The world's first "unbreakable" cryptocurrency wallet, according to John McAfee, drew the ire of security researchers shortly after its launch on July 28, 2018. Cybersecurity specialist Ryan Castellucci was the first to identify Bitfi's supposed security features, alarming other experts who subsequently drew their own conclusions about the Bitfi wallet.
Advertising his wallet, McAfee offered $100,000 to anyone who could hack the “invulnerable wallet.” However, Castellucci and others found that the wallet lacks sophisticated security software and looks too much like a simple Android smartphone.
The researchers compiled a list of instructions, publicly viewable on Pastebin, that load the device's RAM during startup. This step gives them an overview of all the processes pre-installed in the Bitfi wallet. Researchers found that the device does not have internal cold storage, but instead contains malicious software called Adups FOTA that transmits sensitive user data such as calls, texts and location to servers in China every 72 hours. Bitfi additionally comes pre-installed with a version of Baidu, a Chinese app with built-in GPS tracking features. Oddly enough, both apps in question transmitted data to Chinese servers during testing.
Interestingly, the reward is only available under certain conditions. The researchers first purchased a $120 Bitfi device, paid $10 to download coins, and then hacked their own device. The researcher found, for example, that [if] the device had a weak RNG that allowed it to recover the key by examining the series of transactions it generated, it would not have received the reward. He also wouldn't have found a way to hijack their automatic update system to install the keylogger.
Other researchers tweeted that Bitfi bought cheap mobile phones in bulk and sold them as cryptocurrency wallets, with no regard for data privacy or potential loss of funds. Meanwhile, McAfee confirmed that there is no internal storage on the Bitfi device, stating that the wallet receives instructions “per coin from our servers.” This aspect makes the product nothing more than an online wallet with a dedicated device for access.
According to btcmanager.com
You May Also Like
IOTA introduced Trinity mobile wallet
The management of the IOTA Foundation announced the start of full operation of the beta version of the mobile wallet, which was named Trinity.
The first mobile wallet for ADA Cardano
The creators of Infinito Wallet announced that with the release of version 1.15.0, users will be able to “securely send, receive and check the transaction history of the ADA cryptocurrency.”
