John McAfee’s Bitfi bitcoin wallet has allegedly been hacked after its creator issued a $250,000 hacking challenge. Bitfi, which has marketed the wallet as “unhackable,” alongside promoter John McAfee has not yet responded to a post from security research group OverSoftNL, where it claimed to have obtained root access.
Accusations and Speculation
The tweet at the center of the furor was posted yesterday, Aug. 1 by Oversoft, and it read:
“Short update without going into too much detail about BitFi: We have root access, a patched firmware and can confirm the BitFi wallet still connect happily to the dashboard. There are NO checks in place to prevent that like claimed by BitFi.”
Short update without going into too much detail about BitFi:
We have root access, a patched firmware and can confirm the BitFi wallet still connect happily to the dashboard.
There are NO checks in place to prevent that like claimed by BitFi.
— OverSoft (@OverSoftNL) August 1, 2018
Bitfi did not immediately respond to the tweet but later appeared to make reference to it in a subsequent post at 8:18 PM.
Dear friends, we’re announcing second bounty to help us assist potential security weaknesses of the Bitfi device. We would greatly appreciate assistance from the infosec community, we need help. Here are the bounty conditions: https://t.co/f00POuF1Ov Thank you, Daniel Khesin CEO
— Bitfi (@Bitfi6) August 1, 2018
In a subsequent tweet on the same thread, Oversoft then accused Bitfi of using its $250,000 bounty as a marketing ploy, hinting that it would not hand over any information about security weaknesses just yet.
They deny anything that’s not exactly according to their bounty rules, aka: they will never pay a bounty. It’s pure marketing.
— OverSoft (@OverSoftNL) August 1, 2018
Bitfi Controversy
Much like its promoter, Bitfi has made a bit of a reputation as a bold, daring ,and sometimes brash self-promoter, repeatedly claiming that the hardware wallet is unhackable and even promising a cash bounty to anyone that could successfully hack it.
From $100,000, this bounty quickly went up to $250,000 as John McAfee ratcheted up the rhetoric in response to criticism from security researchers. For added measure, Bitfi then made sure to specify that the bounty was not intended to help it identify security vulnerabilities, maintaining that its claim of being “unhackable” was absolute.
A war of words then broke out between Bitfi and a series of security researchers who one after the other, picked holes in Bitfi’s claims. Notably, Ryan Castellicco was quoted as saying that Bifi is “a cheap stripped down Android phone” that he would “strongly advise against using.”
Another set of researchers then accused Bifi of harboring questionable apps on its device including Chinese search engine Baidu and the Adups malware, both of which they said regularly “called home.”
In response, Bitfi issued a comprehensive denial of these claims, accusing Oversoft of working for its competitors and reiterating its $250,000 bounty.
Yesterday however, Oversoft seemed to indicate that they have evidence to back up their claims, mentioning that the apps in question actually monitor and report on users, contrary to what Bitfi stated.
Btw, you might notice that the Baidu location tracker and the Adups service are both actually running…
Not just being used for “pinging” like BitFi said…
— OverSoft (@OverSoftNL) August 1, 2018
In the event that the Bitfi wallet has been hacked, it remains to be seen what that would mean for Bitfi and McAfee, both of whom had yet to respond as of press time.
Featured Image from Flickr/NullSession
Follow us on Telegram or subscribe to our newsletter here.
• Join CCN’s crypto community for $9.99 per month, click here.
• Want exclusive analysis and crypto insights from Hacked.com? Click here.
• Open Positions at CCN: Full Time and Part Time Journalists Wanted.