Connect with us


John McAfee’s Bitfi wallet hacked, to remove ‘unhackable’ tag from marketing materials

Anirudh VK



John McAfee's Bitfi wallet hacked, to remove 'unhackable' tag from marketing materials
Source: Unsplash

Bitfi wallet, the so-called “unhackable” wallet championed by John McAfee, recently released a statement that they would be removing the “unhackable” tag from their marketing materials in response to the security of the device being compromised by user @spudowiar on Twitter.

They also suspended their bounty program but launched “conventional” through the Hacker One platform. The statement in question said that Bitfi has hired a security manager to “confirm vulnerabilities” that have been discovered by researchers. They said:

“While our intention has been to unite the community and accelerate the adoption of digital assets worldwide, we realize that some of our actions have been counterproductive to that goal.”

Source: Bitfi official website

Source: Bitfi official website

Source: Bitfi official website

Source: Bitfi official website

Even as Bitfi stated that they will no longer use the claim of their wallet being unhackable, the website displays instances of the usage of the term both on their homepage and some other pages.

The attack successfully removed all the stored funds from a Bitfi wallet which was unmodified, with the inherent flaws in the architecture of the wallet. It was uncovered by researchers Saleem Rashid and Ryan Castellucci as a part of the team “THCMKACGASSCO”, and can be executed even when the wallet is switched off.

The wallet reportedly relies on a two-fold method to ensure the security of the users’ funds. One is the secret phrase, a mainstay of any wallet storing cryptocurrencies, and the other is a “salt” phrase or value, which is used to encrypt the secret phrase to deny access.

In a statement to TechCrunch, Rashid stated that the private keys are stored in the memory of the wallet. Moreover, he posted a video on to Twitter of the wallet being ‘cold boot attacked’, as rooting the device does not wipe the RAM. This, in turn, led to him extracting the memory, finding the keys and successfully removing the funds from the wallet.

The video shows Rashid running an exploit on the computer that effectively hacks the unhackable wallet. After proceeding with the exploit, the funds are effectively removed from the wallet.

John McAfee, who promoted the wallet extensively, said, after the first exploit:

“The press claiming the BitFi wallet has been hacked. Utter nonsense. The wallet is hacked when someone gets the coins. No-one got any coins. Gaining root access in an attempt to get the coins is not a hack. It’s a failed attempt. All these alleged “hacks” did not get the coins.”

In a statement to TechCrunch, Bill Powell, the Vice President of Operations at BitFi, stated:

“[A hack is] anything that would allow an attacker to access funds held by the wallet…because the device does not store private keys, that is what prompted the unhackable claim”

Security researchers, however, claimed that any update by the team would not be able to fix the wallet to make it more secure. This is due to the fact that the flaw is inherent in the architecture of the system.

User dwfogel said:

“If you guys are serious the first thing you need to do is recall the current hardware – it’s inherently insecure.”

User OverSoftNL, one of the first security researchers to attempt hacking the wallet also agreed that it was insecure, stating:

“It is, there is no way to fix this with a firmware update.”

Subscribe to AMBCrypto’s Newsletter

Follow us on Telegram | Twitter | Facebook

Anirudh VK is a full-time journalist at AMBCrypto. He has a passion for writing and interest towards the future of blockchain technology and cryptocurrencies. He does not own any cryptocurrencies currently.


Basic Attention Token surges by over 6% as Ad Launch nears

Namrata Shukla



Baisc Attention Token surged by over 6% over ads launch hype
Source: Pixabay

The cryptocurrency market appears to be bleeding, however, few altcoins have reported small surges over the past few days, like Basic Attention Token [BAT].

The coin, on April 18 when the entire market was mostly red, surged by over 10% and was trading at $0.3618, its all-time high since July 2018. On April 20, BAT reported a growth of over 6% and was valued at $0.3947, breaking its immediate resistance.

Source: CoinMarketCap

Source: CoinMarketCap

BAT reported a market cap of $493 million and a 24-hour trading volume of $57 million. The coin noted a 6.47% rise in its price over the past day and reported a seven-day surge of 31.20%. BAT continued to register a growth of 1.18% over the past hour.

Crypto-enthusiasts speculate the reason for the surge in prices to be the launch of advertisements on the Brave Browser this month. The BAT token is essentially based on entertainment and can be obtained through a variety of advertising and attention-based services on its platform. According to Twitter user @CryptoNilla,

“They are about to launch ads this month hence the pump.”

BAT was highly traded on ZB.COM exchange as it noted a volume of $8 million via the BAT/USDT pair. The second place was taken by Binance, the largest cryptocurrency exchange as it reported a trading volume of $7 million via the BAT/BTC pair. IDCM was on the third place with $6 million in volume via the BTA/BTC pair.

Subscribe to AMBCrypto’s Newsletter

Continue Reading