Posted on

Research Team Demonstrates Hard Wallets Vulnerabilities, Trezor Promises Firmware Update

Software security researchers have reportedly been able to extract private keys from the Trezor One hardware wallets.

Researchers have reportedly shown how they were able to hack the Trezor One, Ledger Nano S and Ledger Blue at the 35C3 Refreshing Memories conference. The demonstration of the hacks was published in a video on Dec. 27.

The research team behind the dubbed “” hacking project is made up of hardware designer and security researcher Dmitry Nedospasov, software developer Thomas Roth and security researcher and former submarine officer Josh Datko.

During the conference, the researchers announced that they have been able to extract the private key out of a Trezor One hardware wallet after flashing — overwriting existing data — a custom firmware. However, they pointed out that this exploit only works if the user didn’t set a passphrase.

Pavol Rusnak, CTO of SatoshiLabs (the company behind Trezor), commented on Twitter that they were not notified through their Responsible Disclosure program prior to the demonstration, and that they will address the reported vulnerabilities through a firmware update at the end of January.

Moreover, the same group of hacker researchers also claimed during the talk that they were able to install any firmware on a Ledger Nano S, a leading hardware wallet. While the team used this vulnerability to play the game Snake on the device, one member of the team that found the exploit claimed:

“We can send malicious transactions to the ST31 [the secure chip] and even confirm it ourselves [via software,] or we can even go and show a different transaction [not the one that is actually being sent] on the screen.”

The team also demonstrated that they found a vulnerability in the Ledger Blue, the most expensive hardware wallet produced by the company, that comes with a color touchscreen. The signals are transported to the screen by an unusually long trace on the motherboard, the researcher explained, which is why it leaks those signals as radio waves.

When a USB cable is attached to the device, the aforementioned leaked signals get strong enough that, according to the researchers, they could be easily received from several meters.

Employing an artificial intelligence (AI) software deployed on the cloud, the team has been reportedly able to obtain the pin of the device from a dump of the leaked radio signal from the moment when the pin has been entered.

When asked about BitFi, the hardware wallet promoted as being “unhackable” by crypto advocate John McAfee in July, a team member said that “we only talk about somewhat secure wallets” before concluding that “we didn’t want to use a Chinese phone in this talk.”

As Cointelegraph reported in August, a teenage hacker claimed to have compromised the BitFi device. The producer has since denied that the device has been hacked since no coins have been extracted.

Moreover, also in August, a group of researchers declared to have successfully sent signed transactions from the BitFi wallet, claiming to meet the conditions of the bounty program.

As of press time, neither Ledger nor Trezor have responded to Cointelegraph’s request for comments.

Posted on

BitFi Removes “Unhackable” Claims, Closes Bounty Program and Hires New Security Manager.

In a tweet published on the official account of Bitfi, the controversial hardware wallet marketed by Mr John McAfee as unhackable, The development team commented that they would withdraw such claim and at the same time close the bounty program in which 100k USD were offered to every person who could hack the wallet:

“Effective immediately, we are closing the current bounty programs which have caused understandable anger and frustration among researchers. We acknowledge and greatly appreciate[their] work and effort …
Effective immediately, we will be removing the “Unhackable” claim from our branding which has caused a significant amount of controversy.”

The decision to ” retract ” was followed by a change of personnel. The team commented that they had hired a new Security Manager, without mentioning the name of the new expert who would be joining the Bitfi ranks.

The Un-hackable Hacked Wallet

The Bitfi team commented that they acknowledged the existence of “vulnerabilities” but refrained from commenting on the various hacks published on social networks.

Several hackers have been able to exploit different vulnerabilities in this wallet; however, Mr. John McAfee apparently used a pun to avoid paying the various cybersecurity experts for their successful efforts.

From rooting the wallet and running Doom, to effectively getting the passphrase revealed, Mr. McAfee does not give credit to these hackers. Bitfi said these actions were the efforts of an “army of trolls” hired by other companies like Ledger and Trezor.

In a statement to The Next Web, a Bitfi spokesperson commented:

“Please understand that the Bitfi wallet is a major threat to Ledger and Trezor because it renders their technology obsolete … So they hired an army of trolls to try to ruin our reputation (which is ok because the truth always prevails)… All these trolls can do is talk smack all day, but they can’t hack the wallet if their life depends on it.”

