Advertising revenue keep this site going. We do not actively endorse ads served to us.
DYOR. Please use your due diligence while on this site.
We also do not get information from our visitors.
cryptocurrency August 2, 2018

The recently released Bitfi cryptocurrency hard wallet came with a $100,000 bounty to hackers who could break its “unhackable” system. No coins have been stolen, but some claim to have hacked the wallet and the bounty has since been raised.

Advertisements

In a June press release, Bitfi, together with security mogul and crypto-enthusiast John McAfee, made a claim most technology makers avoid – that its product was “unhackable.”

McAfee said no other security methods were as “epic” as Bitfi’s, which “pulled out all the stops to ensure that the private key can never be obtained by illicit means.” McAfee then tweeted on July 24:

In response, a number of security and technology companies, including Pen Test Partners, put the wallet to the test and hacked it, though not to the Bitfi’s extremely specific requirements.

Advertisements

As noted by Ryan Castellucci, principal security researcher and security engineer at cybersecurity firm White Ops:

“Indeed, you have to be spend $120 on a Bitfi device, and then pay another $10 to ‘preload it with coins’ to even try, and then you specifically have to hack the wallet associated with [the particular] device they send you. If a researcher found, for example, the device had a weak RNG that allowed for key recovery by examining a series of transactions generated by it, they would not win the bounty.”

Castellucci went on to “strongly advise against using one of these devices.”

On July 31, Bitfi upped the hacker bounty to $250,000. 

Bitfi said the bounty is not to identify vulnerabilities*, as it claims security is “absolute,” but to prove that Bitfi is indeed “unhackable.”

The bounty has led to a debate, with some calling it a “sham,” as the only way the bounty can be claimed is by retrieving the security key from the device, which doesn’t actually hold the key.

Advertisements

McAfee continues to dismiss claims that the wallet has been hacked.

Senior data scientist at the AI-driven marketing firm Vertical Leap Henry Carless expressed his frustration:

“This is getting absurd. Either something’s ‘unhackable’ or it’s not. Clearly, as evidenced many times over, the Bifi is not.”

McAfee is also launching a privacy phone, the “Cloak Phone,” and he is still confident about both technologies. Today, he tweeted :

*A second, $10,000 bounty has also been offered to help identify potential security vulnerabilities. This bounty will be given if a hacker can modify the wallet’s firmware in a way that still allows the device to connect to the Bitfi Dashboard and allows the hacker to “transmit either private keys or the user’s secret phrase to a third party.”

Melanie Kramer is a freelance FinTech, blockchain, and cryptocurrency writer based between France and Canada. Melanie has studied, and retains an avid interest in, global politics, business, and economics.

ETHNews is committed to its Editorial Policy

Like what you read? Follow us on Twitter @ETHNews_ to receive the latest John McAfee, bounty or other Ethereum wallets and exchanges news.

Source: ETHNews