Posted on

BitFi Removes “Unhackable” Claims, Closes Bounty Program and Hires New Security Manager.

In a tweet published on the official account of Bitfi, the controversial hardware wallet marketed by Mr John McAfee as unhackable, The development team commented that they would withdraw such claim and at the same time close the bounty program in which 100k USD were offered to every person who could hack the wallet:

“Effective immediately, we are closing the current bounty programs which have caused understandable anger and frustration among researchers. We acknowledge and greatly appreciate[their] work and effort …
Effective immediately, we will be removing the “Unhackable” claim from our branding which has caused a significant amount of controversy.”

The decision to ” retract ” was followed by a change of personnel. The team commented that they had hired a new Security Manager, without mentioning the name of the new expert who would be joining the Bitfi ranks.

The Un-hackable Hacked Wallet

The Bitfi team commented that they acknowledged the existence of “vulnerabilities” but refrained from commenting on the various hacks published on social networks.

Several hackers have been able to exploit different vulnerabilities in this wallet; however, Mr. John McAfee apparently used a pun to avoid paying the various cybersecurity experts for their successful efforts.

From rooting the wallet and running Doom, to effectively getting the passphrase revealed, Mr. McAfee does not give credit to these hackers. Bitfi said these actions were the efforts of an “army of trolls” hired by other companies like Ledger and Trezor.

In a statement to The Next Web, a Bitfi spokesperson commented:

“Please understand that the Bitfi wallet is a major threat to Ledger and Trezor because it renders their technology obsolete … So they hired an army of trolls to try to ruin our reputation (which is ok because the truth always prevails)… All these trolls can do is talk smack all day, but they can’t hack the wallet if their life depends on it.”

Bitfi has been widely criticized for having no security features that make it better than other hardware wallets. After disassembling it, it was found that its processor is a MediaTek MT6580, a brand of inexpensive components. Such news raised doubts about the price of the wallet, which did not offer any special encryption hardware or any sign of an internal cold storage option.

In a final effort to check for security flaws, Saleem Rashid a young hacker managed to film a cold boot attack in which he obtained Bitfi’s passphrase, ensuring that the same attack could be made from an Android device.

So far Mr. McAfee has not issued any comments; however, the Bitfi team assured that they would issue a more elaborate official statement next week.

Girl in a jacket

loading…

Posted on

TokenPay (TPAY) CEO, Security Guru John McAfee, Two Others, To Debate Crypto Adoption

TokenPay (TPAY) CEO, Derek Capo, and veteran security Guru, John McAfee, with CEO of ModernChain and Oninute.Tech are going to be debating cryptocurrency adoption on Youtube.

The programme comes up on Thursday August 9th 2018 at 5pm EST (11pm CEST), and will involve cerebral bigwigs in the cryptocurrency world debating the much needed adoption.

The debate section is pioneered by Keith Wareing, a renowned successful entrepreneur and crypto-enthusiast who oversees a popular Youtube channel.

Rumours has it that John McAfee, who has been pushing for mainstream adoption will have the opportunity to discuss at length, how to go about crypto adoption while also defending his stands on the reasons why cryptocurrency has to be adopted by all regardless of colour, country, and nature. He has been condemning countries hindering mass adoption, and also offered to debate the Security and Exchange Commission who has been working against wide acceptance of crypto.

Meanwhile, John McAfee is facing lots of criticism on his failed short term predictions. The successful internet guru is also facing attacks after his much desired “unhackable” BitFi wallet was alleged hacked.

Nonetheless, McAfee defended the wallet saying, no money was carted away by those who allegedly said they got entry into the wallet.

In defense of the wallet, He tweeted:

“Hackers saying they have gained root access to the BitFi wallet. Well whoop-de-do! So what? Root access to a device with no write or modify capability. That’s as useless as a dentist license un a nuclear power plant. Can you get the money on the wallet? No. That’s what matters.”

“Then take the money from the wallet. Isn’t that the issue? Can you get it or not? We don’t even require that you access the wallet remotely. We’ll send you the fucking thing with money on it. Can you get it or not? The answer is no! Who cares what other useless shit you can do.”