Bitfi has been widely criticized for having no security features that make it better than other hardware wallets. After disassembling it, it was found that its processor is a MediaTek MT6580, a brand of inexpensive components. Such news raised doubts about the price of the wallet, which did not offer any special encryption hardware or any sign of an internal cold storage option.

In a final effort to check for security flaws, Saleem Rashid a young hacker managed to film a cold boot attack in which he obtained Bitfi’s passphrase, ensuring that the same attack could be made from an Android device.

So far Mr. McAfee has not issued any comments; however, the Bitfi team assured that they would issue a more elaborate official statement next week.

Girl in a jacket


Posted on

Bitfi Closes Wallet Bounty Program, Removes ‘Unhackable’ From Branding

Cryptocurrency hardware wallet manufacturer Bitfi has officially closed its bounty program, according to an August 30 tweet, in addition to removing the “unhackable” claim from the wallet’s marketing materials.

In its statement, the company admitted “vulnerabilities,” and yet avoided speaking about multiple alleged hacks of the device. Bitfi also confessed to hiring a “Security Manager who is confirming vulnerabilities that have been identified by researchers.”

The company expressed appreciation for “the work and effort of the researches,” stating that the bug bounty program was officially closed. Any further comments on remuneration and the project’s roadmap are postponed until early September. Bitfi officials remained silent about the $100,000 reward they announced in July.

The recent Bitfi post quickly prompted a response from the community. While some insist on recalling current vulnerable hardware using #RecallBitfi hashtag, others blame the wallet’s team for misleading promotions and harming the industry.

Bitfi’s executive chairman, cybersecurity pioneer and crypto evangelist John McAfee, had claimed that wallet was “the world’s first unhackable device.” He further challenged security experts to breach the device for a $100,000 bounty starting July 24.

Photos of Bitfi components surfaced online in late July, prompting some commentators to claim it was “a cheap Android phone,” which did not deserve the accolade of the “most sophisticated instrument in the world”.

Though several attempts to hack the Bitfi wallet have been made since then, the company has not paid out any bounties. Researchers claimed that they could track the device and extract the necessary information to qualify the device as “hacked.”

As Cointelegraph previously reported, the company responded to the hacking claims and subsequent criticism by calling them an “army of trolls” hired by hard wallet competitors Trezor and Ledger.

In August, an alleged 15 year old Twitter user Saleem Rasheed (@spudowiar) cracked the wallet and launched Doom on it. Hours before the recent statement withdrawing the “unhackable” definition from the wallet’s branding, Rasheed posted a video where he managed to extract a secret phrase from Bitfi using a cold boot attack.

Posted on

John McAfee & Ethereum (ETH) Founder Vitalik Buterin Atop 5 Most Famous Crypto Personalities

The fact that cryptocurrency has become a “phenomenon that the famous personalities of the crypto sphere are almost at par with the popularity of Hollywood stars” has made an exchange release the list of 5 Most Famous Crypto Personalities.

This time, Bithemoth Exchange, who published the ranking placed John McAfee atop several famous crypto personalities.

John McAfee, the creator of the first anti-virus- McAfee Antivirus, joined the crypto community and rose to the point of being a notable influencer.

Bithemoth said about him: “His tweets are not only influential but entertaining as well. He’s known to be different and has already started a movement called ‘Declaration of the Freedom of Currency Independence’ to destroy fiat money around the world”.

John McAfee recently predicted Bitcoin reaching $500,000 by the end of the year 2020. The crypto king also founder the “unhackable” Bitfi Cryptocurrency Wallet.

The second person on the list is Vitalik Buterin. Vitalik Buterin started off as a writer for Bitcoin, and this made him co-found the famous Bitcoin Magazine. While writing about Bitcoin, he thought of unraveling Ethereum

Bithemoth Exchange said about him: “No, he’s not a robot, he’s an unbelievably smart individual who has achieved plenty at the age of 24 years old. His tweets are technical and rises debates with cryptocurrency developers around the world. It is no wonder his decisions make an impact, given Ethereum’s place in the cryptocurrency market placed ranked in at 2nd”.

