The crypto industry is no stranger to controversy, yet few projects have drawn more scrutiny than Sam Altman’s World, formerly known as Worldcoin.

Promising to verify human uniqueness through iris scans and distribute its WLD token globally, World positions itself as a tool for financial inclusion. However, critics argue the project’s biometric methods are invasive, overly centralized, and at odds with the ethos of decentralization and digital privacy.

At the heart of the critique is the claim that biometric identity systems cannot be truly decentralized when they rely on proprietary hardware, closed authentication methods, and centralized control over data pipelines.

“Decentralization isn’t just a technical architecture,” Shady El Damaty, co-founder of Holonym Foundation, told Cointelegraph. “It’s a philosophy that prioritizes user control, privacy, and self-sovereignty. World’s biometric model is inherently at odds with this ethos.”

El Damaty argued that despite using tools like multiparty computation (MPC) and zero-knowledge (ZK) proofs, World’s reliance on custom hardware — the Orb — and centralized code deployment undermines the decentralization it claims to champion.

“This is by design to achieve their goals of uniquely identifying individual humans. This concentration of power risks creating a single point of failure and control, undermining the very promise of decentralization,” he said.

When reached out for comment, a spokesperson for World pushed back against these claims. “World does not use centralized biometric infrastructure,” they said, adding that the World App is non-custodial, meaning users remain in control of their digital assets and World IDs.

The project said once the Orb generates an iris code, the “iris photo will be sent as an end-to-end encrypted data bundle to your phone and will be immediately deleted from the Orb.” The iris code, they claimed, is processed with anonymizing multiparty computation so “no personal data is stored.”

World’s disclosure regarding personal custody. Source: World

Evin McMullen, co–founder of Privado ID and Billions.Network, said that World’s biometric model is not “inherently incompatible” with decentralization but faces some challenges in implementation around data centralization, trust assumptions, and governance.

Related: Sam Altman’s World raises $135M from Andreessen, Bain, to expand network

A pattern of tech overreach?

El Damaty also drew a parallel between OpenAI’s large-scale scraping of “unconsented user data” and World’s collection of biometric information.

He argued that both reflect a pattern of aggressive data acquisition framed as innovation, warning that such practices risk eroding privacy and normalizing surveillance under the banner of progress.

“The irony here is hard to miss,” El Damaty claimed. “OpenAI built its foundation by scraping vast amounts of unconsented user data to train its models, and now Worldcoin is taking that same aggressive data acquisition approach into the realm of biometric identity.”

In 2023, a class-action lawsuit filed in California accused OpenAI and Microsoft of scraping 300 billion words from the internet without consent, including personal data from millions of users, such as children.

In 2024, a coalition of Canadian media outlets, including The Canadian Press and CBC, sued OpenAI for allegedly using their content without authorization to train ChatGPT, claiming copyright infringement.

ChatGPT storing personal information against its claims. Source: Sandi Fatic

World, however, rejects this comparison, emphasizing that it is a separate entity from OpenAI. The company said that it neither sells nor stores personal data, citing its use of privacy-preserving technologies such as multiparty computation and zero-knowledge proofs.

The scrutiny also extends to World’s user onboarding. The project says it ensures informed consent through translated guides, an in-app Learn module, brochures, and a Help Center.

However, critics remain skeptical. “People in developing nations, who World… has mainly been targeting up until this point, are easier to bribe and often don’t understand the risks involved with ‘selling’ this personal data,” El Damaty warned.

Several global regulators have pushed back on World’s operations since its launch in July 2023, with governments like Germany, Kenya and Brazil expressing concerns over potential risks to the security of users’ biometric data.

In the most recent setback, the company faced challenges in Indonesia after local regulators temporarily suspended its registration certificates on May 5.

Related: ‘Humans can tell when it’s a human’ — Community mocks Worldcoin’s Orb Mini

The risk of digital exclusion

As biometric systems like World’s gain traction, questions are emerging about its long-term implications. While the company promotes its model as inclusive, critics say the reliance on iris scans to unlock services could deepen global inequality.

“When biometric data becomes a prerequisite for accessing basic services, it effectively creates a two-tiered society,” said El Damaty. “Those willing (or coerced) into giving up their most sensitive information gain access… while those who refuse… are excluded.”

World maintained that its protocol does not require biometric enrollment for basic participation. “You can still use an unverified World ID for some purposes even if you do not visit an Orb,” it said, adding that the system uses ZKPs to prevent linking actions back to any specific ID or biometric data.

