The recently released Bitfi cryptocurrency hard wallet came with a $100,000 bounty to hackers who could break its “unhackable” system. No coins have been stolen, but some claim to have hacked the wallet and the bounty has since been raised.
In a June press release, Bitfi, together with security mogul and crypto-enthusiast John McAfee, made a claim most technology makers avoid – that its product was “unhackable.”
McAfee said no other security methods were as “epic” as Bitfi’s, which “pulled out all the stops to ensure that the private key can never be obtained by illicit means.” McAfee then tweeted on July 24:
In response, a number of security and technology companies, including Pen Test Partners, put the wallet to the test and hacked it, though not to the Bitfi’s extremely specific requirements.
As noted by Ryan Castellucci, principal security researcher and security engineer at cybersecurity firm White Ops:
“Indeed, you have to be spend $120 on a Bitfi device, and then pay another $10 to ‘preload it with coins’ to even try, and then you specifically have to hack the wallet associated with [the particular] device they send you. If a researcher found, for example, the device had a weak RNG that allowed for key recovery by examining a series of transactions generated by it, they would not win the bounty.”
Castellucci went on to “strongly advise against using one of these devices.”
On July 31, Bitfi upped the hacker bounty to $250,000.
Bitfi said the bounty is not to identify vulnerabilities*, as it claims security is “absolute,” but to prove that Bitfi is indeed “unhackable.”
The bounty has led to a debate, with some calling it a “sham,” as the only way the bounty can be claimed is by retrieving the security key from the device, which doesn’t actually hold the key.
McAfee continues to dismiss claims that the wallet has been hacked.
Senior data scientist at the AI-driven marketing firm Vertical Leap Henry Carless expressed his frustration:
“This is getting absurd. Either something’s ‘unhackable’ or it’s not. Clearly, as evidenced many times over, the Bifi is not.”
McAfee is also launching a privacy phone, the “Cloak Phone,” and he is still confident about both technologies. Today, he tweeted :
*A second, $10,000 bounty has also been offered to help identify potential security vulnerabilities. This bounty will be given if a hacker can modify the wallet’s firmware in a way that still allows the device to connect to the Bitfi Dashboard and allows the hacker to “transmit either private keys or the user’s secret phrase to a third party.”
Melanie Kramer is a freelance FinTech, blockchain, and cryptocurrency writer based between France and Canada. Melanie has studied, and retains an avid interest in, global politics, business, and economics.
ETHNews is committed to its Editorial Policy
Like what you read? Follow us on Twitter @ETHNews_ to receive the latest John McAfee, bounty or other Ethereum wallets and exchanges news.
Source: ETHNews