Also, Roger Ver otherwise known as Bitcoin Jesus, who founded Bitcoin Cash, and financed the invention of and BitPay, was in the list. Changpeng Zhao, creator of the world largest cryptocurrency exchange, Binance, also made it into the list.

In the same line, Satoshi Nakamoto, an unknown creator of Bitcoin also featured in the list. While the cryptocurrency community is expecting to know Nakamoto, the Chief Technical Officer at Ripple came out some days back to say he had the idea of blockchain before the technology was unraveled.

Image Credit: Bithemoth

Girl in a jacket


Posted on

The Weirdest Prediction Markets on Augur Right Now

Do you believe in God? Would you put your cryptocurrency holdings on it?

Augur, an ethereum-based platform for betting on the outcome of real-world events, aims to be a repository of crowd-sourced knowledge for journalists, investors and policymakers, as well as an effective tool for hedging against adverse outcomes.

But it’s also become one other thing: a hilarious place to troll.

Forums for questioning a higher power are just one of many markets that currently exist on the decentralized prediction market, developed by the non-profit Forecast Foundation and funded with one of the world’s first token sales in 2015.

That token sale took place before people were even using the word initial coin offering, or ICO, to refer to these types of crypto fundraising schemes, and the project went through the ICO boom in beta – with the developers testing and vetting one of the most hotly-anticipated launches in crypto history.

As such, when it launched on ethereum’s live blockchain last month, it briefly surpassed the most famous decentralized application, CryptoKitties, in terms of the number of users. Although enthusiasm has since dipped markedly.

So far, most of Augur’s markets – and the vast majority of the trades on the platform – deal with relatively vanilla topics like the outcomes of sporting events or the prices of crypto assets. But a few take a truly dark turn, gauging the likelihood that prominent figures will be assassinated or that terrorist attacks and mass shootings will occur.

Others, though, are just goofy, evoking the cryptocurrency community’s peculiar obsessions, wild rumors and the sorts of riddles a bridge troll might ask before letting you pass.

So here’s to the Augur users who have selflessly donated their time and potentially their funds – market creators post a bond in the platform’s native REP tokens, which they lose if a market is deemed “invalid” because the outcome cannot be verified – all just to brighten their fellow users’ days.

In no particular order, here are a few of the weirdest markets on Augur today.

Vitalik’s girlfriend

Vitalik Buterin, creator of ethereum, the world’s second-most valuable blockchain, enjoys the kind of wealth and notoriety few 24-year-olds have.

But does he have a girlfriend? And if not now, when?

These questions have vexed the crypto community enough to spawn a dedicated article – one that’s apparently been viewed over 18,000 times. And now, indelibly etched into Buterin’s own creation, there’s an Augur market for it too.

Buterin himself must confirm the relationship, according to the market’s terms, and the couple must have been together for at least one full day.

It’s worth noting here that (as with many Augur markets) nobody has bet on this one at the time of writing.

Are you there, God?

Ostensibly, Augur markets must be based on verifiable events, but Augur is a platform without moderators, so that’s become more of a guideline.

As mentioned above, the perfect example: someone has posed the question, “Does god exist?”

They’re apparently in no hurry to find out, as the market expires at the beginning of 2020. And the resolution source must be the “news media.”

The heathen users that initiated the market give the creator of the universe a 10 percent chance of existing. No money is at stake at the time of writing.

SAFU or not SAFU

Naturally, Augur users haven’t passed up on the chance to sprinkle the platform with their particular flavor of memes.

Titled “FUNDS ARE SAFU?” one market references a bizarre – but popular – YouTube send-up of Binance CEO Changpeng “CZ” Zhao’s attempt to reassure users that their crypto holdings on the platform were safe.

Looking at the market’s details, however, it appears not to be a joke, but a serious – if vaguely worded – question about whether Binance will be hacked: “Will the security of be negatively affected such that there is a newsworthy loss of money?”

The market expired without any bets having been placed.

Does not compute

Competition is stiff, but the trolliest market currently active on Augur may well be this restatement of the liar paradox – the sort of query one might use to incapacitate a murderous supercomputer.

For the uninitiated, the statement “this sentence is false” is a paradox because, if the statement is, in fact, false, that means it checks out. So it’s true.

If the statement is true – by being false – then it violates its own premise: it has to be false.

