John McAfee-Backed BitFi Hardware Wallet Is Not A “High-Integrity” Device, Says Security Expert

Omar Faridi
  • A security consultant says the BitFi hardware wallet is not a “high-integrity device”, but rather a “low-end Android phone."
  • McAfee has increased the reward for hacking the BitFi wallet from $100,000 to $250,000 and will reportedly release a video tomorrow to refute all the “nonsense.”

The John McAfee-backed BitFi hardware wallet has been heavily promoted as “unhackable” due to its “fortress-like security” by the device’s developers and the eccentric crypto enthusiast.

However, some have suggested that the “impenetrable” $120 wallet may not be as secure as McAfee and the BitFi team claim it is.

Mcafee's faith in the device has also grown - originally promising a $100,000 reward to anyone who would be able to hack the BitFi hardware wallet, he has reportedly increased the bounty to $250,000.

$10,000 Bounty For Identifying Security Vulnerabilities

The BitFi development team has announced a $10,000 bounty as well for anyone who can modify the device’s firmware and then successfully connect to the BitFi dashboard. Additionally, the BitFi team requires that the compromised device must be able to send the private keys or secret passphrase (SEED) associated with it to an (external) third party “while still functioning normally with the BitFi dashboard.”

In the past 24 hours a number of crypto enthusiasts appear to have taken on the challenge and Twitter user @cybergibbons, one of McAfee’s most well-known critics, posted what seems to be a picture of the wallet having been opened and tampered with:

 

@cybergibbons further commented that the device was not “custom designed” and that it resembled a “stripped back, low-end Android phone with parts missing.” The security consultant added that the wallet’s processor was not designed for a “high-integrity device.”

“NO Checks” To Prevent Root Access

Earlier, McAfee and his technical advisor had stated that those who were leaving negative reviews about the BitFi wallet did not even own one or had never used it before. This may have motivated more people to buy the iPhone-like touchscreen device just so that they could try to hack it.

Moreover, @cybergibbons was not the only twitter user who now claims to have compromised the hardware wallet’s security system. User @OversoftNL said that he was able to gain “root access” to the device by modifying its firmware. “There are NO checks to prevent [this] like claimed by BitFi”, @OversoftNL noted.

Soon after these claims surfaced, McAfee responded by tweeting that he would release a “definitive video” tomorrow that would counter all this “nonsense":

Crypto Security and Privacy: Why VPNs Matter

With exchange hacks , crypto thefts and phishing incidents seemingly hitting headlines every week, safely buying and transacting with cryptoassets online has never been more important.

This week saw a particularly poignant lesson in the need for a robust online security strategy, as BitGo Lead Engineer Sean Coonce revealed that he lost over $100,000 from his Coinbase balance as an attacker gained control of his account using a “SIM Port” attack.

One important element in any crypto user’s online security should be a top-tier VPN.

VPNs and Privacy

In addition to a gamut of security and privacy practices crypto users should adopt, including using a hardware wallet and using 2FA authentication (non-SMS), a good VPN can’t be overlooked.

While the top cryptoasset blockchains themselves are quite secure, an individual’s interactions with the blockchain or their funds may not be. VPNs encrypt your data, acting in effect as an extra barrier against anyone who might try and access your information as you are communicating with servers online. The data packets of a crypto transaction in this way become better protected against anyone trying to intercept them as they travel between you and the target - such as an exchange.

When you are using a VPN, all your communications are routed via one of the VPN’s encrypted servers. This also affords you a far greater degree of anonymity, as anyone attempting to track websites you visit, e.g. exchanges, wallets, won’t know when or if you are visiting them.

While these technical features of VPNs make them essential for any crypto user, there are other broader concerns that will likely attract crypto enthusiasts to a quality VPN.

The Spirit of Decentralization

Another important facet of using a VPN is decentralization and the privacy of your information.

Bitcoin was created to fulfil the vision of a decentralized, nation-state resistant currency, allowing people across the globe to exchange value independently. In this vein, VPNs form an essential part of that vision, as it becomes far harder to trace your location.

Whether a VPN stores log files too, will likely form an important part of a crypto users choice of VPN. Some VPN providers, while either dancing around the issue or even claiming that they don’t store records of your internet activity, do in fact log your activity. Choosing a VPN provider that has a proven record of not logging activity, therefore, will matter to many in the crypto community.

One other interesting feature offered by some VPNs is the ability to pay for them using cryptocurrency. While many of the top VPNs don’t offer this feature, those who are particularly conscious of privacy and leaving less of a financial footprint, will factor this capability into their choice of provider.

Getting Started on Your Security Journey

Getting to grips with the potential security minefield that comes with owning and buying cryptoassets is not easy. There are a host of ways you can lose your crypto or leave yourself vulnerable to theft. Making sure you choose the right VPN therefore, should form an important part of your strategy as you seek to secure your crypto and online activity.