McAfee’s ‘Unhackable’ Bitcoin Wallet Allegedly Hacked

August 2, 2018 9:45 PM UTC

John McAfee’s Bitfi bitcoin wallet has allegedly been hacked after its creator issued a $250,000 hacking challenge. Bitfi, which has marketed the wallet as “unhackable,” alongside promoter John McAfee has not yet responded to a post from security research group OverSoftNL, where it claimed to have obtained root access.

Accusations and Speculation

The tweet at the center of the furor was posted yesterday, Aug. 1 by Oversoft, and it read:

“Short update without going into too much detail about BitFi: We have root access, a patched firmware and can confirm the BitFi wallet still connect happily to the dashboard. There are NO checks in place to prevent that like claimed by BitFi.”

Bitfi did not immediately respond to the tweet but later appeared to make reference to it in a subsequent post at 8:18 PM.

In a subsequent tweet on the same thread, Oversoft then accused Bitfi of using its $250,000 bounty as a marketing ploy, hinting that it would not hand over any information about security weaknesses just yet.

Bitfi Controversy

Much like its promoter, Bitfi has made a bit of a reputation as a bold, daring ,and sometimes brash self-promoter, repeatedly claiming that the hardware wallet is unhackable and even promising a cash bounty to anyone that could successfully hack it.

From $100,000, this bounty quickly went up to $250,000 as John McAfee ratcheted up the rhetoric in response to criticism from security researchers. For added measure, Bitfi then made sure to specify that the bounty was not intended to help it identify security vulnerabilities, maintaining that its claim of being “unhackable” was absolute.

A war of words then broke out between Bitfi and a series of security researchers who one after the other, picked holes in Bitfi’s claims. Notably, Ryan Castellicco was quoted as saying that Bifi is “a cheap stripped down Android phone” that he would “strongly advise against using.”

Another set of researchers then accused Bifi of harboring questionable apps on its device including Chinese search engine Baidu and the Adups malware, both of which they said regularly “called home.”

In response, Bitfi issued a comprehensive denial of these claims, accusing Oversoft of working for its competitors and reiterating its $250,000 bounty.

Yesterday however, Oversoft seemed to indicate that they have evidence to back up their claims, mentioning that the apps in question actually monitor and report on users, contrary to what Bitfi stated.

In the event that the Bitfi wallet has been hacked, it remains to be seen what that would mean for Bitfi and McAfee, both of whom had yet to respond as of press time.

Featured Image from Flickr/NullSession

Last modified: June 10, 2020 10:50 AM UTC

David Hundeyin @DavidHundeyin

I am a busy Nigerian writer, journalist and writer with an interest in tech and finance. When I'm not contributing to CCN and traveling around Africa, you can catch me contributing to CNN Africa, or in the writers room at 'The Other News', Nigeria's weekly answer to 'The Daily Show' with nearly 2 million viewers. My work on 'The Other News' was featured in the New Yorker Magazine, and that was then cited in the Washington Post so I'm not sure that counts as a feature but I'll definitely mention it too! I have been nominated by the US State Department to take part in the 2019 Edward R. Murrow Program for journalists under the International Visitors Leadership Program. I also like hamsters. You can reach me on Twitter at _David_Hundeyin