There are also concerns that World could become a surveillance tool — especially in authoritarian regimes — by centralizing biometric data in a way that may attract misuse by powerful actors.

World dismisses these claims, asserting that its ID protocol is “open source, permissionless,” and designed so even government applications cannot tie back a user’s activity to their biometric data.

The debate also extends to governance. While World says its protocol is moving toward greater decentralization — highlighting open-source contributions and the governance section of its white paper — critics argues that meaningful user ownership is still lacking.

“We need to build systems that allow individuals to prove their humanity without creating centralized repositories of biometric or personal data,” said El Damaty. “This means embracing zero-knowledge proofs, decentralized governance, and open standards that empower individuals, not corporations.”

Related: Sam Altman’s eye-scanning crypto project World launches in US

The need for secure identity systems

The urgency behind developing secure identity systems isn’t without merit. As artificial intelligence grows more sophisticated, the lines between human and non-human actors online are blurring.

“Risks at the nexus of AI and identity are not limited to any one kind of government system or region,” Privado ID’s McMullen said. She claimed that without reliable verification for both humans and AI agents, digital ecosystems face growing threats—from misinformation and fraud to national security vulnerabilities.

“This is a national security nightmare, where unaccountable, unverifiable non-human actors may now be able to engage with global systems and networks, and legacy systems are not built for these types of verification and contextual logic,” McMullen added.

Magazine: Bitcoin bears eye $69K, CZ denies WLF ‘fixer’ rumors: Hodler’s Digest, May 18 – 24

AI agents in crypto are increasingly embedded in wallets, trading bots and onchain assistants that automate tasks and make real-time decisions.

Though it’s not a standard framework yet, Model Context Protocol (MCP) is emerging at the heart of many of these agents. If blockchains have smart contracts to define what should happen, AI agents have MCPs to decide how things can happen.

It can act as the control layer that manages an AI agent’s behavior, such as which tools it uses, what code it runs and how it responds to user inputs.

That same flexibility also creates a powerful attack surface that can allow malicious plugins to override commands, poison data inputs, or trick agents into executing harmful instructions.

Amazon- and Google-backed Anthropic dropped MCP on Nov. 25, 2024, to connect AI assistants to data systems. Source: Anthropic

MCP attack vectors expose AI agents’ security issues

According to VanEck, the number of AI agents in the crypto industry had surpassed 10,000 by the end of 2024 and is expected to top 1 million in 2025.

Security firm SlowMist has discovered four potential attack vectors that developers need to look out for. Each attack vector is delivered through a plugin, which is how MCP-based agents extend their capabilities, whether it’s pulling price data, executing trades or performing system tasks.

Data poisoning: This attack makes users perform misleading steps. It manipulates user behavior, creates false dependencies, and inserts malicious logic early in the process.

JSON injection attack: This plugin retrieves data from a local (potentially malicious) source via a JSON call. It can lead to data leakage, command manipulation or bypassing validation mechanisms by feeding the agent tainted inputs.

Competitive function override: This technique overrides legitimate system functions with malicious code. It prevents expected operations from occurring and embeds obfuscated instructions, disrupting system logic and hiding the attack.

Cross-MCP call attack: This plugin induces an AI agent to interact with unverified external services through encoded error messages or deceptive prompts. It broadens the attack surface by linking multiple systems, creating opportunities for further exploitation.

Sequence diagram showing potential cross-MCP attack vectors and risk points. Source: SlowMist

These attack vectors are not synonymous with the poisoning of AI models themselves, like GPT-4 or Claude, which can involve corrupting the training data that shapes a model’s internal parameters. The attacks demonstrated by SlowMist target AI agents — which are systems built on top of models — that act on real-time inputs using plugins, tools and control protocols like MCP.

Related: The future of digital self-governance: AI agents in crypto

“AI model poisoning involves injecting malicious data into training samples, which then becomes embedded in the model parameters,” co-founder of blockchain security firm SlowMist “Monster Z” told Cointelegraph. “In contrast, the poisoning of agents and MCPs mainly stems from additional malicious information introduced during the model’s interaction phase.” 

“Personally, I believe [poisoning of agents] threat level and privilege scope are higher than that of standalone AI poisoning,” he said.

MCP in AI agents a threat to crypto

The adoption of MCP and AI agents is still relatively new in crypto. SlowMist identified the attack vectors from pre-released MCP projects it audited, which mitigated actual losses to end-users. 

However, the threat level of MCP security vulnerabilities is very real, according to Monster, who recalled an audit where the vulnerability may have led to private key leaks — a catastrophic ordeal for any crypto project or investor, as it could grant full asset control to uninvited actors.

