Bitfi wallet, the so-called “unhackable” wallet championed by John McAfee, recently released a statement that they would be removing the “unhackable” tag from their marketing materials in response to the security of the device being compromised by user @spudowiar on Twitter.
They also suspended their bounty program but launched “conventional” through the Hacker One platform. The statement in question said that Bitfi has hired a security manager to “confirm vulnerabilities” that have been discovered by researchers. They said:
“While our intention has been to unite the community and accelerate the adoption of digital assets worldwide, we realize that some of our actions have been counterproductive to that goal.”
Even as Bitfi stated that they will no longer use the claim of their wallet being unhackable, the website displays instances of the usage of the term both on their homepage and some other pages.
The attack successfully removed all the stored funds from a Bitfi wallet which was unmodified, with the inherent flaws in the architecture of the wallet. It was uncovered by researchers Saleem Rashid and Ryan Castellucci as a part of the team “THCMKACGASSCO”, and can be executed even when the wallet is switched off.
The wallet reportedly relies on a two-fold method to ensure the security of the users’ funds. One is the secret phrase, a mainstay of any wallet storing cryptocurrencies, and the other is a “salt” phrase or value, which is used to encrypt the secret phrase to deny access.
In a statement to TechCrunch, Rashid stated that the private keys are stored in the memory of the wallet. Moreover, he posted a video on to Twitter of the wallet being ‘cold boot attacked’, as rooting the device does not wipe the RAM. This, in turn, led to him extracting the memory, finding the keys and successfully removing the funds from the wallet.
on a completely unrelated note, here is a @Bitfi6 being cold boot attacked.
it turns out that rooting the device does not wipe RAM clean. who would have thought it!?
— Saleem “Unhackable” Rashid (@spudowiar) 30 August 2018
The video shows Rashid running an exploit on the computer that effectively hacks the unhackable wallet. After proceeding with the exploit, the funds are effectively removed from the wallet.
John McAfee, who promoted the wallet extensively, said, after the first exploit:
“The press claiming the BitFi wallet has been hacked. Utter nonsense. The wallet is hacked when someone gets the coins. No-one got any coins. Gaining root access in an attempt to get the coins is not a hack. It’s a failed attempt. All these alleged “hacks” did not get the coins.”
In a statement to TechCrunch, Bill Powell, the Vice President of Operations at BitFi, stated:
“[A hack is] anything that would allow an attacker to access funds held by the wallet…because the device does not store private keys, that is what prompted the unhackable claim”
Security researchers, however, claimed that any update by the team would not be able to fix the wallet to make it more secure. This is due to the fact that the flaw is inherent in the architecture of the system.
User dwfogel said:
“If you guys are serious the first thing you need to do is recall the current hardware – it’s inherently insecure.”
User OverSoftNL, one of the first security researchers to attempt hacking the wallet also agreed that it was insecure, stating:
“It is, there is no way to fix this with a firmware update.”
Subscribe to AMBCrypto’s Newsletter
Basic Attention Token surges by over 6% as Ad Launch nears
The cryptocurrency market appears to be bleeding, however, few altcoins have reported small surges over the past few days, like Basic Attention Token [BAT].
The coin, on April 18 when the entire market was mostly red, surged by over 10% and was trading at $0.3618, its all-time high since July 2018. On April 20, BAT reported a growth of over 6% and was valued at $0.3947, breaking its immediate resistance.
BAT reported a market cap of $493 million and a 24-hour trading volume of $57 million. The coin noted a 6.47% rise in its price over the past day and reported a seven-day surge of 31.20%. BAT continued to register a growth of 1.18% over the past hour.
Crypto-enthusiasts speculate the reason for the surge in prices to be the launch of advertisements on the Brave Browser this month. The BAT token is essentially based on entertainment and can be obtained through a variety of advertising and attention-based services on its platform. According to Twitter user @CryptoNilla,
“They are about to launch ads this month hence the pump.”
BAT was highly traded on ZB.COM exchange as it noted a volume of $8 million via the BAT/USDT pair. The second place was taken by Binance, the largest cryptocurrency exchange as it reported a trading volume of $7 million via the BAT/BTC pair. IDCM was on the third place with $6 million in volume via the BTA/BTC pair.
Subscribe to AMBCrypto’s Newsletter
XRP transactions now available on pilot Automated Teller Machines [ATM] in New Jersey
Has XRP decoupled from Bitcoin? Is it due to immense pressure from manipulators?
Ernst and Young to launch zero-knowledge proof tech on ETH blockchain, Binance Coin skyrockets by over 300% in 2019 and more
New Bitcoin SV [BSV] trading pairs with BTC, USDC, and USDT go live on Float SV
Binance Coin [BNB] isn’t the only coin to record a surge of over 300 percent in 2019
Bitcoin SV [BSV]: John McAfee ‘sues Calvin Ayre in four different countries’; vows to bankrupt him
Cardano [ADA]: Proof of Stake [PoS] throws away expensive process & advances the network, says Charles Hoskinson
Cardano [ADA]: We will emerge from 2019 more decentralized than any other network, says Charles Hoskinson
XRP takes another step into mainstream adoption as Skype hints a possible integration
KRONN [KREX] vs. Ripple [XRP]-Which Cryptocurrency is Better?
XRP and Stellar Lumens [XLM] Price Analysis: Bear surrounds coin despite growth
Bitcoin [BTC]: Officials crack down on massive BTC fraud in ‘largest pill seizure in the history of New Jersey’
Bitcoin [BTC] and Litecoin [LTC] Price Analysis: Prices stagnate as bull run falls short of momentum
Ripple-backed XRPL Labs releases XRPayments on Playstore and App store