With very large sums of money circulating around, it's not astonishing that the huge Bitcoin ecosystem is filled with scams, cyber attacks and hacks of all types. Working in such climate, careful users are always heedful of their security and find out to avoid fierce claims that are in some cases more of the same. A more recently released version of the wallet was regarded to be 'unhackable' by its developers and promoters, such as John McAfee, which has surely activated security researchers.
After the unveiling of the Bitfi hardware wallet in June this year, its formal promotional material touted it as the 'first truly unhackable' wallet, promising 'impenetrable security' plus great operation 'without any risk of loss'. It also promised to provide more security than any other existing genre of storage, such as cold storage.
Proclaiming the device as being truly 'unhackable', which Bitfi avowed is an intense daring claim, was John McAfee.
“Of all today’s elaborate and sophisticated methods for making wallets secure and easy to use, surely none is as epic as that of the new Bitfi wallet. Several of my competitors have pioneered innovative methods to protect private keys, but Bitfi pulled out all the stops to ensure that the private key can never be obtained by illicit means. No other hardware wallet has ever been built to this level of sophistication,” McAfee is quoted as saying.
This degree of genius security was allegedly accomplished primarily by duly employing a proprietary open-source algorithm which derives the private key from a user's self-generated secret phrase.
“The private key only exists for a fraction of a second, just long enough to approve the transaction and is never stored anywhere.” And the developers added that: “Unlike other wallets, the Bitfi wallet cannot be tampered with. If it is ever lost, stolen, taken apart and forensically analyzed, the private keys cannot be retrieved, making the wallet safe to purchase from anyone within the network of authorized distribution dealers.”
Incipient reviews were so cruel to Bitfi, with one security researcher concluding that their product is a 'footgun' - a device made to shoot oneself in the foot. McAfee, famous for being a shillaber in the cryptocurrency ecosystem but has believability to lose in the cyber security space as a pioneer of antivirus, replied back by calling critics 'haters' and pessimistic reviews as 'fake' since they were based on Bitfi documentation instead of carrying out a thorough examination of the actual device. Furthermore, he allowed people to hack the device and be rewarded a $100,000 bounty.
That has made security researchers to touch their tools and start reacting to the hacking challenge, and so far they have already explored a few interesting concepts and things.
According to their combined efforts, the wallet hardware seems to be basically that of MediaTek MT6580, a Chinese mobile phone, excluding the SIM card and the camera. The firmware has got a malware suite (Adups FOTA), a Baidu GPS/WIFI tracker plus a tracker able and efficient of logging all operation on the device.