The controversial Worldcoin project had a serious security vulnerability, CertiK has disclosed on X (formerly known as Twitter). Worldcoin pays people to become part of its World ID ecosystem by submitting scans of their irises through a device World coin calls an Orb.

According to security platform CertiK, the vulnerability in the vetting process for operators could have allowed an attacker to bypass the verification process and operate an Orb without being interviewed or having a proper ID. “It would not need to be a company,” according to the post