John McAfee's cryptocurrency wallet BitFi runs spyware, sending information to Chinese servers. But McAfee refutes all vulnerabilities and accuses researchers of not even holding BitFi in their hands.
John McAfee decided to raise the bounty for hacking the BitFi hardware wallet from $100,000 to $250,000. His decision comes after a group of hackers claimed that they found in BitFi malicious software and the wallet itself ressebles to a common smart phone on Android.
We are increasing the bounty for hacking the https://t.co/VJ7qrOxQqL wallet to $250,000. The rules require you to empty the contents of a BitFi wallet that we have pre-loaded and have sent to you. You must pay for the wallet and its contents. Rules at https://t.co/jUUVmH77Mg
— John McAfee (@officialmcafee) July 31, 2018
The Bitfi wallet, developed by the MGT Capital Investments founded by John McAfee's team, turned out to be a "a cheap stripped down Android phone."
A group of hackers called CyberGibbons began to thoroughly study the device after McAfee promised $100,000 of reward for its hacking.
Bitfi appears to be exactly what it looks like from the photos - a cheap stripped down Android phone. There's some screenshots of it demanding to be connected to WiFi in order to function elsewhere in @cybergibbons's feed. Someone will probably have Doom running on it by Friday. https://t.co/cC1pZsahJH
— Ryan Castellucci (@ryancdotorg) July 29, 2018
So, they examined the list of directories loaded into the device's onboard memory (ROM) when the device is switched on, and found in it a set of malicious tools Adups FOTA, a spyware platform that allows for the transmitting text, call, location, and app data to a server in China every 72 hours.
Also the device runs the preinstalled Chinese application Baidu with built-in Wi-Fi and GPS tracking functionality. The device does not have an internal cold storage, and all users' funds remain on hot wallet.
Researchers summarize that the Bitfi wallet is no different from any other solution for storing cryptocurrency in the network, since its security is reduced to the ability to transmit private keys and seed phrases.
Allowing us to dump the file system. pic.twitter.com/bDXJuWB4QM
— Ask Cybergibbons! (@cybergibbons) July 30, 2018
McAfee answered to these allegations in his eccentric manner, claiming that hackers "who have never owned or even seen" BitFi wallet, and draw a parallel between reviewers and those who criticize Bangkok prostitutes although they "have never had sex with one or even met one in person."
A good article debunking "reviewers" of the BitFi Wallet who have never owned or even seen one. It's like reviewers of Bangkok prostitutes who have never had sex with one or even met one in person. How much weight would you give to that review?https://t.co/pwxAtkWkql
— John McAfee (@officialmcafee) July 30, 2018