A while ago, John McAfee, the notorious crypto and ICO supporter, with a controversial reputation announced a bounty for anyone who would be able to hack the Bitfi wallet, which McAfee claims to be unhackable. First, the amount of the reward promised was $100,000, then it more than doubled to $250,000.
Now, the bounty offered recently amounts to just $10,000 and it is promised for assistance in spotting any vulnerabilities in the wallet’s software.
A staff member from the security department at a Pen Test Partners company, Andrew Tierney, yesterday wrote on Twitter that he managed to perform a successful transaction from the Bitfi crypto wallet and now expects the promised $10,000.
The terms of the bounty claim that the firmware of the wallet has to be modified and should transact private keys or a user’s secret phrase to a third party.
Tierney claims to have done exactly this, thus fulfilling all the requirements. He also added that it was ‘nothing fancy,’ he just had to use netcat.
Other hacks left unpaid
Previous hacks of the Bitfi wallet, promoted by McAfee, revealed several bugs on this crypto app. Among them was an absence of tamper protection, which allows installing malware and manipulating the device without leaving any tracks, the ability to relay the password by watching the connection between the screen and the chip, etc.
Besides, it was found out that Bitfi regularly sends data to a remote server in China, which means that the device is web-connected, whereas it should be a cold-storage one.
Let’s play Doom!
Earlier, CryptoComes.com reported that a 15-year-old teenager managed to get root access to the wallet and install a version of the Doom shooter game on Bitfi and posted a video on Twitter. However, McAfee denied that to be a hack, since no transactions were made from it.