Press "Enter" to skip to content

Posts published in “john mcafee”

Auto Added by WPeMatico

‘Unhackable’ BitFi crypto wallet has been hacked

The BitFi crypto wallet was supposed to be unhackable and none other than famous weirdo John McAfee claimed that the device – essentially an Android-based mini tablet – would withstand any attack. Spoiler alert: it couldn’t. First, a bit of background. The $120 device launched at the beginning of this month to much fanfare. It consisted of a device that McAfee claimed contained no software or storage and was instead a standalone wallet similar to the Trezor. The website featured a bold claim by McAfee himself, one that would give a normal security researcher pause: Further, the company offered a bug bounty that seems to be slowly being eroded by outside forces. They asked hackers to pull coins off of a specially prepared $10 wallet, a move that is uncommon in the world of bug bounties. They wrote: We deposit coins into a Bitfi wallet If you wish to participate in the bounty program, you will purchase a Bitfi wallet that is preloaded with coins for just an additional $10 (the reason for the charge is because we need to ensure serious inquiries only) If you successfully extract the coins and empty the wallet, this would be considered a successful hack You can then keep the coins and Bitfi will make a payment to you of $250,000 Please note that we grant anyone who participates in this bounty permission to use all possible attack vectors, including our servers, nodes, and our infrastructure Hackers began attacking the device immediately, eventually hacking it to find the passphrase used to move crypto in and out of the the wallet. In a detailed set of tweets, security researchers Andrew Tierney and Alan Woodward began finding holes by attacking the operating system itself. However, this did not match the bounty to the letter, claimed BitFi, even though they did not actually ship any bounty-ready devices. Something that I feel should be getting more attention is the fact that there is zero evidence that a #bitfi bounty device was ever shipped to a researcher. They literally created an impossible task by refusing to send the device…

Cookies help us deliver our services. By using our services, you agree to our use of cookies. More Info | Close