Perhaps cryptocurrency wallet developers should not be in the habit of calling their products “unhackable.” Cybersecurity pioneer and cryptocurrency evangelist John McAfee, the executive chairman of wallet developer Bitfi, previously called his company’s product “the world’s first unhackable device,” according to a report by Coin Telegraph. McAfee even challenged security experts to hack the device, offering a bounty of $100,000 as of July 24 of this year. However, McAfee may have spoken too soon: it appears that a group of researchers managed to successfully hack the “unhackable” wallet.
Bitfi’s device is a hardware wallet, meaning that it is a physical product that cryptocurrency investors can hold in their hand as opposed to a digital storage device. The wallet supports “an unlimited amount of cryptocurrencies” and makes use of a user-generated secret phrase rather than a standard 24-word mnemonic seed. Further, Bitfi has claimed that its wallet is “completely open-source,” which means that the user remains in control of his or her funds held in the wallet “even if the manufacturer of the wallet no longer exists.” For all of these reasons, the Bitfi wallet seems to offer a highly attractive experience for security-minded cryptocurrency investors.
Many teams attempted to hack the wallet, but none of them were able to bypass the security features stipulated by the terms of the bounty. Then, on August 12, a team of researchers claimed they could successfully send signed transactions with the wallet, which would meet the conditions of the bounty program. In order to do this, they had to modify the device, connect to the wallet’s server, and then use it to transmit sensitive data.