Security Researchers Attack McAfee-Backed Wallet for “Unhackable” Claims

With the vast amounts of money going around, it’s no surprise that the greater Bitcoin ecosystem is rife with scams, hacks and cyber attacks of all kinds. Operating in such an environment, cautious users are always mindful of their security and learn to avoid outrageous claims that are sometimes nothing more than just that. A recently released wallet was said to be “unhackable” by its promoters, including John McAfee, and this has naturally triggered security researchers.

Also Read: Football Team in Gibraltar to Pay Its Players in Cryptocurrency

“Unhackable” Bifti Wallet

When the Bitfi hardware wallet was unveiled in June, its official promotional material called it the “first truly unhackable” wallet, promising “impenetrable security” and an operation “without any risk of loss”. It was also said to offer more security than any other type of storage, including cold storage.

Vouching for the device being indeed “unhackable”, which Bitfi acknowledged is an extremely bold claim, was John McAfee. “Of all today’s elaborate and sophisticated methods for making wallets secure and easy to use, surely none is as epic as that of the new Bitfi wallet. Several of my competitors have pioneered innovative methods to protect private keys, but Bitfi pulled out all the stops to ensure that the private key can never be obtained by illicit means. No other hardware wallet has ever been built to this level of sophistication,” McAfee is quoted as saying.

This level of sophisticated security was supposedly achieved primarily by utilizing a proprietary open-source algorithm that calculates the private key from a user’s own unique secret phrase. “The private key only exists for a fraction of a second, just long enough to approve the transaction and is never stored anywhere.” And the developers added that: “Unlike other wallets, the Bitfi wallet cannot be tampered with. If it is ever lost, stolen, taken apart and forensically analyzed, the private keys cannot be retrieved, making the wallet safe to purchase from anyone within the network of authorized distribution dealers.”

Checking Under the Hood

Initial reviews were very unkind to Bitfi, with one security researcher stating: “my conclusion is that their product is most charitably described as a ‘footgun’,” meaning a device designed for shooting yourself in the foot. McAfee, which is known for being a shill in the crypto community but has credibility to lose in the cyber security space as an anti-virus pioneer, shoot back by labeling critics as “haters” and negative reviews as “fake” because they were based on Bitfi documentation rather than examining the actual device. Moreover, he challenged anyone to hack the wallet and receive a $100,000 bounty.

Everyone tells me https://t.co/VJ7qrOxQqL is hackable. Then register as a hacker and do it. We send you the device pre-loaded with $50 in BTC. If you get the BTC we send you $100,000. You will eventually give up. When you do we send you the pass phrase to recover your $50. Do it. — John McAfee (@officialmcafee) July 28, 2018

So security researchers have now gotten their hands on the device and are tearing it apart trying to answer the hacking challenge. And they already discovered a few interesting things. According to their collaborative efforts, it seems that the hardware of the wallet is basically that of a Chinese mobile phone (Mediatek MT6580) minus the camera and SIM card. And the firmware includes a Baidu GPS/WIFI tracker, a malware suite (Adups FOTA), and a tracker capable of logging all activity on the device.

But it does have this eMMC flash chip on it. pic.twitter.com/tUnCG3xKF6 — Ask Cybergibbons! (@cybergibbons) July 30, 2018

Can any system claim to be truly “Unhackable”? Share your thoughts in the comments section below.

Images courtesy of Shutterstock, Bifti.

Verify and track bitcoin cash transactions on our BCH Block Explorer, the best of its kind anywhere in the world. Also, keep up with your holdings, BCH and other coins, on our market charts at Satoshi Pulse, another original and free service from Bitcoin.com.