John McAfee’s Bitfi bitcoin wallet has allegedly been hacked after its creator issued a $250,000 hacking challenge. Bitfi, which has marketed the wallet as “unhackable,” alongside promoter John McAfee has not yet responded to a post from security research group OverSoftNL, where it claimed to have obtained root access.
Accusations and Speculation
The tweet at the center of the furor was posted yesterday, Aug. 1 by Oversoft, and it read:
“Short update without going into too much detail about BitFi: We have root access, a patched firmware and can confirm the BitFi wallet still connect happily to the dashboard. There are NO checks in place to prevent that like claimed by BitFi.”
Short update without going into too much detail about BitFi:
We have root access, a patched firmware and can confirm the BitFi wallet still connect happily to the dashboard.
There are NO checks in place to prevent that like claimed by BitFi.
— OverSoft (@OverSoftNL)
Bitfi did not immediately respond to the tweet but later appeared to make reference to it in a subsequent post at 8:18 PM.
Dear friends, we're announcing second bounty to help us assist potential security weaknesses of the Bitfi device. We would greatly appreciate assistance from the infosec community, we need help. Here are the bounty conditions: Thank you, Daniel Khesin CEO
— Bitfi (@Bitfi6)
In a subsequent tweet on the same thread, Oversoft then accused Bitfi of using its $250,000 bounty as a marketing ploy, hinting that it would not hand over any information about security weaknesses just yet.
They deny anything that's not exactly according to their bounty rules, aka: they will never pay a bounty. It's pure marketing.
— OverSoft (@OverSoftNL)
Bitfi Controversy
Much like its , Bitfi has made a bit of a reputation as a bold, daring ,and sometimes brash self-promoter, repeatedly claiming that the hardware wallet is unhackable and even promising a cash bounty to anyone that could successfully hack it.
From $100,000, this bounty quickly went up to $250,000 as John McAfee up the rhetoric in response to criticism from security researchers. For added measure, Bitfi then made sure to specify that the bounty was not intended to help it identify security vulnerabilities, maintaining that its claim of being “unhackable” was absolute.
A war of words then broke out between Bitfi and a series of security researchers who one after the other, picked holes in Bitfi’s claims. Notably, Ryan Castellicco was quoted as saying that Bifi is “a cheap stripped down Android phone” that he would “strongly advise against using.”
Another set of researchers then accused Bifi of harboring questionable apps on its device including Chinese search engine Baidu and the Adups malware, both of which they said regularly “called home.”
In response, Bitfi issued a comprehensive denial of these claims, accusing Oversoft of working for its competitors and reiterating its $250,000 bounty.
Yesterday however, Oversoft seemed to indicate that they have evidence to back up their claims, mentioning that the apps in question actually monitor and report on users, contrary to what Bitfi stated.
Btw, you might notice that the Baidu location tracker and the Adups service are both actually running…
Not just being used for "pinging" like BitFi said…
— OverSoft (@OverSoftNL)
In the event that the Bitfi wallet has been hacked, it remains to be seen what that would mean for Bitfi and McAfee, both of whom had yet to respond as of press time.
Featured Image from Flickr/
Follow us on or subscribe to our newsletter .
•
•
•
Published at Thu, 02 Aug 2018 20:45:55 +0000
bitcoin Wallets[wpr5_ebay kw=”bitcoin” num=”1″ ebcat=”” cid=”5338043562″ lang=”en-US” country=”0″ sort=”bestmatch”]
