John McAfee Video Tweetstorms to Address ‘Unhackable’ Bitfi Wallet “FUD”

John McAfee Takes to Twitter to Address “FUD” Surrounding his “Unhackable” Bitfi Wallet

In a series of three 2-minute videos on Twitter, McAfee attempted to address some of the concerns surrounding the Bitfi wallet.

Last week wasn’t great for the Bitfi wallet. One notable security researcher called the wallet “terrible” for its bland security protocols. Another researcher revealed that the Bitfi wallet used the exact same parts as cheap Android devices. The wallet has also come under fire from across the community for making it difficult to test the “unhackable” claim. The wallet claims to be unhackable, yet deters researchers from investigating the claim.

How did McAfee address these complaints? [Videos below]

“What does it mean to hack something?” asks McAfee in the video. “You are modifying, taking, or doing something to the thing that you’re hacking.”

“Now, the Bitfi wallet: what does it mean to hack that wallet” asks McAfee. “You take the money. What have we done? We’ve given wallets to anyone who wants to hack it.”

Some users have gained root access to the device. McAfee claims this isn’t hacking. He claims you have to steal the bitcoin on the device to gain access to the funds.

McAfee Reveals Nobody Has Attempted to Claim the Bounty

In the first video, McAfee reveals that nobody has actually tried to claim the $100,000 bounty for the unhackable Bitfi wallet.

There’s an obvious reason why: you have to buy a Bitfi wallet and pay $50 to John McAfee just to test the security of the wallet.

“No one has taken us up on it yet, by the way. All you have to do is buy the wallet, we put $50 in bitcoin on it. If you take the bitcoin, we give you $250,000.”

The bounty was originally $100,000. It’s unclear if McAfee misspoke, or if he’s upping the bounty to $250,000.

https://twitter.com/Bitfi6/status/1025057874131734528

Root Access Isn’t Hacking

Short update without going into too much detail about BitFi:

We have root access, a patched firmware and can confirm the BitFi wallet still connect happily to the dashboard.

There are NO checks in place to prevent that like claimed by BitFi.

— OverSoft (@OverSoftNL) August 1, 2018

There have been claims online that users have gained root access to the Bitfi wallet. McAfee addresses this concern, saying,

“One guy goes, ‘I got root access’. Well big fucking deal. What can you do with it? Absolutely nothing. There’s no memory on the device. There’s nothing you can modify the device.”

“That’s a childish way to define hacking.”

John McAfee Clarifies What Hacking Means

In the eyes of John McAfee, hacking the wallet means getting the bitcoin that’s on the wallet.

“So this is what hacking means: when I say that the wallet is unhackable, I’m saying that you can’t take the money. You can’t get it for yourself. End of story. So this is what I mean by hacking.”

McAfee, who has previously claimed that nothing is unhackable, clarifies his stance on what “unhackable” means as well. He describes how blockchain technology has revolutionized security. Because the Bitfi wallet is built on blockchain technology, it can be seen as unhackable.

The use of blockchain is important to McAfee. He claims that using blockchain, the Bitfi wallet is able to store memory off the device on the blockchain – not in a centralized, hackable repository.

“So what does that allow us to do – and no one else has thought of this yet – it allows us, instead of having memory ourselves on our devices, which allows our devices to be hacked, we are using the blockchain as our memory.”

Since there’s no memory on the Bitfi wallet, there’s no memory on the wallet for hackers to attack. Hackers need to attack the bitcoin blockchain – something that has never been successfully done.

“There’s nothing in the wallet that anyone can possibly use to hack it.”

Then take the money from the wallet. Isn't that the issue? Can you get it or not? We don't even require that you access the wallet remotely. We'll send you the fucking thing with money on it. Can you get it or not? The answer is no! Who cares what other useless shit you can do.

— John McAfee (@officialmcafee) August 2, 2018

Is It a Bad Idea to Use the Brain as the Sole Storage Device?

McAfee’s Bitfi wallet relies on the user memorizing a phrase. That means the phrase is stored in your brain as a “brain wallet”. You can write the phrase down, but it’s not recommended. Instead, it’s recommended that you memorize your phrase. As long as you remember that phrase, you can recover your funds at any time.

McAfee addresses the concern of a brain wallet.

“They say – how ridiculous is that? That’s only one measure of security. Well, you think that more the one measure is somehow better. Let’s look at two factor authentication for things like Twitter. Because of two factor authentication, my Twitter account was hacked earlier this year. How? By a thing called a SIM swap. Someone calls AT&T – they have my phone number – somehow convinces them to change my SIM card to their SIM card…So I woke up one morning and my phone didn’t work and my Twitter account had been hacked.”

