GREYSTOKE OF GADGETS John McAfee could be $10,000 worse off after his "unhackable" crypto wallet was hacked.
A 15-year-old has modded Bitfi to play Doom, despite software supposedly designed to stop that happening, and before that, a cybersecurity group achieved root access in the first week of the crypto-wallet's release.
But this time, it looks like a group is confident that they've achieved all the criteria set to receive the $10,000 bounty offered for anyone who could crack the supposedly uncrackable.
Up to now, the McAfee backed company has declined to offer up any bounties because nobody had actually managed to steal any cryptocurrency. This time however it looks like that barrier has been cracked too:
Well, that's a transaction made with a MitMed Bitfi, with the phrase and seed being sent to a remote machine.— Ask Cybergibbons! (@cybergibbons) August 13, 2018
That sounds a lot like Bounty 2 to me. pic.twitter.com/qBOVQ1z6P2
The criteria for the bounty, namely - modification, connecting to BitFi servers and sending sensitive data without permission - appear to have been met.
However, on closer inspection, the rules state that the hack must be from a Bitfi unit preloaded with $10 in Bitcoin at purchase and that emptying the wallet is part of the goal.
The explanation ends by warning: "Nothing else will qualify. Please also note that this is not a bug bounty program. This is strictly a bounty to hack into the Bitfi wallet to allow those who claim they can hack it to attempt to do so."
So in other words, it doesn't matter how pwned it is - if it's not done under these criteria, no £10k for you.
As well as displaying "silly messages" on the screen, Cybergibbons (aka security researcher Andrew Tierney) says he was able to send the device's keys and passphrase to a remote server. And now Tierney wants his money.
Based on the support pages of Bitfi, we have a hunch he won't get it.
McAfee has been silent on this issue thus far. His last tweet was almost a day ago announcing he has taken on the CEO position at Luxcore, another Blockchain company.
Bitfi is a $120 dongle for 'digital assets'. It was launched in a blaze of publicity as the most secure crypto solution ever. However, security tinkering has shown its basically an Android device with some (seemingly) rather shonky security layers over the top.
At this stage, even if the bounty isn't paid, a lot of people won't want to touch Bitfi with a bargepole. μ
Much a (dil)do about nothing
Neither the time nor the face
The tiny tweaks are coming thick and fast now
Gitting more secure