Thinking about this paradox goes back to at least the fourth century BCE, making it one of humanity’s longest-running time wasters. Adding a pinch of circular meta-salt to this concoction, the market creator made the point of reference for this market Predictions.Global, a site that scrapes data from Augur.

The pee tape

The allegation that Russian authorities possess compromising material on U.S. president Donald Trump is one of the stranger stories to emerge from the 2016 election.

The existence of this compromising material – originating from a collection of documents prepared by a former British intelligence officer working (indirectly) on behalf of Democrats – is often known as the “pee tape” due to its alleged content.

But it hasn’t been proven.

Judging by an Augur market on the topic, though, chances are around one in four that such a tape will emerge before the end of Trump’s first term.

Betting volume on the market has been very low, however, at the equivalent of less than $60.

McAfee’s bold prediction

Many of the most liquid and valuable markets on Augur deal with the prices of cryptocurrencies.

So at first glance, it’s hard to see what’s remarkable about one particular market predicting that the price of bitcoin will pass $1 million before 2020.

But there’s a clue in the fact that it’s tagged “McAfee.”

The anti-virus-software-creator-turned-cryptocurrency-hype-man has published many inadvisable tweets. Topping the list, however, is one from late 2017, when he predicted that bitcoin would hit $1 million and reiterated a promise he’d made earlier to “eat my dick on national television” if he proved incorrect.

Yet another Augur market gets to the, um, meat of the story.

And that’s probably enough Augur for today.

Monkey with banana image via Jeremy Bishop on Unsplash

The leader in blockchain news, CoinDesk is a media outlet that strives for the highest journalistic standards and abides by a strict set of editorial policies. CoinDesk is an independent operating subsidiary of Digital Currency Group, which invests in cryptocurrencies and blockchain startups.

Posted on

‘Unhackable’ Wallet Reportedly Breached, Hackers Claim to Meet Bounty Conditions

A group of researchers claims to have have hacked the Bitfi wallet, the Next Web reported Aug.12.

Bitfi’s executive chairman, cybersecurity pioneer John McAfee, has called it “the world’s first unhackable device.” To prove his claim, McAfee challenged security experts to breach the device for a $100,000 bounty starting July 24.

Bitfi is a physical device, or hardware wallet, which supports “an unlimited amount of cryptocurrencies,” and revolves around a user-generated secret phrase instead of a conventional 24-word mnemonic seed that has to be written down. Additionally, Bitfi is purported to be “completely open-source,” meaning that the user stays in control of their funds “even if the manufacturer of the wallet no longer exists.”

Though several attempts to hack the wallet have been made since then, none of them met the bounty’s terms and the wallet has ostensibly not been fully breached until today. The researchers claimed they could successfully send signed transactions with the wallet, claiming they met the conditions of the bounty program by modifying the device, connecting to the wallet’s server, and transmitting sensitive data with it. Security researcher Andrew Tierney said:

“We have sent the seed and phrase from the device to another server, it just gets sent using netcat, nothing fancy. We believe all [conditions] have been met.”

The researchers reportedly obtained complete access to the device two weeks ago, after which they have been closely tracking it, including the data being sent out of the wallet. They claim to that the device is still connected to the Bitfi server. Tierney told the Next Web:

“We intercepted the communications between the wallet and [Bitfi]. This has allowed us to display silly messages on the screen. The interception really isn’t the big part of it, it’s just to demonstrate that it is connected to the dashboard and still works despite significant modification.”

Earlier this month, Bitfi CEO Daniel Keshin wrote to Cointelegraph regarding the alleged hack by fifteen-year-old Saleem Rashid. Khesin said:

“As of now, we have no evidence that our device can be hacked and if someone succeeds in doing so then we will immediately put out a fix to all devices to address the vulnerability that was discovered and it will be unhackable once again.”

Posted on

Bounty Hunt Gone Wrong: ‘Unhackable’ Wallet Bitfi Denies It Has Been Hacked

In July, cryptocurrency hardware wallet manufacturer Bitfi’s executive chairman, John McAfee, claimed that Bitfi was “the world’s first unhackable device,” urging security experts to breach its security for a $100,000 bounty.

Since then, a number of reports emerged that suggested Bitfi is not, in fact, “unhackable,” only to be dismissed by the wallet service as well as McAfee himself, steadily making the bounty hunt seem like a tasteless PR stunt.

