I’m so surprised the unhackable Bitfi wallet was hacked — said no one ever. While this was not even the first time the $120 hardware wallet was hacked, it was enough for Bitfi to strike the “unhackable” claim from its website.

Bitfi wallet backer and big mouthpiece John McAfee, however, still claims the cryptocurrency wallet is unhackable and went so far as to offer $20 million to one particular hacker if he can hack McAfee’s wallet.

BitFi offered $100,000 to anyone who could take the coins from its factory wallet. Hackers complained it was too little, and why should they have to buy the wallet. It increased to $250,000. No takers. I'm now offering $20 mil to one fraudulent hacker - @cybergibbons He refused. — John McAfee (@officialmcafee) September 1, 2018

A month ago, McAfee upped the bounty for hacking the “unhackable” wallet from $100,000 to $250,000. That bounty, which many in the security community deemed a sham, specified that a hack counted only if someone got the coins off the “cut-down Android phone” wallet. Bitfi refused to pay researchers who did hack the device, claiming the attacks didn’t meet the bounty conditions. It wasn’t horribly surprising that Bitfit won the PwnieAward for “Lamest Vendor Response.”

Security researchers such as Pen Test Partners’ Andrew Tierney kept finding ways to hack Bitfi, and Bitfi kept finding ways to deny them the promised bounty payout.

The latest Bitfi hack

The newest hack of Bitfi, a cold boot attack, was pulled off by 15-year-old Saleem Rashid, who previously turn Bitfi into a Doom gaming console. Rashid is part of a team of security researchers going by “THCMKACGASSCO.”

here's a @Bitfi6 being cold boot attacked by an Android phone. the actual attack takes mere seconds. trivial to Evil Maid it while you're not looking. the RAM analysis takes over 2 minutes on my phone (only 1GB RAM), but we can dump RAM in 40 seconds 😉



appropriate 🎶 as always pic.twitter.com/uNL5cLlSi6 — Saleem "Unhackable" Rashid (@spudowiar) September 1, 2018

Despite Bitfi having been hammered and exploited many times, Bitfi finally backed off its “unhackable” claim shortly after Rashid posted video proof of the hack on Twitter.

Bitfi issued a statement that it would remove the “unhackable” claim from its branding as it “caused a significant amount of controversy.” The company didn’t stop there; it hired “an experienced Security Manager, who is confirming vulnerabilities that have been identified by researchers.” After confirmation, the flaws are allegedly to be publicly announced and addressed.

Additionally, Bitfi closed the “current bounty programs that have caused understandable anger and frustration among researchers.” It further claimed that a “conventional bounty program” would be launched via Hacker One.

Despite that promise, Hacker One CEO Mårten Mickos said Bitfi had not yet initiated any communication about launching a bounty program.

BitFi has not been in touch with us & there is no conversation going on. There are specific criteria and t&c for any company to qualify to run a program on our platform. Mårten Mickos (@martenmickos) August 31, 2018

McAfeee offers Tierney $20 million to hack Bitfi

John McAfee, however, seems incapable of clamping his mouth shut. He zeroed in on Tierney, aka @cybergibbons, taunting him to accept a $20 million challenge to hack McAfee’s Bitfi wallet. The strings attached seem pretty creepy: McAfee said he would pay Tierney’s way to the United States where Tierney would stay at McAfee’s house. If Tierney can get the $20 million in cryptocurrency off McAfee’s Bitfi wallet, then the money is his. McAfee claims Tierney won’t accept, since “Bitfi is unhackable.”

To the gentleman who claims to have Hacked the BitFi wallet: I say he is a publicity hound who is all talk. Here is my personal challenge. I promise he is too much of a coward to accept. He is only a wannabe hacker. He knows he cannot do it. Are you listening asshole? pic.twitter.com/spj3NJzVVv — John McAfee (@officialmcafee) September 1, 2018

McAfee’s challenge has been made into a Hitler video.