Crypto developers may be new to AI security, but it’s an urgent issue. Source: Cos

“The moment you open your system to third-party plugins, you’re extending the attack surface beyond your control,” Guy Itzhaki, CEO of encryption research firm Fhenix, told Cointelegraph.

Related: AI has a trust problem — Decentralized privacy-preserving tech can fix it

“Plugins can act as trusted code execution paths, often without proper sandboxing. This opens the door to privilege escalation, dependency injection, function overrides and — worst of all — silent data leaks,” he added. 

Securing the AI layer before it’s too late

Build fast, break things — then get hacked. That’s the risk facing developers who push off security to version two, especially in crypto’s high-stakes, onchain environment.

The most common mistake builders make is to assume they can fly under the radar for a while and implement security measures in later updates after launch. That’s according to Lisa Loud, executive director of Secret Foundation.

“When you build any plugin-based system today, especially if it’s in the context of crypto, which is public and onchain, you have to build security first and everything else second,” she told Cointelegraph.

SlowMist security experts recommend developers implement strict plugin verification, enforce input sanitization, apply least privilege principles, and regularly review agent behavior.

Loud said it’s “not difficult” to implement such security checks to prevent malicious injections or data poisoning, just “tedious and time consuming” — a small price to pay to secure crypto funds.

As AI agents expand their footprint in crypto infrastructure, the need for proactive security cannot be overstated. 

The MCP framework may unlock powerful new capabilities for those agents, but without robust guardrails around plugins and system behavior, they could turn from helpful assistants into attack vectors, placing crypto wallets, funds and data at risk.

Magazine: Crypto AI tokens surge 34%, why ChatGPT is such a kiss-ass: AI Eye

Key takeaways:

HYPE is mirroring Solana’s 2021 breakout structure, targeting a 240% rally by July.

Familiar crypto fractals suggest HYPE could spark similar momentum-driven hype.

Hyperliquid’s native token, HYPE, is mirroring a strikingly similar price structure to Solana’s (SOL) early 2021 breakout—one that preceded a 300% rally.

HYPE chart fractal targets 240% rally by July

In January 2021, Solana broke out from a prolonged consolidation phase just as marketwide interest began accelerating.

The breakout, highlighted by a decisive flip above key Fibonacci retracement levels, triggered a vertical rally that saw SOL jump to the 4.618 Fib retracement line at around $19 from roughly $4.90 in under two months, marking a 291% surge.

SOL/USD daily price chart. Source: TradingView

Fast forward to May 2025, HYPE’s daily chart is showing the same bullish structure following its 270% rebound from $10 lows in April, aligning with its 0.0 Fibonacci retracement line.

On May 23, HYPE broke above its 1.0 Fibonacci retracement level (~$35.88), echoing the early stages of SOL’s explosive run in 2021.

HYPE/USD daily price chart. Source: TradingView

Moreover, the relative strength index (RSI) for HYPE has entered deeply overbought territory (above 84), which, while suggesting caution in the short term, also underscores the strength of the current momentum, much like Solana’s RSI profile during its 2021 breakout.

If HYPE continues to follow this fractal, the 1.618 Fibonacci extension level near $51.68 appears to be the next logical target. Beyond that, the 4.618 level at around $128 could mark the peak of this potential rally, a 240% move from its recent breakout zone near $35.

Hyperliquid is like Solana and FTX combined — analyst

Popular analyst and commentator Ansem highlights that Hyperliquid’s vision is very similar to what Solana and FTX aimed to build during their early partnership: a high-performance, low-cost crypto trading experience.

He argues that, unlike FTX’s centralized architecture, Hyperliquid is fully onchain.

Source: X/Ansem

Nearly 97% of all trading revenue goes directly back to HYPE tokenholders, Ansem noted, adding that such fundamentals will assist the Hyperliquid token to reach “all-time highs soon.”

Psychologically, traders are often drawn to familiar and previously successful patterns.

In 2017, Ether (ETH) mirrored Bitcoin’s (BTC) 2013 arc almost identically, from the parabolic blow-off top to the retracement and range-bound recovery phase.

BTC/USD and ETH/USD fractal comparison chart. Source: TradingView

When traders recognize that HYPE could be repeating Solana’s 2021 trajectory visually and fundamentally, it may reinforce bullish conviction and draw in speculators hoping to catch the next “Solana” moment.

This article does not contain investment advice or recommendations. Every investment and trading move involves risk, and readers should conduct their own research when making a decision.