It’s happened again, McAfee’s not-so-fortress of a wallet, BitFi has been hacked by another team of hackers who should now qualify for McAfee’s lesser not-bug-bounty of $10,000.00. We say not bug bounty, as McAfee claims that the reward he is offering to potential hackers is not a bug bounty, because the wallet is so secure and it has no bugs to exploit.
All though, BitFi keeps getting hacked.
As a matter of fact, one hacked, aged 15 even managed to install a fully working version of the video game ‘Doom’ on one.
See our coverage of the Doom story, here.
Well, that’s a transaction made with a MitMed Bitfi, with the phrase and seed being sent to a remote machine.
That sounds a lot like Bounty 2 to me. pic.twitter.com/qBOVQ1z6P2
— Ask Cybergibbons! (@cybergibbons) 13 August 2018
Cybergibbons, a hacker outfit have managed to hack a BitFi wallet in order to view communications between the wallet and the network. According to Gizmodo.co.uk:
“According to security researcher Andrew Tierney (aka Cybergibbons), the team was able to intercept communications between the wallet and Bitfi which shows it’s still connected to the dashboard – despite the modifications that have been made. He also confirmed that the device’s private keys and its passphrase to a remote server, which he believes qualifies them for the smaller bounty.”
See more for yourself, here.
Although, it does seem that the smaller bounty won’t be paid out, simply because McAfee’s team at BitFi, keep changing the rules. Moreover, according to another tweet from Cybergibbons, BitFi have actually got a little defensive about this one –
Image sourced from – @cybergibbons
This image has been shared by the Cybergibbons Twitter page and seems to suggest that instead of accepting the fact BitFi is hackable, they are behaving abusively towards those that are exposing the vulnerabilities that McAfee dared so many people to attempt to expose.
What can we take from this?
Altogether, it’s a very strange situation. BitFi is hackable, many many people have proved that this is the case, yet McAfee and the BitFi team fail to accept that. All they need to do is admit defeat and say ‘thanks’. Thank the hackers who are exposing the vulnerabilities, give them the reward they worked for and use the experience in order to bolster the devices security. This is a learning curve, by trying to remain bold and persistent, BitFi are only damaging the reputation of their product. After all of this, is anyone really ever going to be able to trust them?