John McAfee’s Technical Advisor Delivers Lengthy Rebuttal of “Fake” Reviews Of BitFi Hardware Wallet

Omar Faridi
  • John McAfee claims BitFi hardware is unhackable, and promises $100,000 reward for hacking it. 
  • McAfee’s technical advisor criticizes security researcher for his flawed negative review of the wallet.

John McAfee, who has over 846,000 Twitter followers, has recently been promoting the new BitFi cryptocurrency hardware wallet, which claims to have “fortress-like security.” Most of the legitimate reviews available online about the BitFi wallet have been fairly positive, however, Ryan Castellucci, a cybersecurity researcher, wrote a review stating that it was “terrible” – adding:

I strongly advise against using one of these devices.

Soon after, McAfee reacted to the researcher’s review – insisting that his comments were not credible, adding that other negative reviews about the BitFi hardware wallet should not be taken seriously because the people criticizing the device had not even used it.

“Fake” Negative Reviews

Rob Loggia, one of McAfee’s technical advisors, then wrote his own review after he reportedly purchased and used the wallet himself. In his detailed blog post, Loggia wrote

Over the last several days I have seen a few negative “reviews” of the Bitfi online. The word “reviews” is in quotes because none of the pieces I have seen were written by people that actually owned the device. A strange way to review a product, and most of these were just rants by clearly disgruntled anti-fans of John McAfee. Yes, that is a thing for successful people, and McAfee has plenty. Even the real Satoshi Nakamoto has come out of the termite-infested woodwork once again to tender his opinion on the Bitfi, for whatever that is worth to anyone these days.

In the excerpt from his review shared above, Loggia was sarcastically referring to Dr. Craig Wright, a controversial crypto personality who claims to be the real Satoshi Nakamoto, the pseudonymous inventor of Bitcoin (BTC).

Wright is notably among a number of crypto personalities who’ve called the BitFi wallet a “scam”, while McAfee has challenged everyone to try and hack the “optimized utility” device. McAfee claims it is unhackable and says he’ll give $100,000 to anyone who is able to hack it.

Flawed Arguments Against BitFi Wallet

Getting back to Loggia’s review, later he takes a serious jab at Castellucci - claiming that his arguments as to why the BitFi wallet is vulnerable are flawed. The computer security researcher had said that brain wallets “are not 100% secure.” However, Loggia points out that hardware wallet is not a “pure” brain wallet.

Loggia goes on to explain that:

A brain wallet is simply a tool that allows you to generate a private key from your phrase for one currency and store it offline. The Bitfi does much more than this, both in terms of actually using cryptocurrency and in terms of authentication. So arguments against a "pure" brain wallet do not allow us to dismiss the Bitfi.

The technical advisor also criticizes a number of other reasons given by Castellucci as to why the BitFi wallet may be insecure, pointing out that simply because Castellucci had the credentials and background to support his negative review of the wallet does not mean that others should “extend credibility” to it.

He further noted that people had been sharing Castellucci’s review online without even reading it carefully, presumably because he was an “expert.”

Notably, not all of Castelucci’s comments were critical of the BitFi wallet. He did say that “for some users, this really will provide adequate security.”

Thus far, there are still no reports of anyone being able to hack a BitFi hardware wallet.


 

Peter Schiff Admits to Entering PIN Instead of Password for His Blockchain Wallet

Siamak Masnavi

On Wednesday (January 22), famous gold bug Peter Schiff finally admitted that he lost access to the bitcoin held in his Blockchain Wallet because he had misunderstood how this wallet works. However, not all the blame for this incident should be pointed to Schiff.

Schiff is the CEO of Euro Pacific Capital, a full-service, registered broker/dealer specializing in foreign markets and securities, and founder and Chairman of SchiffGold, a full-service, discount precious metals dealer. He is also a man who is extremely bullish on gold, bearish on the U.S. dollar, and highly skeptical about Bitcoin.

On 4 July 2019, Schiff revealed that he owned some Bitcoin (BTC), Ether (ETH), and Bitcoin Cash (BCH), and said that he was going to HODL his bitcoin no matter what happens to the Bitcoin price.

Then, last Sunday (January 19), Schiff took to Twitter to express his anger with Bitcoin after allegedly losing access to the crypto wallet that holds his bitcoin:

Although Schiff said at the time that the wallet app he was using -- which we know know was the iOS version of Blockchain Wallet (made by Blockchain.com) -- had "somehow" become "corrupted" and that is why his password -- which he was sure of remembering correctly -- was being rejected, most people in CryptoTwitter seemed to believe that this was just a case of a "boomer" who has simply forgotten his wallet's password:

Eric Voorhees, Founder and CEO of ShapeShift, whom Schiff claims was the person who set up Schiff's wallet in the first place, says that it is Schiff who is to blame (and not Bitcoin) for forgetting his password and not making a note of his wallet's recovery phrase:

However, last night (January 22), three days after first reporting the loss of access to his entire Bitcoin holdings (which had mostly been gifted to him by members of the crypto community on Twitter), Schiff admitted that this situation was not due to a corrupt wallet but the fact that he had been confused about the concepts of PIN and password for his Blockchain Wallet; what made things worse was that he did not know/have neither the password nor the 12-word backup/recovery phrase: 

Having spent some time playing with the Blockchain Wallet, here is one possible explanation for what really happened. 

When you create a new Blockchain Wallet, you are asked to specify an email address (which acts as your username), a password (which is needed in case you ever logout or are logged out of your wallet), and a 4-digit PIN (which the wallet apps asks for -- if you have not setup biometric authentication -- whenever it is restarted, in order to "decrypt" your wallet). 

It is essential to note that the Blockchain Wallet does not force the user to record a 12-word or 24-word recovery/seed phrase at the time that the wallet is being created, i.e. this step is optional. After the wallet has been created, you need to go to the app's menu and choose "Backup Funds", at which point you are asked to write down each of the 12 words of the "backup phrase" the app assigns to your wallet.

So, if Schiff is telling the truth about never knowing the password of the backup phrase, then it looks like the person who created the wallet for him (i.e. Vooerhees) may have not told Schiff the wallet's password and not told him to make a note of the backup phrase.

Therefore, we can certainly blame Schiff for not bothering to understand how his wallet works, but it is also true that developers of crypto wallets need to do more to improve wallet usability in order to prepare for the mainstream adoption of crypto.