Perhaps cryptocurrency wallet developers should not be in the habit of calling their products "unhackable." Cybersecurity pioneer and cryptocurrency evangelist John McAfee, the executive chair of wallet developer Bitfi, previously called his company's product "the world's first unhackable device," according to a report by Coin Telegraph. McAfee even challenged security experts to hack the device, offering a bounty of $100,000 as of July 24 of this year. However, McAfee may have spoken too soon: it appears that a group of researchers managed to successfully hack the "unhackable" wallet.
Bitfi's device is a hardware wallet, meaning that it is a physical product that cryptocurrency investors can hold in their hand as opposed to a digital storage device. The wallet supports "an unlimited amount of cryptocurrencies" and makes use of a user-generated secret phrase rather than a standard 24-word mnemonic seed. Further, Bitfi has claimed that its wallet is "completely open-source," which means that the user remains in control of his or her funds held in the wallet "even if the manufacturer of the wallet no longer exists." For all of these reasons, the Bitfi wallet seems to offer a highly attractive experience for security-minded cryptocurrency investors.
Many teams attempted to hack the wallet, but none of them were able to bypass the security features stipulated by the terms of the bounty. Then, on August 12, a team of researchers claimed they could successfully send signed transactions with the wallet, which would meet the conditions of the bounty program. In order to do this, they had to modify the device, connect to the wallet's server, and then use it to transmit sensitive data.
It would seem that even an "unhackable" wallet can successfully be hacked in the span of just three weeks or so.
Security researcher Andrew Tierney, part of the breach team, suggested that "we have sent the seed and phrase from the device to another server, it just gets sent using netcat, nothing fancy." Tierney added that "we intercepted the communications between the wallet and [Bitfi]. This has allowed us to display silly messages on the screen. The interception really isn't the big part of it, it's just to demonstrate that it is connected to the dashboard and still works despite significant modification."
Investing in cryptocurrencies and Initial Coin Offerings ("ICOs") is highly risky and speculative, and this article is not a recommendation by Investopedia or the writer to invest in cryptocurrencies or ICOs. Since each individual's situation is unique, a qualified professional should always be consulted before making any financial decisions. Investopedia makes no representations or warranties as to the accuracy or timeliness of the information contained herein. As of the date this article was written, the author owns bitcoin and ripple.