McAfee Bitfi Wallet Allegedly Hacked; Denied by Bitfi
The Bitfi Bitcoin wallet created by security expert John McAfee has allegedly been hacked. This conclusion came after McAfee increased bounty for hacking the wallet, from $100,000 to $250,000.
In his statement, McAfee said “We are increasing the bounty for hacking the wallet to $250,000. The rules require you to empty the contents of a BitFi wallet that we have pre-loaded and have sent to you. You must pay for the wallet and its contents. Rules at https://t.co/jUUVmH77Mg”
The biggest selling point by the wallet and its founder is that it is pretty much unhackable.
That isn’t the case though as a security research firm OverSoftNL claimed it has gained root access to the wallet. Although the Bitfi team has admitted to this, the wallet itself was not hacked.
Nonetheless, such a vulnerability could allow a bad actor to compromise the wallet of users through the root access.
OverSoft reveals root access vulnerability a day after McAfee upped the bounty
The research group tweeted on August 1 that they have gained root access to the wallet just a day after McAfee increased the bounty to $250,000.
The tweet read “Short update without going into too much detail about BitFi: We have root access, a patched firmware and can confirm the BitFi wallet still connect happily to the dashboard. There are NO checks in place to prevent that like claimed by BitFi.”
OverSoft further tweeted that “Short update without going into too much detail about BitFi:
“We have root access, a patched firmware and can confirm the BitFi wallet still connect happily to the dashboard.
There are NO checks in place to prevent that like claimed by BitFi.
— OverSoft (@OverSoftNL) August 1, 2018”
Neither McAfee nor Bitfi responded to the tweets by OverSoft. Bitfi, however, made another tweet which showed the acknowledged the claims by OverSoft, though not directly.
Bitfi tweeted “Dear friends, we’re announcing the second bounty to help us assist potential security weaknesses of the Bitfi device. We would greatly appreciate assistance from the infosec community, we need help […]”
OverSoft was angered by this tweet as they claimed that the Bitcoin wallet provider is using its $250,000 as a marketing ploy, and for that, they don’t intend to give them any information about security weaknesses in their wallet just yet.
OverSoft tweeted “They deny anything that’s not exactly according to their bounty rules, aka they will never pay a bounty. It’s pure marketing.”
Security Researchers don’t advise using Bitfi
Even though the Bitcoin wallet was created by a security expert and one of the most vocal voices in the cryptocurrency world over the past few months, Bitfi hasn’t won much adoration from security researchers.
The wallet has claimed to be unhackable and even promising a cash bounty to anyone that could successfully hack it.
The increase in bounty price was McAfee’s way of responding to numerous criticism from security researchers who aren’t big fans of the hardware wallets.
Bitfi made it clear that the bounty wasn’t intended to help in identifying security weakness, rather it was meant to prove their point that the wallet is unhackable.
Security researcher scrutinized the claim made by Bitfi, with Ryan Castellicco noting that Bifi is “a cheap stripped down Android phone” that he would “strongly advise against using.”
More criticism led to Bitfi claiming that OverSoft was working for its rivals while also reiterating the $250,000 bounty.
OverSoft has now indicated that they have evidence to back up their claims, adding that the Baidu and Adup apps found on Bitfi actually monitor and report on users, contrary to what Bitfi stated.
It still remains to be seen what Bitfi would do if OverSoft’s claims of hacking their hardware wallet are true, maybe they might remove ‘unhackable’ from their marketing slogan.