UNDER ATTACK?

The ‘Unhackable’ BitFi Cryptocurrency Wallet

The ‘Unhackable’ BitFi Cryptocurrency Wallet: Recently, there has been a lot of hype about the John McAfee’s claim for his ‘unhackable’ BitFi cryptocurrency wallet. Amidst so many incidents of crypto hacking, making such a claim is indeed a bold step.

 

The ‘Unhackable’ BitFi Cryptocurrency Wallet – Is It Truly Unhackable?

 

He has clearly refuted the popular paradigm “nothing is unhackable”, and has challenged the hackers from around the world to hack BitFi and steal the bitcoins. After his challenge, several ethical hackers came up with the claim to have hacked the wallet. Yet, neither BitFi nor McAfee confirmed their claims.

After hearing about so many “hacked” and “no hack” claims for this BitFi thing, today, we decided to scratch the surface.

BitFi Cryptocurrency Wallet – What Is It All About?

 

BitFi wallet, just like any other cryptocurrency wallet, is a digital device to let the users store their crypto assets safely. Yet, the difference lies in its peculiar functioning. Those who are actively involved in crypto know that the wallets somehow store the private keys with them. While storing private keys prevents the need to store them elsewhere, this still poses a cybersecurity risk to your crypto assets.

 

Start your Free Trial
Scan your Web Site and Network

 

 

However, a quick vulnerability assessment of the wallet will show that it stores nothing hackable. Especially, it does not store your private key. Whatever private key you use for the wallet will remain only in the user’s mind, and nowhere else. Moreover, it does not require any separate pin-code or mnemonic seed for recovery.

As explained on their website,

“On the Bitfi wallet, your private key is calculated using our algorithm every time you type in your secret phrase. Once a transaction is approved, the private key is not stored anywhere in local memory. The private key does not exist on the device until you type in your secret phrase again. Therefore if your device is stolen or seized, there is no way to gain access to the private key because it is not on the device and your funds always remain safe and there is absolutely no reason for alarm or concern if your device is lost of stolen.”

John McAfee’s Challenge To Hackers For $250K Bounty

 

A couple of weeks ago, John McAfee announced $100,000 bounty for anyone who successfully hacks the BitFi wallet and takes the coins. (The BitFi wallet comes with preloaded BTC 50 that are available with an additional charge of $10 after purchase.) After some time, the prize money was raised to $250,000 for ‘everyone’ who hacks the wallet.

The rules for the hack are simple – the hacker simply has to empty the wallet through whatever procedure they employ. Once done and proven, BitFi will pay $250K to the successful hacker(s). For this, BitFi clearly allows everyone participating in the program to exploit their resources.

 

Start your Free Trial
Scan your Web Site and Network

 

 

“We grant anyone who participates in this bounty permission to use all possible attack vectors, including our servers, nodes, and our infrastructure.”

The reason behind this open challenge appears simple. John McAfee says the wallet is stores nothing hackable. Hence, even after accessing the device, no one could ever steal the crypto stored in it.

‘Hack’ Or ‘No Hack’?

 

Things were seemingly fine until the $100K (later raised to $250K) bounty announced for hacking BitFi. Several hackers appeared online, claiming to have accessed the wallet. Yet, BitFi and McAfee clearly deny the rumors.

In the past week, the media literally claimed that BitFi has been ‘hacked’ after several researchers put up their claims one-by-one. The one by OverSoft was given the most coverage.

However, McAfee clearly refutes the claim, saying that the bounty actually revolves around a successful hack whilst stealing the bitcoins. Perhaps, this is what they have been explaining from day-1 – the hacker has to empty the wallet to claim a successful hack eligible for the bounty.

Interestingly, despite several claims for hacks, none of the hackers has claimed to take away the bitcoins yet. Considering this aspect, one can believe BitFi’s claim to be unhackable.

Nonetheless, apart from this debate, BitFi has also announced a second bounty, that is indeed a bug bounty program.

“This bounty is intended to help us identify potential security vulnerabilities in the firmware encryption of the BitFi device. We would like to ask security researchers in the digital asset community to assist us with this project.”

In this program, they are offering $10,000 as bounty for identifying flaws in the wallet. Perhaps, those who are trying to win the $250K bounty may eventually end up winning $10K (maybe!). However, the launch of a second bug bounty program in the middle of the heated “unhackable?” debate may be a step to further strengthen their security to remain “unhackable”.
There are few certainties in life. One of these is that everything is hackerable. It’s just a question of skills, time and resources.

Whether BitFi is hackable or not, one thing is for sure. They have successfully created a ripple in the cybersecurity as well as the marketing worlds involving several hackers and the media. Let’s see where this heated debate goes in the days to come!

 

Start your Free Trial
Scan your Web Site and Network

 

 

SamSam Ransomware Has Raised $6 Million
SegmentSmack – A TCP Vulnerability Targeting Linux 4.9
NAVIGATION
SWASCAN SRL

COMPANY SUBJECT TO THE MANAGEMENT
AND COORDINATION OF TINEXTA S.P.A.

Headquarters: Via Fabio Filzi, 2b
20063 Cernusco sul Naviglio MI - Italy

VAT: 09399680967

© 2017 - 2024 | Swascan Srl

Cyber Incident Swascan Emergency

Contact us for immediate support

The undersigned, as data subject, DECLARES that I have read and understood the content of the privacy policy pursuant to Article 13, GDPR. AGREE to the processing of data in relation to the sending by the Data Controller of commercial and / or promotional communications relating to (i) own products / services, or (ii) products / services offered by third parties.
The consent given may be revoked at any time by contacting the Data Controller at the addresses provided in the aforementioned privacy policy.