After weeks in doubt on Twitter, Bitfi finally admits what people in the security industry thought from the first moment they heard about the "unhackable" hardware wallet: probably not.
Backed by John McAfee, Bitfi Wallet is a hardware device for storing crypto currency, marketed recently as "the world's first and only creepy storage space for digital assets."
In support of the incredible assertion, the company offered $ 250,000 to anyone who could empty the wallet using "all attack vectors."
On a long list of tweets at the beginning of August, Andrew Tierney from Pen Test Partners pointed out the many errors in the device, which began with the hardware components, and continued on to the operating system.
Other hackers joined and started playing with their wallet and sent their achievements online: reverse engineering, a John McAfee video playback on the device, a 1
Still, Bitfi got stuck in his story and refused to accept reality even when it was assigned a Pwnie (a Razzie from the infosec community) to misrepresent a "most spectacular" security issue. The last nail in the coffin of the "unhackable" claim is a new attack security scientist demonstrated today on an unmodified Bitfi cryptocurrency hardware wallet.
In a video released on Twitter, 15-year-old Saleem Rashid Bitfi sells to play DOOM, showing how easy the unhackable wallet gives up the user-generated sentence and its "salt" value – the two elements required to generate the private key which protects the money.
on a completely independent note, here is a @ Bitfi6 becomes the cold boot attack.
it turns out that the rooting device does not dry the RAM clean. Who would have thought so !?
– Saleem "Unhackable" Rashid (@spudowiar) August 30, 2018
Shortly after the new hack was released, Bitfi issued a statement saying "it has hired an experienced security manager, confirming vulnerabilities identified by researchers."
The bounty offer is now withdrawn, as it is the "unhackable" branding of the Bitfi wallet. The company plans to launch a conventional bounty program using the Hacker One platform.
This editor encourages you to read the answers to Bitfi's announcement, which is embedded below:
Important Notice from Bitfi: pic.twitter.com/SD4ZCJxvLn
– Bitfi (@ Bitfi6) August 30, 2018