I’m so surprised the unhackable Bitfi wallet was hacked…said no one ever ; while it was not even the first time the $120 hardware wallet was hacked, it was enough for Bitfi to strike the “unhackable” claim from its website. Bitfi wallet backer and big mouthpiece John McAfee, however, still claims the cryptocurrency wallet is unhackable and went so far as to offer $20 million to one hacker if he could hack McAfee’s wallet.
BitFi offered $100,000 to anyone who could take the coins from its factory wallet. Hackers complained it was too little, and why should they have to buy the wallet. It increased to $250,000. No takers. I'm now offering $20 mil to one fraudulent hacker - @cybergibbons He refused.
― John McAfee (@officialmcafee) September 1, 2018A month ago, McAfeeupped the bounty for hacking the “unhackable” wallet from $100,000 to $250,000. That bounty, which many in the security community deemed a sham, specified that a hack only counted if someone got the coins off the “cut-down Android phone” wallet. Bitfi refused to pay researchers who did hack the device , claiming the attacks didn’t meet the bounty conditions. It wasn’t horribly surprising that Bitfit won the PwnieAward for “Lamest Vendor Response.”
Although security researchers such as Pen Test Partners’ Andrew Tierney kept finding ways to hack Bitfi, and Bitfi kept finding ways to deny them the promised bounty payout, the newest hack of Bitfi, a cold boot attack , was pulled off by 15-year-old Saleem Rashid who previously turn Bitfi into a Doom gaming console . Rashid is part of a team of security researchers going by “THCMKACGASSCO.”
here's a @Bitfi6 being cold boot attacked by an Android phone. the actual attack takes mere seconds. trivial to Evil Maid it while you're not looking.
the RAM analysis takes over 2 minutes on my phone (only 1GB RAM), but we can dump RAM in 40 seconds :wink:
appropriate :notes: as always pic.twitter.com/uNL5cLlSi6
― Saleem "Unhackable" Rashid (@spudowiar) September 1, 2018
Despite Bitfi having been hammered and exploited many times, Bitfi finally backed off its “unhackable” claim shortly after Rashid posted video proof of the hack on Twitter.
Bitfi issued a statement that it would remove the “unhackable” claim from its branding as it “caused a significant amount of controversy.” The company didn’t stop there; it hired “an experienced Security Manager, who is confirming vulnerabilities that have been identified by researchers.” After confirmation, the flaws are allegedly to be publicly announced and addressed.
Additionally, Bitfi closed the “current bounty programs which have caused understandable anger and frustration among researchers.” It further claimed that a “conventional bounty program” would be launched via Hacker One.
Despite that promise, Hacker One CEO Mrten Mickos said Bitfi had not yet initiated any communication about launching a bounty program.
BitFi has not been in touch with us & there is no conversation going on. There are specific criteria and t&c for any company to qualify to run a program on our platform.
Mrten Mickos (@martenmickos) August 31, 2018John McAfee, however, seems incapable of clamping his mouth shut. He zeroed in on Tierney, aka @cybergibbons , taunting him to accept a $20 million challenge to hack McAfee’s Bitfi wallet. The strings attached seem pretty creepy: McAfee said he would pay Tierney’s way to the States where Tierney would stay at McAfee’s house. If Tierney can get the $20 million in cryptocurrency off McAfee’s Bitfi wallet, then the money is his. McAfee claims Tierney won’t accept since “Bitfi is unhackable.”