McAfee’s Bitcoin Wallet Bitfi Allegedly Hacked

John McAfee’s immensely hyped Bitfi bitcoin wallet has allegedly been hacked
Popular Article
DAOs EcoSapiens
ReFi landscape
DAOs EcoSapiens

Regenerative Finance 101: A Guide to Crypto’s ReFi Movement

John McAfee’s immensely hyped Bitfi bitcoin wallet has allegedly been hacked after putting up a $250,000 bounty claiming it to be ‘unhackable’.

Bitfi has been touting the wallet’s security as being “fortress-like,” and gotten internet security specialist John McAfee to endorse the claims. In the past few days, McAfee has found himself on the receiving end of a tirade of attacks from skeptics of his Bitfi ‘unhackable’ claim, with many dismissing it as a marketing gimmick.

The device is Android-powered, which allegedly makes it vulnerable to a long list of vector exploits, including keylogging, malware, rooting, and different forms of firmware tampering.

OverSoft Hacks Wallet

According to a July 30 update on vulnerabilities found on the device by OverSoft, its use of a Baidu GPS/WIFI tracker was a major weakness. This is not to mention the presence of the notorious Adups FOTA malware suite, and “a tracker, capable of logging all activity on the device.”

On August 1, the OverSoft team revealed that it had obtained root access and installed patched firmware. The team, however, declined to provide further details but has promised to release a video revealing details of the process. They also found that the Baidu location tracker and Adups service were not only pinging but actually running. OverSoft could not get the bounty, as apparently, they didn’t hack the device as outlined in the guidelines.

As such, the team deduced the whole exercise as nothing more than a marketing ploy, saying, “They (Bitfi) deny anything that’s not exactly according to their bounty rules, aka: they will never pay a bounty. It’s pure marketing.”

Not One Bounty, but Two

After the OverSoft hacking claim, Bitfi created a second bounty. This time, rules for claiming the bounty included modifying the firmware on the device, ensuring that after this, it could still connect to the Bitfi dashboard. With that, a hacker needs to demonstrate that the private keys and the user’s secret phrase can be transmitted to a third party. This is required to be done while ensuring uninterrupted dashboard functionality.

The bounty will apparently be withdrawn after one person accomplishes this. That said, OverSoft got a formal invitation to assist the Bitfi team in hacking the ‘unhackable’ device.

The whole debacle led some to conclude that Bitfi won’t be paying out the bounty, with one user declaring, “Affy (McAfee) won’t pay you (OverSoft) a single dime he’ll just say kthanks for showing us the problems. They’ll then patch it and again claim it’s unhackable. Sorry about that.”

John McAfee likened the rooting claim by OverSoft to trying to use a dentist’s license on a nuclear power plant, reiterating the fact that the alleged hackers still couldn’t get the money out of the wallet.

This stirred up critics to no end, with some pointing out that root access could be used to uncover non-root exploits. Middleman vulnerabilities such as hacking wifi access and logging screen input could also do the trick.

The Bitfi device security has yet to be officially verified by an established third-party cyber-security company.

[thrive_leads id=’5219′]

Legal Disclaimer

CoinCentral’s owners, writers, and/or guest post authors may or may not have a vested interest in any of the above projects and businesses. None of the content on CoinCentral is investment advice nor is it a replacement for advice from a certified financial planner.