John McAfee’s Bitfi bitcoin wallet has allegedly been hacked after its creator issued a $250,000 hacking challenge. Bitfi, which has marketed the wallet as “unhackable,” alongside promoter John McAfee has not yet responded to a post from security research group OverSoftNL, where it claimed to have obtained root access.
Accusations and Speculation
The tweet at the center of the furor was posted yesterday, Aug. 1 by Oversoft, and it read:
“Short update without going into too much detail about BitFi: We have root access, a patched firmware and can confirm the BitFi wallet still connect happily to the dashboard. There are NO checks in place to prevent that like claimed by BitFi.”
Bitfi did not immediately respond to the tweet but later appeared to make reference to it in a subsequent post at 8:18 PM.
In a subsequent tweet on the same thread, Oversoft then accused Bitfi of using its $250,000 bounty as a marketing ploy, hinting that it would not hand over any information about security weaknesses just yet.
Much like its promoter, Bitfi has made a bit of a reputation as a bold, daring ,and sometimes brash self-promoter, repeatedly claiming that the hardware wallet is unhackable and even promising a cash bounty to anyone that could successfully hack it.
From $100,000, this bounty quickly went up to $250,000 as John McAfee ratcheted up the rhetoric in response to criticism from security researchers. For added measure, Bitfi then made sure to specify that the bounty was not intended to help it identify security vulnerabilities, maintaining that its claim of being “unhackable” was absolute.
A war of words then broke out between Bitfi and a series of security researchers who one after the other, picked holes in Bitfi’s claims. Notably, Ryan Castellicco was quoted as saying that Bifi is “a cheap stripped down Android phone” that he would “strongly advise against using.”
Another set of researchers then accused Bifi of harboring questionable apps on its device including Chinese search engine Baidu and the Adups malware, both of which they said regularly “called home.”
In response, Bitfi issued a comprehensive denial of these claims, accusing Oversoft of working for its competitors and reiterating its $250,000 bounty.
Yesterday however, Oversoft seemed to indicate that they have evidence to back up their claims, mentioning that the apps in question actually monitor and report on users, contrary to what Bitfi stated.
In the event that the Bitfi wallet has been hacked, it remains to be seen what that would mean for Bitfi and McAfee, both of whom had yet to respond as of press time.