Researchers who hacked ‘unhackable’ Bitfi wallet respond to threats

15 Aug, 2018
by David Robb
Researchers who hacked ‘unhackable’ Bitfi wallet respond to threats

The developers of the Bitfi cryptocurrency wallet, which was endorsed by John McAfee and supposed to be 'unhackable', issued a threat to researchers who claimed to have hacked it. In a tweet that has since been deleted, Bitfi warned that "lies and deception you deliberately spread...can have consequences", and the researchers have now publicly responded.

Read more: McAfee shrugs off Bitfi hack claims as "meaningless"; Researchers want bug bounty as they continue to hack McAfee's Bitfi wallet

After a relatively minor hack which McAfee had shrugged off as meaningless, yesterday saw a major security breach by a team of researchers. This hack appeared to meet the conditions for Bitifi's promised $10k bug bounty, but the developers were not willing to accept it as valid.

Through Twitter, Bitfi responded confrontationally to the news, with this latest tweet suggesting that the researchers should be aware of "who you picked fight with" (sic).

Undeterred by this, the researchers issued a statement criticizing Bitfi's constant redefinition of what 'unhackable' means. They claimed that "the bounty is a strawman, designed to allow Bitfi to claim they haven't been hacked... In reality, the bounty only covers a single attack: sending your wallet (which has a strong seed and phrase) via UPS (taking several days) to an attacker. This doesn't emulate the real world". 

They claimed that in the course of their research into Bitfi's vulnerabilities, they had "been able to...Root a wallet...Intercept all SSL communications between the wallet and servers...Sign a Bitcoin transaction under these conditions...Sniff the user's phrase and seed and send it to another machine under these conditions".

Observers on Twitter were shocked by the attitude of Bitfi towards the community, and some pointed out that perhaps it was Bitfi and not the researchers that needed to tread lightly.

Follow Chepicap now on Twitter, Telegram and Facebook!


Should BitFi pay the bug bounty?

(29 votes)

Add a comment

Check out the latest news

You will be logged out and redirected to the homepage