What is Bitfi?

Essentially, Bitfi is a physical device — or a ‘hardware’ wallet — supporting “an unlimited amount of cryptocurrencies” that costs $120, as per its website. Although no actual contact details (apart from email addresses) are listed there, the company is registered in London, according to Companies House data. Bitfi’s CEO is 38-year-old American entrepreneur Daniel Khesin.

The project first surfaced in July, when the infamous investor John McAfee — who once promised to “eat [his] own dick on national television” if Bitcoin’s price doesn’t reach $500,000 by 2020 — premiered the crypto wallet on his Twitter. He called Bitfi “a Colt 45 of the crypto world” and “the world’s first unhackable device.” To prove his point, McAfee announced a bounty hunt: $100,000 would go to the first person to hack the new device. “Money talks, bullshit walks,” he taunted the skeptics and later raised the bet up to $250,000.

Notably, unlike the majority of other hardware wallets, Bitfi doesn’t put such a strong emphasis on private keys, according to its website:

“The Bitfi hardware wallet solves this security problem once and for all in the most elegant way possible — the private keys are simply not stored anywhere, ever. This is another layer of security that goes beyond keeping the private key outside the computer environment or from devices with internet access. So even if your Bitfi hardware wallet is seized or stolen, there is nothing that anyone can do to extract the private keys because they are not on the device in the first place.”

Instead, its security system revolves around a user-generated secret phrase — that can supposedly be memorized — instead of a conventional 24-word mnemonic seed that has to be written down, which allegedly contributes to the safety of the stored assets. That way, the Bitfi team argues, private keys are not held on the device at all:

“On the Bitfi wallet, your private key is calculated using our algorithm every time you type in your secret phrase. Once a transaction is approved, the private key is not stored anywhere in local memory. The private key does not exist on the device until you type in your secret phrase again. Therefore, if your device is stolen or seized, there is no way to gain access to the private key because it is not on the device and your funds always remain safe and there is absolutely no reason for alarm or concern if your device is lost of stolen.”

Finally, Bitfi argues that their product is “completely open-source,” meaning that the user allegedly stays in control of their funds in any scenario, as long as they remember the aforementioned secret phrase. The wallet also doesn’t have room for “human error,” the creators claim, because it’s strictly updated automatically via WiFi and the user doesn’t get to download any software manually.

Bounty hunt quickly went wrong

Bitfi’s website elaborates on the bounty program, listing a number of “rules”: Essentially, those who wish to participate have to purchase a Bitfi wallet that is preloaded with coins for an additional $10 (the wallet itselfs costs $120, as mentioned above).

The ultimate goal for the participant is to successfully extract the coins and empty the wallet, while the company allegedly grants “anyone who participates in this bounty permission to use all possible attack vectors, including our servers, nodes and our infrastructure.”

“The above is what we consider a successful hack,” the Bitfi website reads, “Nothing else will qualify.”

McAfee announced the hunt on July 24. Within a week, hacking reports started to emerge. On Aug. 1, crypto personality from the Netherlands OverSoft tweeted (referencing other users, namely Saleem Rashid, the alleged fifteen-year-old who revealed a security vulnerability in fellow hardware wallet Ledger in 2017, and Andrew Tierney, a security consultant at Pen Test Partners firm): “We have root access, a patched firmware and can confirm the BitFi wallet still connect happily to the dashboard.” OverSoft later posted BitFi ROM directory listings.

Bitfi did not respond to OverSoft’s original tweet directly. Nevertheless, the wallet soon announced a second bounty hunt — this time with a much more modest $10,000 reward — altering the rules and proceeding to claim that all reported security breaches did not meet the bounty’s conditions and, therefore, the device has not been hacked: “Rooting [i.e., getting administrative access to] the device does not mean it has been hacked,” the Bitfi team argued.

Soon, BitFi wrote on Twitter that the person handling their account was “dismissed because of many cocky [and] insulting remarks to smart researchers,” but continued to reinforce the idea that their service has not been “hacked.” “Your bounty only covers a single attack vector and excludes backdooring the device,” Tiernay replied.

