August 3, 201823min688

McAfee’s ‘Unhackable’ Bitcoin Wallet Allegedly Hacked

John McAfee’s Bitfi bitcoin wallet has allegedly been hacked after its creator issued a $250,000 hacking challenge. Bitfi, which has marketed the wallet as “unhackable,” alongside promoter John McAfee has not yet responded to a post from security research group OverSoftNL, where it claimed to have obtained root access.

Accusations and Speculation

The tweet at the center of the furor was posted yesterday, Aug. 1 by Oversoft, and it read:

“Short update without going into too much detail about BitFi: We have root access, a patched firmware and can confirm the BitFi wallet still connect happily to the dashboard. There are NO checks in place to prevent that like claimed by BitFi.”

OverSoft@OverSoftNL

Short update without going into too much detail about BitFi:

We have root access, a patched firmware and can confirm the BitFi wallet still connect happily to the dashboard.

There are NO checks in place to prevent that like claimed by BitFi.

Bitfi did not immediately respond to the tweet but later appeared to make reference to it in a subsequent post at 8:18 PM.

Bitfi@Bitfi6

Dear friends, we’re announcing second bounty to help us assist potential security weaknesses of the Bitfi device. We would greatly appreciate assistance from the infosec community, we need help. Here are the bounty conditions: https://bitfi.com/bounty2  Thank you, Daniel Khesin CEO

In a subsequent tweet on the same thread, Oversoft then accused Bitfi of using its $250,000 bounty as a marketing ploy, hinting that it would not hand over any information about security weaknesses just yet.

OverSoft@OverSoftNL

They deny anything that’s not exactly according to their bounty rules, aka: they will never pay a bounty. It’s pure marketing.

Bitfi Controversy

Much like its promoter, Bitfi has made a bit of a reputation as a bold, daring ,and sometimes brash self-promoter, repeatedly claiming that the hardware wallet is unhackable and even promising a cash bounty to anyone that could successfully hack it.

From $100,000, this bounty quickly went up to $250,000 as John McAfee ratcheted up the rhetoric in response to criticism from security researchers. For added measure, Bitfi then made sure to specify that the bounty was not intended to help it identify security vulnerabilities, maintaining that its claim of being “unhackable” was absolute.

A war of words then broke out between Bitfi and a series of security researchers who one after the other, picked holes in Bitfi’s claims. Notably, Ryan Castellicco was quoted as saying that Bifi is “a cheap stripped down Android phone” that he would “strongly advise against using.”

Another set of researchers then accused Bifi of harboring questionable apps on its device including Chinese search engine Baidu and the Adups malware, both of which they said regularly “called home.”

In response, Bitfi issued a comprehensive denial of these claims, accusing Oversoft of working for its competitors and reiterating its $250,000 bounty.

Yesterday however, Oversoft seemed to indicate that they have evidence to back up their claims, mentioning that the apps in question actually monitor and report on users, contrary to what Bitfi stated.

OverSoft@OverSoftNL

PS output as root:https://pastebin.com/qs1pyPs6 

OverSoft@OverSoftNL

Btw, you might notice that the Baidu location tracker and the Adups service are both actually running…

Not just being used for “pinging” like BitFi said…

In the event that the Bitfi wallet has been hacked, it remains to be seen what that would mean for Bitfi and McAfee, both of whom had yet to respond as of press time.


About us

We are the new economy news hub. 2100NEWS is the professional index, data, and tools provider in the digital asset space, offering Crypto Market Intelligence, providing the perspective you can trust and equipping you with information edge you need to stay ahead. (Real-time data of token issuers and news, analysis and commentary from community.) We are very excited to contribute to the evolution of the industry and build an ecosystem around our offering (the institutional-grade data infrastructure required to enable institutional investments in digital assets). We want our contributions (Contents and Tools on 2100NEWS.com) to be useful for helping investors.


CONTACT US

CALL US ANYTIME



Latest posts



Newsletter


    • ethereumEthereum (ETH) $ 3,574.20 1.43%
    • litecoinLitecoin (LTC) $ 94.66 0.94%