The world's first "unbreakable" cryptocurrency wallet, according to John McAfee, drew the ire of security researchers shortly after its launch on July 28, 2018. Cybersecurity specialist Ryan Castellucci was the first to identify Bitfi's supposed security features, alarming other experts who subsequently drew their own conclusions about the Bitfi wallet.
Advertising his wallet, McAfee offered $100,000 to anyone who could hack the “invulnerable wallet.” However, Castellucci and others found that the wallet lacks sophisticated security software and looks too much like a simple Android smartphone.
The researchers compiled a list of instructions, publicly viewable on Pastebin, that load the device's RAM during startup. This step gives them an overview of all the processes pre-installed in the Bitfi wallet. Researchers found that the device does not have internal cold storage, but instead contains malicious software called Adups FOTA that transmits sensitive user data such as calls, texts and location to servers in China every 72 hours. Bitfi additionally comes pre-installed with a version of Baidu, a Chinese app with built-in GPS tracking features. Oddly enough, both apps in question transmitted data to Chinese servers during testing.
Interestingly, the reward is only available under certain conditions. The researchers first purchased a $120 Bitfi device, paid $10 to download coins, and then hacked their own device. The researcher found, for example, that [if] the device had a weak RNG that allowed it to recover the key by examining the series of transactions it generated, it would not have received the reward. He also wouldn't have found a way to hijack their automatic update system to install the keylogger.
Other researchers tweeted that Bitfi bought cheap mobile phones in bulk and sold them as cryptocurrency wallets, with no regard for data privacy or potential loss of funds. Meanwhile, McAfee confirmed that there is no internal storage on the Bitfi device, stating that the wallet receives instructions “per coin from our servers.” This aspect makes the product nothing more than an online wallet with a dedicated device for access.
According to btcmanager.com
You May Also Like
Nano S Wallet Adds EOS Support
Popular cryptocurrency hardware wallet Ledger Nano S announced today that it will add EOS to its list of supported cryptocurrencies. The coin is currently the fifth largest cryptocurrency by market capitalization.
MyEtherWallet suffered a DNS attack
The popular web wallet MyEtherWallet recently suffered a DNS attack, redirecting all users to fake websites and collecting account login information.
