Bitfi Retracts ‘Unhackable’ Claims

Written by

A cryptocurrency wallet device-maker has closed its bug bounty program and retracted claims it is unhackable after a researcher demonstrated yet another successful attack.

The $120 Bitfi device is backed by outspoken security pioneer John McAfee, who still claims it is unhackable despite researchers confirming they have been successful on multiple occasions.

“As part of our ongoing efforts to protect our customers we have hired an experienced Security Manager, who is confirming vulnerabilities that have been identified by researchers. Effective immediately we are closing the current bug bounty programs which have caused understandable anger and frustration among researchers,” read a statement from the company posted on Twitter.

“Effective immediately, we will be removing the ‘unhackable’ claim from our branding which has caused a significant amount of controversy. While our intention has always been to unite the community and accelerate the adoption of digital assets worldwide, we realize that some of our actions have been counterproductive to that goal.”

Researchers became increasingly frustrated with the firm, claiming that its definition of ‘hack’ was too narrow. To qualify for the $100,000 reward, it emerged that individuals had to access cryptocurrency from a device locked with an unknown passcode.

The final nail in the coffin of Bitfi’s controversial marketing strategy appears to have been a video of a successful cold boot attack posted by 15-year-old white hat Saleem Rasheed.

However, McAfee has doubled down on the claims, posting a $20m challenge on Twitter to hack the device.

Bitfi was given the “lamest vendor response” award at Black Hat USA this summer in light of its ongoing spat with the research community.

What’s hot on Infosecurity Magazine?