“Cheap, stripped down Android phone”

Pen Test Partners, which posted a blog series regarding the hacking of Bitfi, claimed that, hardware-wise, “the Bitfi is a stripped down Mediatek MT6580 […] It’s an Android phone, minus some components.” “Someone will probably have Doom running on it by Friday,” commented Ryan Castellucci, a self-proclaimed “software engineer and hardware hacker,” calling the device “a cheap, stripped down Android phone.” Consequently, in a subsequent episode of their “hacking Bitfi” series, Pen Test Partners posted a video allegedly proving that Bitfi device does have storage: In it, the wallet displays an uploaded video of John Mcafee. The Bitfi website, in turn, continues to refer to its wallet as “the most sophisticated instrument on the world.”

Bitfi dismissed Saleem Rashid claims, citing his decision not to claim the bounty. Responding, Rashid retweeted cryptocurrency and cybersecurity researcher Alan Woodward, who had also discussed the hack with Bitfi in the same Twitter thread.

“It’s not speculation based on what I’m looking at,” Woodward had written, continuing:
“And we don’t want your money. Give it to charity. We are concerned that others will entrust their money to something that is not secure in the way [it appears] to suggest.”

“Army of trolls”: Bitfi’s response to the criticism

Nevertheless, despite reportedly firing their social media employee, Bitfi continues to disown — and even threaten — their critics via social media: For instance, the wallet team asked Woodward if they could “alter [a] photograph of [his] face with something humiliating added,” in response to his concern about Bitfi’s affiliate allegedly spreading hate speech while defending the wallet.

On Aug. 1, an official Bitfi spokesperson, went even further and told Hard Fork that the recent criticism of the wallet’s security on Twitter was, in fact, the product of an “army of trolls” hired by hard wallet competitors Trezor and Ledger — Trezor’s founder and CEO has since denied the accusation. The spokesperson for Bitfi stated:

“Please understand that the Bitfi wallet is a major threat to Ledger and Trezor because it renders their technology obsolete […] So they hired an army of trolls to try to ruin our reputation (which is OK because the truth always prevails).”

Meanwhile, Bitfi’s CEO Daniel Khesin continued to hold a skeptical position toward Rashid, challenging him to accept the money if he had, in fact, compromised the device, contributing to the overall immature approach his firm took trying to handle criticism:

“The person claiming to have cracked the bounty has not come forward to prove it and has tweeted five min ago that he will not be pursuing the bounty because it’s not worth his time,” he told Cointelegraph.

“Yet, he tweeted to the whole world this morning that he hacked into our wallet. I think it’s a disgrace for any human being to do such a thing, but I will leave to you to judge.”

Posted on

TokenPay (TPAY) CEO, Security Guru John McAfee, Two Others, To Debate Crypto Adoption

TokenPay (TPAY) CEO, Derek Capo, and veteran security Guru, John McAfee, with CEO of ModernChain and Oninute.Tech are going to be debating cryptocurrency adoption on Youtube.

The programme comes up on Thursday August 9th 2018 at 5pm EST (11pm CEST), and will involve cerebral bigwigs in the cryptocurrency world debating the much needed adoption.

The debate section is pioneered by Keith Wareing, a renowned successful entrepreneur and crypto-enthusiast who oversees a popular Youtube channel.

Rumours has it that John McAfee, who has been pushing for mainstream adoption will have the opportunity to discuss at length, how to go about crypto adoption while also defending his stands on the reasons why cryptocurrency has to be adopted by all regardless of colour, country, and nature. He has been condemning countries hindering mass adoption, and also offered to debate the Security and Exchange Commission who has been working against wide acceptance of crypto.

Meanwhile, John McAfee is facing lots of criticism on his failed short term predictions. The successful internet guru is also facing attacks after his much desired “unhackable” BitFi wallet was alleged hacked.

Nonetheless, McAfee defended the wallet saying, no money was carted away by those who allegedly said they got entry into the wallet.

In defense of the wallet, He tweeted:

“Hackers saying they have gained root access to the BitFi wallet. Well whoop-de-do! So what? Root access to a device with no write or modify capability. That’s as useless as a dentist license un a nuclear power plant. Can you get the money on the wallet? No. That’s what matters.”

“Then take the money from the wallet. Isn’t that the issue? Can you get it or not? We don’t even require that you access the wallet remotely. We’ll send you the fucking thing with money on it. Can you get it or not? The answer is no! Who cares what other useless shit you can do.”

