John McAfee’s ‘Unhackable’ BitFi Hardware Wallet, Hacked. Fueling a ‘Twitter War’

Cryptocurrency Leader

On the 27th of July, John McAfee had challenged the crypto-community and hackers worldwide, to attempt to hack the BitFi Hardware wallet. McAfee has more or less claimed on several occasions that no one can steal any funds locked away in the hardware wallet therefore making it unhackable. The initial bounty for anyone who could hack the device was $100,000 but McAfee upped the ante to $250,000 only 4 days later through the following tweet:

Alleged hack of the BitFi Wallet

Less than a day after McAfee increased the bounty, @OversoftNL, an ‘IT geek’ from the Netherlands, claimed to have successfully obtained root access to the BitFi wallet. He made the announcement via twitter by stating the following:

Short update without going into too much detail about BitFi:

We have root access, a patched firmware and can confirm the BitFi wallet still connect happily to the dashboard.

There are NO checks in place to prevent that like claimed by BitFi.

There has been no official statement from the team at BitFi. They since announced a second bounty on its website that now pays $10,000. The new bounty is meant to help the team at BitFi identify potential security vulnerabilities in the firmware encryption of the BitFi device. The announcement by the team at BitFi goes on to add that:

We would like to ask security researchers in the digital asset community to assist us with this project.

The rules for claiming the bounty :

  • The firmware of the Bitfi device is modified
  • After the firmware is modified the device still needs to connect to the Bitfi Dashboard
  • The device then should be able to transmit either private keys or the users secret phrase to a third party while still functioning normally with the Bitfi Dashboard

Please contact [email protected] if you wish to participate. We would greatly appreciate any assistance on this project from the infosec community. This bounty will be terminated after the first person identifies this security weakness.

@OverSoftNL has since outed the first bounty as being a sham and that the whole thing is a marketing strategy.

In conclusion, the BitFi wallet has proven not to be 100% unhackable as earlier claimed. John McAfee has since come out to defend the wallet stating that no one has accessed the money from the wallet. He specifically wrote the following in one of his latest tweet:

Hackers saying they have gained root access to the BitFi wallet. Well whoop-de-do! So what? Root acces to a device with no write or modify capability. That’s as useless as a dentist license un a nuclear power plant. Can you get the money on the wallet? No. That’s what matters.