administration had outsourced the development and maintenance of Chivo’s infrastructure to third-party contractors from various countries. Notably, Chivo has been linked to Athena Bitcoin Global, a pink sheet stock trading on the US OTC market.
Despite a surge in Athena’s value during Bukele’s Chivo announcements in 2011, the stock’s current trading price is less than $0.10. Other contractors, including ROI Developers (also known as Accruvia), have faced legal disputes, with Athena being sued over alleged non-payment. Eventually, AlphaPoint assumed control after Athena’s involvement with Chivo ceased.
Chivo ATMs and wallet hacker leaks
This breach is not an isolated incident but rather part of a pattern of security lapses involving Chivo and related government systems. In 2021, during Chivo’s launch, widespread misuse of credentials led to individuals opening multiple accounts to claim signup bonuses. More recently, a hacker leaked over 5 million high-resolution facial photos of nearly all adult Salvadorans, alongside detailed contact information.
Additionally, a hacking group known as CiberInteligenciaSV has been releasing various data dumps, including 800,000 license plates with associated vehicle and owner details, 96,000 pregnancy records, and 6,500 government customer records.
These successive breaches underscore the urgent need for bolstered cybersecurity measures to safeguard sensitive data and protect citizens’ privacy in El Salvador’s digital landscape.
Nosisnews has tried reaching out to get more insight on this but their communication avenues are out of touch