In the debate is also Derek Capo, who has been concerned with crypto adoption. The platform once acquired a stake in Germany-based WEG bank, but later dashed out the stake to Litecoin foundation to earn some expertise.

However, Derek hopes to acquire more stake in the bank to give crypto the opportunity to coexist with banks.

loading…

Posted on

John McAfee’s ‘Unhackable’ BitFi Hardware Wallet, Hacked. Fueling a ‘Twitter War’

On the 27th of July, John McAfee had challenged the crypto-community and hackers worldwide, to attempt to hack the BitFi Hardware wallet. McAfee has more or less claimed on several occasions that no one can steal any funds locked away in the hardware wallet therefore making it unhackable. The initial bounty for anyone who could hack the device was $100,000 but McAfee upped the ante to $250,000 only 4 days later through the following tweet:

Alleged hack of the BitFi Wallet

Less than a day after McAfee increased the bounty, @OversoftNL, an ‘IT geek’ from the Netherlands, claimed to have successfully obtained root access to the BitFi wallet. He made the announcement via twitter by stating the following:

Short update without going into too much detail about BitFi:

We have root access, a patched firmware and can confirm the BitFi wallet still connect happily to the dashboard.

There are NO checks in place to prevent that like claimed by BitFi.

There has been no official statement from the team at BitFi. They since announced a second bounty on its website that now pays $10,000. The new bounty is meant to help the team at BitFi identify potential security vulnerabilities in the firmware encryption of the BitFi device. The announcement by the team at BitFi goes on to add that:

We would like to ask security researchers in the digital asset community to assist us with this project.

The rules for claiming the bounty :

  • The firmware of the Bitfi device is modified
  • After the firmware is modified the device still needs to connect to the Bitfi Dashboard
  • The device then should be able to transmit either private keys or the users secret phrase to a third party while still functioning normally with the Bitfi Dashboard

Please contact [email protected] if you wish to participate. We would greatly appreciate any assistance on this project from the infosec community. This bounty will be terminated after the first person identifies this security weakness.

@OverSoftNL has since outed the first bounty as being a sham and that the whole thing is a marketing strategy.

In conclusion, the BitFi wallet has proven not to be 100% unhackable as earlier claimed. John McAfee has since come out to defend the wallet stating that no one has accessed the money from the wallet. He specifically wrote the following in one of his latest tweet:

Hackers saying they have gained root access to the BitFi wallet. Well whoop-de-do! So what? Root acces to a device with no write or modify capability. That’s as useless as a dentist license un a nuclear power plant. Can you get the money on the wallet? No. That’s what matters.

loading…

Posted on

John McAfee is Offering $100k To Anyone Who Can Hack His New BitFi Crypto Wallet

Crypto-crusader and cyber security expert, John McAfee, is offering a $100,000 bounty to anyone who can hack his new hardware wallet known as BitFi. McAfee believes the hardware wallet is unhackable and has put the challenge out there for everyone to prove him wrong. He put forth the challenge via twitter when he said the following:

The $100,000 bounty to anyone who can hack the BitFi.com wallet is not just for the first person who hacks it, but to everyone who can hack it. If 100 people hack it, each one gets $100,000. But I promise you, it cannot be hacked, ever, by anyone or anything. Try it.

The catch is that you’d have to buy the device first so you can attempt to hack it. This is according to the bounty description on Bitfi.com that states the following:

The rules for claiming the bounty are simple:

We deposit coins into a Bitfi wallet

If you wish to participate in the bounty program, you will purchase a Bitfi wallet that is preloaded with coins for just an additional $50 (the reason for the charge is because we need to ensure serious inquiries only)

If you successful extract the coins and empty the wallet, this would be considered a successful hack

You can then keep the coins and Bitfi will make a payment to you of $100,000

McAfee has reiterated this part of the bounty via his most recent tweet below:

More about the BitFi Wallet

The BitFi Wallet claims to offer a rare combination of the most advance security for private and enterprise use. The BitFi wallet is also different from other hardware wallets out there for it does not store a private key at all. On the BitFi wallet, your private key is calculated using their special algorithm every time you type in your secret phrase. The wallet will support all currencies and assets in a single device, under a single secret phrase. The wallet costs $120. More information about the wallet can be found on its user friendly website.

loading…