McAfee's "Unhackable" Bitfi Cryptowallet is Entirely Hackable

McAfee, of security software fame, has taken a shot at creating an “unhackable” Bitcoin wallet by the name of BitFi. Their efforts, however, have not gone so well.

While we know how vulnerable cryptocurrency exchanges can be to hacking, cryptocurrency wallets can also fall victim to phishing attacks and other hacking.

So, it makes sense that someone would try to create an unhackable wallet.

However, for John McAfee, known for security software, that feat proved difficult.

Short update without going into too much detail about BitFi:

We have root access, a patched firmware and can confirm the BitFi wallet still connect happily to the dashboard.

There are NO checks in place to prevent that like claimed by BitFi.

— OverSoft (@OverSoftNL) August 1, 2018

Wallet to be Removed in Wake of Second Hack

That’s right — the “unhackable wallet” got hacked not once, but twice.

Perhaps due to McAfee’s brazen idea to put a $100,000 USD bounty out for hackers, someone first hacked the wallet just one week after its launch. However, it was not until they raised the bounty to $250,000 USD that someone hacked it.

The person also had to purchase a wallet for $120 USD beforehand, as well.

Twitter user OverSoftNL detailed how the hack went down with McAfee rebuffing the attempt tweeting: “Can you get the money on the wallet? No. That’s what matters.”

It’s a bummer for Bitfi, crypto-wallet maker, who did ask for help from the infosec community after the initial hack took place. As a result of both hacks, the company decided to remove the claim that the wallet is “unhackable”.

Important announcement from Bitfi: pic.twitter.com/SD4ZCJxvLn

— Bitfi – open source: bitfi.dev (@TheBitfi) August 30, 2018

Their statement outlines vulnerability confirmation, wallet shut down, and shut down of the “bounty programs”. I guess that means the initial hackers won’t get those $250,000 bonuses.

The second attack enabled hackers to get all stored funds in an unmodified Bitfi wallet. It involves the salt value and secret phrase which hackers can extract. Thus, they can generate private keys and then steal the money in the wallets.

It’s known as a “cold boot attack” that can happen even with Bitfi wallets turned off.

on a completely unrelated note, here is a @Bitfi6 being cold boot attacked.

it turns out that rooting the device does not wipe RAM clean. who would have thought it!?

🎶 i feel this music is very appropriate for @Bitfi6 🎶 pic.twitter.com/jpSnYBd9Vk

— Schrödinger's BoxᐸOptionᐸCatᐳᐳ (@saleemrash1d) August 30, 2018

Bitfi not Giving up on the Wallet Entirely

Despite the very clear and devastating evidence, Bitfi isn’t giving up yet.

Despite the “negativity and the anger on social media“, Bitfi wants to fix the wallet. They want to address the issue instead of just recalling the product — an admirable notion.

McAfee, however, has remained oddly quiet about this subject on Twitter.