Bitfi wallet, the so-called “unhackable” wallet championed by John McAfee, recently released a statement that they would be removing the “unhackable” tag from their marketing materials in response to the security of the device being compromised by user @spudowiar on Twitter.
They also suspended their bounty program but launched “conventional” through the Hacker One platform. The statement in question said that Bitfi has hired a security manager to “confirm vulnerabilities” that have been discovered by researchers. They said:
“While our intention has been to unite the community and accelerate the adoption of digital assets worldwide, we realize that some of our actions have been counterproductive to that goal.”
Even as Bitfi stated that they will no longer use the claim of their wallet being unhackable, the website displays instances of the usage of the term both on their homepage and some other pages.
The attack successfully removed all the stored funds from a Bitfi wallet which was unmodified, with the inherent flaws in the architecture of the wallet. It was uncovered by researchers Saleem Rashid and Ryan Castellucci as a part of the team “THCMKACGASSCO”, and can be executed even when the wallet is switched off.
The wallet reportedly relies on a two-fold method to ensure the security of the users’ funds. One is the secret phrase, a mainstay of any wallet storing cryptocurrencies, and the other is a “salt” phrase or value, which is used to encrypt the secret phrase to deny access.
In a statement to TechCrunch, Rashid stated that the private keys are stored in the memory of the wallet. Moreover, he posted a video on to Twitter of the wallet being ‘cold boot attacked’, as rooting the device does not wipe the RAM. This, in turn, led to him extracting the memory, finding the keys and successfully removing the funds from the wallet.
on a completely unrelated note, here is a @Bitfi6 being cold boot attacked.
it turns out that rooting the device does not wipe RAM clean. who would have thought it!?
— Saleem “Unhackable” Rashid (@spudowiar) 30 August 2018
The video shows Rashid running an exploit on the computer that effectively hacks the unhackable wallet. After proceeding with the exploit, the funds are effectively removed from the wallet.
John McAfee, who promoted the wallet extensively, said, after the first exploit:
“The press claiming the BitFi wallet has been hacked. Utter nonsense. The wallet is hacked when someone gets the coins. No-one got any coins. Gaining root access in an attempt to get the coins is not a hack. It’s a failed attempt. All these alleged “hacks” did not get the coins.”
In a statement to TechCrunch, Bill Powell, the Vice President of Operations at BitFi, stated:
“[A hack is] anything that would allow an attacker to access funds held by the wallet…because the device does not store private keys, that is what prompted the unhackable claim”
Security researchers, however, claimed that any update by the team would not be able to fix the wallet to make it more secure. This is due to the fact that the flaw is inherent in the architecture of the system.
User dwfogel said:
“If you guys are serious the first thing you need to do is recall the current hardware – it’s inherently insecure.”
User OverSoftNL, one of the first security researchers to attempt hacking the wallet also agreed that it was insecure, stating:
“It is, there is no way to fix this with a firmware update.”
Subscribe to AMBCrypto’s Newsletter
Binance coin pumps by over 6% in an hour; breaks its all-time high
On June 20, Binance coin [BNB], a coin ranked seventh on CoinMarketCap, surged by a massive 6.38% over the past hour. The coin also broke its all-time high and was trading at $36.47, at press time.
At press time, BNB was being traded at $36.47 with a market cap of $5.097 billion. The 24-hour trading volume of the coin was reported to be $571.64 million, as it spiked by 2.35% over the day. Over the past seven days, the coin noted a rise of 2.03% in its price and continued to rise by 6.38% within the hour.
This hike follows Singapore-based cryptocurrency exchange, KuCoin, listing Binance coin [BNB] and Binance announcing the launch of Elrond project on Binance launchpad. Binance funded the sharding-based public blockchain network in a private funding round, as the company closed the round with $1.9 million. It will be the next project supported by Binance launchpad and the token sale will be carried out in a lottery fashion. The token sale is scheduled to begin from June 22, 00:00 AM [UTC].
The coin was highly traded on Binance exchange with BNB/USDT pair and BNB/BTC pair. BNB/USDT took the first place as it noted a 24-hour trading volume of $137 million, followed by BNB/BTC which reported a volume of $126 million. The third position was taken by LBank exchange, which registered a trading volume of $120 million with BNB/USDT pair.
Subscribe to AMBCrypto’s Newsletter
Using Ripple’s tech is five times more expensive than Western Union’s present system, says CEO Hikmet Ersek
QuadrigaCX Curtain Call Part 3: Private Jets, yachts, a major bombshell and maybe a biopic?
Ver dismisses rumours of BCH collapse, RippleNet update’s ‘new functionalities’ and more
Tron launches Odyssey-V3.6.0 update for mainnet
QuadrigaCX Curtain Call Part 2: Pseudonyms, fake accounts and several multi-million dollar transactions
Bitcoin [BTC]: #DropGold campaign gets called out for being ‘Bitcoin cartel’
Tron’s [TRX] Sun Network testnet goes live as Justin Sun places bet on its ‘unlimited scaling capacity’
Gaming giant Ubisoft takes its first steps towards bridging the gap between crypto and gamers
Tron join hands with LATOKEN to become an IEO payment token
Convincing Warren Buffett to buy cryptocurrency in just three hours is unrealistic, admits Tron’s Justin Sun
Oxfam adopts crypto; distributes disaster relief in the form of cryptocurrencies in Vanuatu
Facebook’s Libra speculated to wash away MoneyGram; Ripple effect on the horizon?
India: New RTI response clarifies India’s stand on cryptocurrency regulation
Bitcoin worth $300,000 at the center of an alleged scandal involving Brazil’s Justice Minister, The Intercept