قالب وردپرس درنا توس
Home / Technology / Bitfi Wallet is vulnerable, no bounty, no "unhackable"

Bitfi Wallet is vulnerable, no bounty, no "unhackable"



After weeks in doubt on Twitter, Bitfi finally admits what people in the security industry thought from the first moment they heard about the "unhackable" hardware wallet: probably not.

Backed by John McAfee, Bitfi Wallet is a hardware device for storing crypto currency, marketed recently as "the world's first and only creepy storage space for digital assets."

In support of the incredible assertion, the company offered $ 250,000 to anyone who could empty the wallet using "all attack vectors."

On a long list of tweets at the beginning of August, Andrew Tierney from Pen Test Partners pointed out the many errors in the device, which began with the hardware components, and continued on to the operating system.

Other hackers joined and started playing with their wallet and sent their achievements online: reverse engineering, a John McAfee video playback on the device, a 1

5 year old plays DOOM 7] on it, basically bend it to their will.

Still, Bitfi got stuck in his story and refused to accept reality even when it was assigned a Pwnie (a Razzie from the infosec community) to misrepresent a "most spectacular" security issue. The last nail in the coffin of the "unhackable" claim is a new attack security scientist demonstrated today on an unmodified Bitfi cryptocurrency hardware wallet.

In a video released on Twitter, 15-year-old Saleem Rashid Bitfi sells to play DOOM, showing how easy the unhackable wallet gives up the user-generated sentence and its "salt" value – the two elements required to generate the private key which protects the money.

Shortly after the new hack was released, Bitfi issued a statement saying "it has hired an experienced security manager, confirming vulnerabilities identified by researchers."

The bounty offer is now withdrawn, as it is the "unhackable" branding of the Bitfi wallet. The company plans to launch a conventional bounty program using the Hacker One platform.

This editor encourages you to read the answers to Bitfi's announcement, which is embedded below:


Source link