In the debate is also Derek Capo, who has been concerned with crypto adoption. The platform once acquired a stake in Germany-based WEG bank, but later dashed out the stake to Litecoin foundation to earn some expertise.

However, Derek hopes to acquire more stake in the bank to give crypto the opportunity to coexist with banks.


Posted on

John McAfee’s ‘Unhackable’ BitFi Hardware Wallet, Hacked. Fueling a ‘Twitter War’

On the 27th of July, John McAfee had challenged the crypto-community and hackers worldwide, to attempt to hack the BitFi Hardware wallet. McAfee has more or less claimed on several occasions that no one can steal any funds locked away in the hardware wallet therefore making it unhackable. The initial bounty for anyone who could hack the device was $100,000 but McAfee upped the ante to $250,000 only 4 days later through the following tweet:

Alleged hack of the BitFi Wallet

Less than a day after McAfee increased the bounty, @OversoftNL, an ‘IT geek’ from the Netherlands, claimed to have successfully obtained root access to the BitFi wallet. He made the announcement via twitter by stating the following:

Short update without going into too much detail about BitFi:

We have root access, a patched firmware and can confirm the BitFi wallet still connect happily to the dashboard.

There are NO checks in place to prevent that like claimed by BitFi.

There has been no official statement from the team at BitFi. They since announced a second bounty on its website that now pays $10,000. The new bounty is meant to help the team at BitFi identify potential security vulnerabilities in the firmware encryption of the BitFi device. The announcement by the team at BitFi goes on to add that:

We would like to ask security researchers in the digital asset community to assist us with this project.

The rules for claiming the bounty :

  • The firmware of the Bitfi device is modified
  • After the firmware is modified the device still needs to connect to the Bitfi Dashboard
  • The device then should be able to transmit either private keys or the users secret phrase to a third party while still functioning normally with the Bitfi Dashboard

Please contact [email protected] if you wish to participate. We would greatly appreciate any assistance on this project from the infosec community. This bounty will be terminated after the first person identifies this security weakness.

@OverSoftNL has since outed the first bounty as being a sham and that the whole thing is a marketing strategy.

In conclusion, the BitFi wallet has proven not to be 100% unhackable as earlier claimed. John McAfee has since come out to defend the wallet stating that no one has accessed the money from the wallet. He specifically wrote the following in one of his latest tweet:

Hackers saying they have gained root access to the BitFi wallet. Well whoop-de-do! So what? Root acces to a device with no write or modify capability. That’s as useless as a dentist license un a nuclear power plant. Can you get the money on the wallet? No. That’s what matters.


Posted on

John McAfee is Offering $100k To Anyone Who Can Hack His New BitFi Crypto Wallet

Crypto-crusader and cyber security expert, John McAfee, is offering a $100,000 bounty to anyone who can hack his new hardware wallet known as BitFi. McAfee believes the hardware wallet is unhackable and has put the challenge out there for everyone to prove him wrong. He put forth the challenge via twitter when he said the following:

The $100,000 bounty to anyone who can hack the wallet is not just for the first person who hacks it, but to everyone who can hack it. If 100 people hack it, each one gets $100,000. But I promise you, it cannot be hacked, ever, by anyone or anything. Try it.

The catch is that you’d have to buy the device first so you can attempt to hack it. This is according to the bounty description on that states the following:

The rules for claiming the bounty are simple:

We deposit coins into a Bitfi wallet

If you wish to participate in the bounty program, you will purchase a Bitfi wallet that is preloaded with coins for just an additional $50 (the reason for the charge is because we need to ensure serious inquiries only)

If you successful extract the coins and empty the wallet, this would be considered a successful hack

You can then keep the coins and Bitfi will make a payment to you of $100,000

McAfee has reiterated this part of the bounty via his most recent tweet below:

More about the BitFi Wallet

The BitFi Wallet claims to offer a rare combination of the most advance security for private and enterprise use. The BitFi wallet is also different from other hardware wallets out there for it does not store a private key at all. On the BitFi wallet, your private key is calculated using their special algorithm every time you type in your secret phrase. The wallet will support all currencies and assets in a single device, under a single secret phrase. The wallet costs $120. More information about the wallet can be found on its user friendly website.