Bitfi removes unhackable claim from crypto wallet

Bitfi struck the ridiculous unhackable claim from its crypto wallet, while Bitfi backer John McAfee taunts hacker with offer of $20 million for hack.

Bitfi removes unhackable claim from crypto wallet
Metamorworks / Getty Images

I’m so surprised the unhackable Bitfi wallet was hacked — said no one ever. While this was not even the first time the $120 hardware wallet was hacked, it was enough for Bitfi to strike the “unhackable” claim from its website.

Bitfi wallet backer and big mouthpiece John McAfee, however, still claims the cryptocurrency wallet is unhackable and went so far as to offer $20 million to one particular hacker if he can hack McAfee’s wallet.

A month ago, McAfee upped the bounty for hacking the “unhackable” wallet from $100,000 to $250,000. That bounty, which many in the security community deemed a sham, specified that a hack counted only if someone got the coins off the “cut-down Android phone” wallet. Bitfi refused to pay researchers who did hack the device, claiming the attacks didn’t meet the bounty conditions. It wasn’t horribly surprising that Bitfit won the PwnieAward for “Lamest Vendor Response.”

Security researchers such as Pen Test Partners’ Andrew Tierney kept finding ways to hack Bitfi, and Bitfi kept finding ways to deny them the promised bounty payout.

The latest Bitfi hack

The newest hack of Bitfi, a cold boot attack, was pulled off by 15-year-old Saleem Rashid, who previously turn Bitfi into a Doom gaming console. Rashid is part of a team of security researchers going by “THCMKACGASSCO.”

Despite Bitfi having been hammered and exploited many times, Bitfi finally backed off its “unhackable” claim shortly after Rashid posted video proof of the hack on Twitter.

Bitfi issued a statement that it would remove the “unhackable” claim from its branding as it “caused a significant amount of controversy.” The company didn’t stop there; it hired “an experienced Security Manager, who is confirming vulnerabilities that have been identified by researchers.” After confirmation, the flaws are allegedly to be publicly announced and addressed.

Additionally, Bitfi closed the “current bounty programs that have caused understandable anger and frustration among researchers.” It further claimed that a “conventional bounty program” would be launched via Hacker One.

Despite that promise, Hacker One CEO Mårten Mickos said Bitfi had not yet initiated any communication about launching a bounty program.

McAfeee offers Tierney $20 million to hack Bitfi

John McAfee, however, seems incapable of clamping his mouth shut. He zeroed in on Tierney, aka @cybergibbons, taunting him to accept a $20 million challenge to hack McAfee’s Bitfi wallet. The strings attached seem pretty creepy: McAfee said he would pay Tierney’s way to the United States where Tierney would stay at McAfee’s house. If Tierney can get the $20 million in cryptocurrency off McAfee’s Bitfi wallet, then the money is his. McAfee claims Tierney won’t accept, since “Bitfi is unhackable.”

McAfee’s challenge has been made into a Hitler video.

Copyright © 2018 IDG Communications, Inc.

Make your voice heard. Share your experience in CSO's Security Priorities Study.