“If you’re using two factor authentication, you’re an idiot,” adds McAfee.

McAfee then addresses problems that can occur within your “brain wallet”. You might get old and senile, for example, and forget the phrase. Maybe you’re in an accident and lose your memory.

In this situation, John McAfee recommends writing your phrase down and storing in a safety deposit box. You can give the key to the safety deposit box to a lawyer with instructions to pass the key to your kids when you die.

McAfee Doesn’t Address Three Main Complaints About the Bitfi Wallet

McAfee is clearly passionate about defending his wallet. However, McAfee doesn’t address three of the biggest complaints about the Bitfi wallet.

One of the biggest complaints is that he and the wallet’s manufacturer have taken steps to make it difficult to verify the unhackable claim. First, you have to buy the wallet, then pay $50 to load the wallet with bitcoin you’re probably never going to get. There have also been complaints about the way the source code is displayed online and the hoops you have to jump through to access critical security details about the device. Typically, manufacturers don’t do this when posting security bounties online.

The second complaint is with the way seed phrases are generated. Although Bitfi provides tips on how to choose a seed phrase, it seems inevitable that users will eventually choose the same seed phrase.

The third and arguably most serious complaint is that the entire wallet is built on the security of the bitcoin blockchain. You can store your private seed in a brain wallet without spending $100 on Bitfi. You can get similar security with free wallet apps, for example, and most bitcoin wallet software. As long as you memorize the phrase, you can recover your bitcoin at any time – even if the wallet is deleted or the phone is lost.

Hello friends, we’re incredibly excited to announce that Larry Cameron (CSMS, ISMS, BCSD, CCA, SCSC, MDS), one of the top cyber security experts in the world, has just joined our team to continue ground breaking development of Bitfi wallet. A lot more innovation is coming soon!

— Bitfi – open source: bitfi.dev (@TheBitfi) August 2, 2018

Final Thoughts

Despite the complaints, McAfee insists his wallet is unhackable – and he’s willing to pay $250,000 to anyone who can disprove that claim.

You can see the full videos and his tweets below:

The FUD surrounding the unhackablility of the BitFi wallet, part 1: pic.twitter.com/LNgteEqR30

— John McAfee (@officialmcafee) August 2, 2018

Part 2: The unhackable wallet: pic.twitter.com/wOzhc1aPuG

— John McAfee (@officialmcafee) August 2, 2018

Part 3. The unhackable wallet. pic.twitter.com/y3OAy6lE9M

— John McAfee (@officialmcafee) August 2, 2018

One thing is certain, this has become a heated debate and topic on Twitter within the crypto community. Some claim and agree that it can't be hacked, while others try and stress the importance of knowing how it all works. It got so heated that Bitfi actually relieved one of their Social Media manager from his duties. Here are some of the latest reactions:

Hi Ryan, the person who was handling this Twitter account has now been dismissed because of many cocky & insulting remarks to smart researchers that we have a lot to learn from. Would it be ok if we contact you? We could use some help to address any potential weaknesses.

— Bitfi – open source: bitfi.dev (@TheBitfi) August 1, 2018

The fact is I couldn't care less about your inferior Android phone brainwallet calculator. All I care about are people who don't understand the security implications of using such device. SatoshiLabs already changed the world twice and we'll change it again, but thanks for asking

— Pavol Rusnak (@pavolrusnak) August 1, 2018

The same 15 year old you're mentioning all the time, @spudowiar, just rooted your device and claims your device is hackable.

— surreaŁ10n ⚡ (@surrealtc) August 2, 2018

You are not only wrong, you are dangerously wrong.

— Alan Woodward (@ProfWoodward) August 2, 2018

https://twitter.com/Bitfi6/status/1024590390656200704

We don’t understand all these attacks and why people are so angry about the unhackable claim. Once we see evidence of a possible hack we will fix it immediately and if we can’t we will amend our claims. Isn’t that what responsible companies do?

— Bitfi – open source: bitfi.dev (@TheBitfi) August 2, 2018

Why are we against BitFi ?. If the founder is putting bounty on it then hack it if you can otherwise STFU. This is our duty to make such wallets as secure as possible so we should all contribute to the cause instead of blatantly spreading hatred.

— Ashish Rohilla (@AshishCrytopTRD) August 2, 2018

Unhackable as a word really triggers you people. Emotionally fragile or just salty ?

— CrashFox™ (@crashfoxcrypto) August 2, 2018