The Bitfi hardware wallet isn’t “unhackable”

Earlier this week, cryptocurrency news was full of stories about a new hardware wallet: the Bitfi.

What makes this one any different?

John McAfee claims it is “unhackable”. Not just “harder to hack”, but “unhackable”.

That’s a bold claim. They know it’s a bold claim, so they have set a bounty.

Sounds great, no?

No.

The bounty deliberately only includes only one attack: key recovery from a genuine, unaltered device. And the device doesn’t store the key.

The only way to win the bounty is to recover a key from a device which doesn’t store a key.

There are many, many more attacks such a device is vulnerable to. The most obvious one: modifying the device so that it records and sends the key to a malicious third party. But this is excluded from the bounty.

Why is this?

Because the bounty is a sham. When it lays unclaimed, Bitfi can say “our device is unhackable”. What it actually means is “our device is not vulnerable to one specific attack”.

I’m going to put a challenge to them.

If their device is unhackable, then change your bounty terms:

  • A trusted intermediary is chosen e.g. a lawyer or judge.
  • We provide the trusted intermediary with three Bitfi devices, a laptop computer and a WiFi access point.
  • The trusted intermediary puts $1,000,000 directly onto each Bitfi device, using the laptop and WiFi access point we have provided.
  • They must follow the publicly available documentation, without interference from anyone.

These are much stronger security goals to meet, and much more accurately emulate the real world.

If Bitfi won’t change the terms, it’s clear to me that they don’t stand behind their claims that the device is unhackable.

 

Leave a Reply

Your email will not be published. Name and Email fields are required.

This site uses Akismet to reduce spam. Learn how your comment data is processed.