McAfee’s ‘Unhackable’ Crypto Wallet Hacked
When John McAfee described the Bitfi crypto wallet as unhackable, it quickly drew many people’s attention. For users in constant fear of having their crypto assets stolen by cybercriminals, it was reassurance. For computer experts, however, McAfee’s proclamation was taken as a challenge. Less than two months later, a number of people have emerged claiming to have cracked the ‘unhackable’ wallet, with the latest being a group of researchers who were able to send signed transactions with the device. This comes just days after a 15-year-old security expert reportedly hacked the wallet and played the renowned shooting game Doom on it.
John McAfee has become one of the biggest Bitcoin bulls around, having at one time declared that Bitcoin would hit $500,000 by 2020. The computer security pioneer has also backed a number of crypto startups over the past few months, but none as bold as Bitfi. In June, the now executive chairman of Bitfi declared that the company’s hardware wallet was the world’s first unhackable crypto wallet. To illustrate his level of confidence in his bold claim, he announced a $100,000 bounty – later raised to $250,000 – for any hacker who could prove him wrong. And the hackers accepted the challenge.
As reported by The Next Web, a group of researchers recently announced that they had hacked the Bitfi wallet. The researchers were able to send signed transactions with the device, throwing into question McAfee’s claims. The group began by gaining root access to the wallet about two weeks ago. McAfee was quick to dismiss this via Twitter, claiming it to be as “useless as a dentist license on a nuclear power plant.” The team then tracked the data being sent from the device for close to two weeks, intercepting it periodically to display silly messages on the screen. According to one of the researchers, Andrew Tierney, intercepting the data was done just to prove that the wallet was connected to the Bitfi servers and that it functioned fully despite the significant modification.
Tierney and his group of researchers also used the device to send sensitive data – its private keys and passphrase – to a private server. In doing so, the team believes it has fulfilled all the conditions laid out by McAfee and that it deserves to receive the promised bounty. But will McAfee pay up, or was it all just big talk to grab attention?
Days ago, 15-year-old Saleem Rashid also managed to breach the ‘unhackable’ wallet and went ahead to do what teenagers love doing: play a video game. A video of Rashid playing Doom surfaced on Twitter, leading many to question McAfee’s claims. However, Rashid didn’t manage to gain access to any cryptos, a fact that McAfee was quick to point out, terming the hacking claims “utter nonsense.”
The Bitfi wallet costs $120, a reasonable price if it proves to be really unhackable. Its security stems from the fact that its security keys aren’t stored on the device. Instead, the wallet allows users to generate their own secret passphrase which is easier to memorize. Once this secret passphrase is keyed in, Bitfi’s algorithm calculates a private key giving the user access to the wallet. The newly-generated private key is not stored on the device and is generated afresh the next time one keys in their secret passphrase.