John McAfee's Bitfi wallet hacked, again | finder.com

John McAfee’s Bitfi wallet hacked, again

Peter Terlato 13 August 2018 NEWS

Will Bitfi cough up the cash and pay hackers their earned bounty or use an excuse to avoid remuneration?

Notorious cryptocurrency supporter and social media influencer John McAfee issued a US$100,000 bounty in late July for any person who could hack his Bitfi digital wallet. So, hackers went to work on cracking the device.

Soon after McAfee’s challenge was issued, the bounty was raised to US$250,000. However, a separate bounty was conceived to help Bitfi “identify potential security vulnerabilities” in the firmware encryption of the device.

This new bounty offers up a US$10,000 reward to those in the digital asset community.

Andrew Tierney, a security consultant for Pen Test Partners, took to Twitter this week to proclaim that he successfully made a transaction using the Bitfi digital wallet, supposedly fulfilling the US$10,000 bounty.

Bitfi’s bounty states that the firmware of the Bitfi device must be modified, the device must connect to the Bitfi Dashboard and should be able to transmit either private keys or the users secret phrase to a third party.

In a recent interview, Tierney told The Next Web that his hack meets all of Bitfi’s bounty requirements.

“We have sent the seed and phrase from the device to another server, it just gets sent using netcat, nothing fancy,” Tierney revealed. “We believe all [conditions] have been met.”

A 15-year-old security researcher, Saleem Rashid, was credited with running old-school computer game DOOM on the Bitfi device but McAfee claimed that the teen didn’t remove any coins, so the hack was unsuccessful.

Below, you can see footage of the teenager playing the popular 90s first-person shooter on Bitfi’s digital wallet.

Earlier this month, hackers intent on claiming the US$250,000 prize identified security flaws on the device:

  • A lack of tamper protection, letting people install malware before sale and otherwise manipulate it freely without leaving tracks.
  • The ability to installing bugs that “listen” to the connection between the touchscreen and chip, to relay the password.
  • The ability to reprogram the device with root access.
  • The ability to access a user’s Bitfi dashboard account from a tampered-with device.

On top of that, the device was also found to have various tracking apps phoning-home to different web services, such as Baidu, so users would also need to trust in the security of a range of third party data-collectors and this means that the wallet is internet-connected, which is exactly what a hardware wallet should not do.

Standards are key to doing anything at scale. Standardisation allows for compatibility between different systems, quicker growth and an easier way of achieving higher standards in most things. Cybersecurity is one of those things. In mid-June South Korean cryptocurrency exchange Bithumb was hacked, revealing that even the best-known and most reputable centralised exchanges can lose customer funds to ingenious attackers.

You can learn all about different exchanges, understand exactly how to buy and sell cryptocurrencies, calculate your taxes, discover digital wallets to hold assets and explore a list of all the alternative coins on the market.

Disclaimer: This information should not be interpreted as an endorsement of cryptocurrency or any specific provider, service or offering. It is not a recommendation to trade. Cryptocurrencies are speculative, complex and involve significant risks – they are highly volatile and sensitive to secondary activity. Performance is unpredictable and past performance is no guarantee of future performance. Consider your own circumstances, and obtain your own advice, before relying on this information. You should also verify the nature of any product or service (including its legal status and relevant regulatory requirements) and consult the relevant Regulators' websites before making any decision. Finder, or the author, may have holdings in the cryptocurrencies discussed.

Latest cryptocurrency news

Picture: Shutterstock

Ask an Expert

You are about to post a question on finder.com:

  • Do not enter personal information (eg. surname, phone number, bank details) as your question will be made public
  • finder.com is a financial comparison and information service, not a bank or product provider
  • We cannot provide you with personal advice or recommendations
  • Your answer might already be waiting – check previous questions below to see if yours has already been asked

Finder only provides general advice and factual information, so consider your own circumstances, or seek advice before you decide to act on our content. By submitting a question, you're accepting our Privacy and Cookies Policy and Terms of Use.
Go to site