El Salvador’s proprietary ‘Chivo’ Bitcoin wallet officially launched earlier this week, but users have already been struggling with bugs within the app’s interface.
And while most bugs users reported were minor errors when sending Lightning payments, a significant privacy issue was revealed within the app’s code.
Matt Ahlborg, the head of research at BitRefill, pointed out that the lightning invoices generated by Chivo contained the full legal name of the creator of the invoice. This posed a serious threat to the safety of other personal data stored within the app and alarmed many of the wallet’s users on Twitter.
The lightning invoices generated by Chivo contain the full legal name of the creator of the invoice. This to me seems like a privacy issue that should be dealt with. pic.twitter.com/3z39s7NoCO
— Matt Ahlborg (@MattAhlborg) September 7, 2021
Chivo’s development team quickly resolves potentially harmful privacy issue
However, the potentially harmful privacy issue seems to have been resolved in less than 24 hours after being reported on Twitter.
According to Ahlborg, accessing the app’s core code no longer shows the issue and appears to be fixed.
Yesterday I tweeted about a #ChivoWallet privacy issue where the users’ full legal name was being leaked in the LN invoice metadata. It appears to be fixed, and what’s in its place is “Thanks Matt Ahlborg”, which I guess is to show that they saw my tweet.https://t.co/TF0zOy3aYS pic.twitter.com/06AeDTQrPD
— Matt Ahlborg (@MattAhlborg) September 8, 2021
For invoices sent over the Lightning network the ‘Chivo’ app now shows the time of the transaction and a message saying “Thanks Matt Ahlborg.” This was confirmed by dozens of other Twitter users, all of whom reached out to Ahlborg saying the message was features in their receipts.
Ahlborg believes this was a way for the wallet’s development team to acknowledge the issue and show that they have promptly resolved it.
And while many believe this shows El Salvador’s dedication to providing the best payment infrastructure possible, locals have been reporting serious setbacks when using Chivo. According to a report from Local10, Chivo servers have been collapsing since the wallet’s launch as more than a million people tried to download the app.
The President of El Salvador Nayib Bukele addressed the issue on Twitter, calling on citizens to “take it slow” as the country was releasing the app in parts so as to avoid saturating the servers.
Vamos a ir despacio.@GooglePlay es la tienda más usada en El Salvador, por lo que la abriremos por partes y así no saturar los servidores.@chivowallet ya está disponible en @GooglePlay, pero únicamente para todas las versiones del Samsung Galaxy S20 y del Samsung Galaxy S21.
— Nayib Bukele ?? (@nayibbukele) September 8, 2021
Many also experienced issues when trying to spend the $30 government bonus, while hundreds of people reported issues with the Chivo ATMs when trying to exchange dollars for BTC.