cereZ23

My Cat Is Over 18: Why the EU's 2-Minute Hack Is the Least of Your Problems

Paul Moore broke the EU Age Verification App in 120 seconds. The real issue is that fixing it won't help.

---

On April 16, 2026, security consultant Paul Moore posted a video that has since been viewed over 2.6 million times. In it, he opens the EU's newly unveiled Age Verification App, navigates to a file on the device, deletes two values, restarts the app, and sets a new PIN. Total elapsed time: under two minutes. Full access to the credentials inside.

The European Commission had announced the app just two days earlier. President von der Leyen called it "technically ready" and said it "respects the highest privacy standards in the world."

Moore's response:

cereZ23

My Cat Is Over 18: How the EU Age Verification App Falls Apart in 5 HTTP Requests

A technical deep dive into the European Commission's age verification wallet — and why no patch can fix its core problem.

---

On April 14, 2026, European Commission President Ursula von der Leyen unveiled the EU Age Verification App with bold claims: privacy-preserving, portable, open-source, and technically ready. Two days later, UK security consultant Paul Moore bypassed its authentication in under two minutes. Within 48 hours, multiple researchers independently confirmed the findings.

I decided to look deeper — not just at the implementation bugs (those are fixable), but at the architecture. What I found is worse than broken code. It's a broken premise.