Worldcoin has “No Vulnerabilities,” Claims New Audit

After a major security breach exposed user data, Worldcoin responded with comprehensive audits by the Nethermind and Least Authority.

Man in lab coat examining an eyeball robot on a low poly planet.
Created by Gabor Kovacs from DailyCoin
  • Worldcoin underwent security audits by Nethermind and Least Authority. 
  • The audits identified several issues, with the majority resolved promptly. 
  • Earlier, hackers utilized password-stealing malware to compromise Worldcoin Orbs.

The cryptocurrency sector continually struggles with the unique security challenges of distributed systems. Worldcoin, a project co-founded by Sam Altman, has had its own share of challenges, including a major data breach in 2023. 

Since then, the Worldcoin protocol has undergone a major security audit, covering its smart contracts, cryptographic constructs, and overall resilience against attacks. The findings from these audits, now made public, reveal the strengths and areas for improvement.

Worldcoin’s Third-Party Audit Results: No Vulnerabilities Found

On Friday, May 15, Worldcoin released the results of a third-party audit, which it underwent after a critical data breach incident. The breach, reported in May 2023, allowed unauthorized access to the Worldcoin operator dashboard, posing severe risks to the platform’s data integrity and user privacy.


The security audits covered various aspects, from the implementation correctness to resistance to DDoS attacks and potential vulnerabilities that could lead to adversarial actions. Nethermind’s audit focused on the smart contracts integral to Worldcoin, identifying 26 items for review. 

Following the verification stage, 92.6% of these were addressed and resolved. Least Authority’s audit honed in on the protocol’s cryptographic elements, identifying three main issues and offering six recommendations, all of which have been acted upon or scheduled for resolution.

Worldcoin Data Breach Incident

In May 2023, hackers targeted Worldcoin Orb operators with password-stealing malware, gaining unauthorized access to the Worldcoin operator dashboard. This breach was particularly concerning due to the sensitive nature of the data involved, including biometric information.


Following the breach, Worldcoin commissioned comprehensive security audits from Nethermind and Least Authority. Starting in April 2023, these audits aimed to thoroughly examine Worldcoin’s security measures, including its cryptographic constructs, smart contracts, and overall resilience against attacks.

On the Flipside

  • In early March, Spain blocked Worldcoin as a precaution against data breaches and identity fraud. In response, Worldcoin brought legal action against the order. 
  • While third-party companies have led the audits, it is important to note that Worldcoin paid for them. This raises questions about the potential bias in the results. 

Why This Matters

Worldcoin aims to create a universally accepted digital ID, underlining the critical need for robust protection against breaches and unauthorized access. Any questions about data security undermine their goal. 

Read more about Worldcoin’s legal troubles: 

Spain Blocks Worldcoin as a “Precautionary Measure”

Read more about Craig Wright’s latest lawsuit: 

Why Craig Wright’s Satoshi Claim Looks Bleak

This article is for information purposes only and should not be considered trading or investment advice. Nothing herein shall be construed as financial, legal, or tax advice. Trading forex, cryptocurrencies, and CFDs pose a considerable risk of loss.

David Marsanic

David Marsanic is a journalist for DailyCoin who covers the intersection of crypto, traditional finance, and government. He focuses on institutionalized crypto entities like major cryptocurrency exchanges and Solana, breaking down complex topics into easy-to-understand writing. David's prior experience as a business journalist at various crypto and traditional news sites has enabled him to maintain a critical approach to news while adhering to high journalistic integrity standards.