The controversial McAfee-backed Bitcoin wallet, Bitfi, has withdrawn their claim of being “unhackable” from their website following a series of notable hacks.
The wallet, which claimed to be the first wallet without any risks of being compromised, was discovered to have a series of security flaws following the release of evidence from cybersecurity researchers.
The wallet is a physical device that supports an “unlimited” number of cryptocurrencies, with a price tag of $120.00. The company is registered in London, and was created by a 38-year-old American, named Daniel Khesin.
The device has been taunted as being “a Colt 45 of the crypto world” and the world’s first “unhackable” device by Bitfi shill, John McAfee. A key feature of the Bitfi wallet is that the private keys of the device are not stored anywhere, so if the device is stolen or lost, the private keys cannot be extracted from it.
McAfee, in partnership with the wallet’s creators, offered a $250,000 reward for anyone that could hack the wallet, which generated significant press for the company, along with attention from hackers. The offer, however, backfired on Bitfi, as multiple cybersecurity researchers and experts discovered fatal flaws in the wallet.
Major Security Flaws Discovered in Bitfi Wallet
One such attack on the device was conducted by a team of security researchers who found that the local keys can be extracted from the device’s memory by running a basic code that can take memories from the device. The researchers told TechCrunch that their attack is “is both reliable and practical, requiring no specialist hardware.”
Although major security flaws were found in the platform, hackers were not able to withdraw any Bitcoin, which made the $250,000 bug-bounty nullified according to McAfee and Bitfi. They referenced the initial terms of the bounty which specified that hackers must actually remove Bitcoin from the wallet in order to receive the bounty. This infuriated hackers, who felt that the Bitfi team were ignoring major security flaws because they didn’t want to admit that the wallet isn’t as secure as advertised.
On August 30th, Bitfi announced on their Twitter that they were removing the “unhackable” claim from their website, saying:
“Effective immediately, we will be removing the ‘Unhackable’ claim from our branding which has caused a significant amount of controversy. While our intention has always been to unite the community and accelerate the adoption of digital assets worldwide, we realize that some of our actions have been counterproductive to that goal. Please stay tuned next week for our public announcement.”
John McAfee, however, is still maintaining that the wallet is incredibly secure, saying on his Twitter that:
“It’s selling like hotcakes. And, still, no one has been able to hack it and get the coins. Since the purpose of the wallet is to store coins, every claimed “hack” has been unsuccessful. It is clearly unhackable.”
McAfee also disregarded many of the claims of security flaws discovered while the bug-bounty was ongoing, writing many of them off as “nonsense claims” generated by “monolithic competitors in the hardware wallet space.”
It is unclear whether or not the Bitfi controversy has affected sales of the product in any way, but potential purchasers were likely turned off by the unrealistic claims and the unprecedented scrutiny of the wallet’s security.