• United States



Bitfi removes unhackable claim from crypto wallet

Sep 02, 20184 mins

Bitfi struck the ridiculous unhackable claim from its crypto wallet, while Bitfi backer John McAfee taunts hacker with offer of $20 million for hack.

FinTech abstract / virtual world of dollars, pounds, euros, bitcoins, etc.
Credit: Metamorworks / Getty Images

I’m so surprised the unhackable Bitfi wallet was hacked — said no one ever. While this was not even the first time the $120 hardware wallet was hacked, it was enough for Bitfi to strike the “unhackable” claim from its website.

Bitfi wallet backer and big mouthpiece John McAfee, however, still claims the cryptocurrency wallet is unhackable and went so far as to offer $20 million to one particular hacker if he can hack McAfee’s wallet.

A month ago, McAfee upped the bounty for hacking the “unhackable” wallet from $100,000 to $250,000. That bounty, which many in the security community deemed a sham, specified that a hack counted only if someone got the coins off the “cut-down Android phone” wallet. Bitfi refused to pay researchers who did hack the device, claiming the attacks didn’t meet the bounty conditions. It wasn’t horribly surprising that Bitfit won the PwnieAward for “Lamest Vendor Response.”

Security researchers such as Pen Test Partners’ Andrew Tierney kept finding ways to hack Bitfi, and Bitfi kept finding ways to deny them the promised bounty payout.

The latest Bitfi hack

The newest hack of Bitfi, a cold boot attack, was pulled off by 15-year-old Saleem Rashid, who previously turn Bitfi into a Doom gaming console. Rashid is part of a team of security researchers going by “THCMKACGASSCO.”

Despite Bitfi having been hammered and exploited many times, Bitfi finally backed off its “unhackable” claim shortly after Rashid posted video proof of the hack on Twitter.

Bitfi issued a statement that it would remove the “unhackable” claim from its branding as it “caused a significant amount of controversy.” The company didn’t stop there; it hired “an experienced Security Manager, who is confirming vulnerabilities that have been identified by researchers.” After confirmation, the flaws are allegedly to be publicly announced and addressed.

Additionally, Bitfi closed the “current bounty programs that have caused understandable anger and frustration among researchers.” It further claimed that a “conventional bounty program” would be launched via Hacker One.

Despite that promise, Hacker One CEO Mårten Mickos said Bitfi had not yet initiated any communication about launching a bounty program.

McAfeee offers Tierney $20 million to hack Bitfi

John McAfee, however, seems incapable of clamping his mouth shut. He zeroed in on Tierney, aka @cybergibbons, taunting him to accept a $20 million challenge to hack McAfee’s Bitfi wallet. The strings attached seem pretty creepy: McAfee said he would pay Tierney’s way to the United States where Tierney would stay at McAfee’s house. If Tierney can get the $20 million in cryptocurrency off McAfee’s Bitfi wallet, then the money is his. McAfee claims Tierney won’t accept, since “Bitfi is unhackable.”

McAfee’s challenge has been made into a Hitler video.

ms smith

Ms. Smith (not her real name) is a freelance writer and programmer with a special and somewhat personal interest in IT privacy and security issues. She focuses on the unique challenges of maintaining privacy and security, both for individuals and enterprises. She has worked as a journalist and has also penned many technical papers and guides covering various technologies. Smith is herself a self-described privacy and security freak.