Yona Gushiken
A hacking group known for its cyberattacks on organizations and governments has once again thrust itself into the spotlight with a daring maneuver that captured global attention. This time, CiberInteligenciaSV leaked what it said was a portion of the source code and VPN credentials of Chivo Wallet, El Salvador’s state-operated Bitcoin wallet.
Breach And Dump
The saga started with a threatening declaration earlier this week on the group’s Telegram channel: “We will release part of the source code and VPN access belonging to Chivo Wallet, for free as always, unless any government snoops want to talk, I’ll leave our username here.”
With that ominous preamble, CiberInteligenciaSV dropped a file named Codigo.rar, containing the coveted data, which includes exe, .txt, .bat, and .reg files, for the software used within the state-maintained Chivo bitcoin ATMs.
The move was bold, yet characteristic of a collective known for its brazen cyberattacks on both organizations and governments. But its reach didn’t stop at Telegram. On the infamous black hat hacking forum, BreachForums, the hacking group expanded its audience, sharing a tantalizing glimpse into the inner workings of El Salvador’s digital financial infrastructure.
“This time I bring you the code that is inside the Bitcoin Chivo Wallet ATMs in El Salvador,” CiberInteligenciaSV proclaimed. “Remember that it is a government wallet, and as you know, we do not sell, we publish everything for free for you.”
In response to the leak, Chivo Wallet posted on X: “In regard to the fake news circulating in news outlets and on social media, we wish to inform:
Our users’ data is protected and CHIVO security has not been breached. The information recently leaked is from a single CHIVO ATM located in the department of San Miguel that was stolen on March 21, 2023. One individual accessed information related exclusively to that ATM’s operations.
This leak contains no personal data, and it does not put any of the confidential information from our wallet at risk.”
When contacted, CiberInteligenciaSV called its actions a form of political protest against what it called the country’s path toward authoritarianism under President Nayib Bukele. Read the exclusive interview here.
A Pattern of Breaches
El Salvador’s Chivo and ID systems have been plagued by major breaches repeatedly. Notably, during Chivo’s launch in 2021, numerous Salvadorans exploited vulnerabilities that allowed to pilfer other residents’ credentials, enabling them to open multiple accounts and claim numerous $30 signup bonuses.
More recently, a hacker disclosed over 5 million high-resolution facial photos of nearly every adult in El Salvador, along with comprehensive contact details.
Adding to the distress, a local publication in El Salvador revealed that CiberInteligenciaSV has been orchestrating a series of data dumps on Salvadorans for weeks. These breaches encompass a wide range of sensitive information, including 800,000 license plates with associated vehicle and owner details; 96,000 pregnancy records; 6,500 government customer records; and various other alarming breaches.
This latest breach adds another chapter to the storied history of CiberInteligenciaSV.
Chivo’s Troubled Partnerships
Chivo’s connections extend to Athena Bitcoin Global, a company listed on the U.S. OTC market. Notably, Athena’s stock experienced a surge from $0.20 to $46.50 following Bukele’s Chivo announcements in 2021. However, its current trading value has plummeted to less than $0.10.
Among other third-party contractors involved, ROI Developers, also known as Accruvia, filed a lawsuit against Athena for purported non-payment. This dispute led to Athena’s cessation of work on Chivo. Subsequently, AlphaPoint, which has affiliations with several defunct cryptocurrency exchanges, assumed control of the project.
It is worth noting that while the hacking group’s actions reverberated throughout El Salvador’s digital landscape, the government’s response has been conspicuously muted. This silence was a deafening contrast to the boisterous tweets from the country’s president, who has been quick to tout the profits from Bitcoin holdings.
(This article was updated to include the response from Chivo Wallet and CiberInteligenciaSV.)
