Professional computer security researcher Ryan Castellucci wrote a scathing review for John McAfee’s new Bitfi crypto wallet today.
“Bitfi’s hardware wallet is terrible”, writes Castellucci at his official website, Rya.nc. “I strongly advise against using one of these devices.”
It’s important to note that Castellucci does not actually have a device in his possession. Instead, he’s basing his judgment off of the publicly available source code, posted in PDF format by the Bitfi team, as well as the team’s private key calculator:
“My conclusion is that their product is most charitably described as a “footgun”.”
For those out of the loop, a footgun is defined as “any feature whose addition to a product results in the user shooting themselves in the foot.”
The Bitfi Bounty Program is “Unfair” Because It’s Not Fully Open Source
Castellucci takes issue with a number of claims and statements made by Bitfi. He takes particular issue with the wallet claiming to be “unhackable”. Specifically, Castellucci claims the bounty’s rules are specifically designed to discredit security researchers. Here’s the part of the bounty rules he has trouble with:
“This bounty program is not intended to help Bitfi to identify security vulnerabilities since we already claim that our security is absolute and that the wallet cannot be hacked or penetrated by outside attacks. Rather this program is intended to demonstrate to anyone who claims or believes that nothing is unhackable or that they can hack into the Bitfi wallet, that such attempts are futile and that the advertised claims about the Bitfi wallet are accurate.”
In response to this part of the rules, Castelluci claims that “the sole purpose is to discredit security researchers like myself who raise concerns about the design of the product.”
More importantly, Castelluci claims he has seen this tactic in other products:
“This is not a new trick – it was specifically called out by Bruce Schneier as a red flag nearly twenty years ago. In this instance, Bitfi is calling it a “bounty program” to try to ride on the coattails of legitimate bug bounty programs, which are generally wide in scope.”
Castelluci goes on to describe the Bitfi bounty program as “unfair” because it falls into the exact pattern described by Schneier 20 years ago. Here’s how Schneier describes unfair bounty programs:
“Most cryptanalysis contests have arbitrary rules. They define what the attacker has to work with, and how a successful break looks. Jaws Technologies provided a ciphertext file and, without explaining how their algorithm worked, offered a prize to anyone who could recover the plaintext. This isn't how real cryptanalysis works; if no one wins the contest, it means nothing.”
Castelluci also takes issue with the fact that you need to spend a chunk of money to participate in the bounty program. You’ll need to spend $120 on a Bitfi device, for example, and then an additional $50 to preload that device with coins. After spending $170, then you’ll hack the hack the wallet to claim the $100,000 bounty.
Castelluci Also has a Problem with the PDF File and the Code Posted Online
Some of the best crypto projects on the internet today are open source. Their code is open for the entire internet to review and critique.
Bitfi claims to be open source. However, there’s a difference between being fully open source and just partially open source.
Bitfi has posted a PDF that is “largely made of formulas copy/pasted from the description of scrypt and BIP32. A number of people called Bitfi out on this PDF, claiming it’s not truly open source and doesn’t provide any useful information.
Here’s how a member of the Bitfi team replied to these complaints on Reddit:
“We never said we were providing full open source code. We clearly state that our wallet is open source. Just check our website before you spew garbage. But if you want the code, do some math. Don't be lazy.”
That’s not the most mature way to respond to some seemingly legitimate complaints!
There are other issues with the PDF File. For example, to get a full understanding of algorithms 5 and 6 in the paper, you need to use Bitfi’s key generator tool that is “inexplicably hosted on the site of a juice company”. That tool, when downloaded and executed, will deliver a scary warning dissuading users from further research.
Castelluci then goes into a technical argument about how, at the end of the day, this code is “about on pair with using WarpWallet to generate a seed for a BIP32 wallet.” In other words, based on the code presented, it’s nothing particularly special or unique beyond what’s offered by current wallets.
Is Bitfi Secure At All?
Ultimately, Castelluci doesn’t have a problem with Bitfi at a basic security level. The wallet provides basic security in a user-friendly way, and Castelluci admits that.
However, Castelluci has a problem with the wallet claiming to be unhackable while taking steps to prevent security researchers from adequately researching the system. He has a problem when Bitfi claims to be better than other hardware wallets when it apparently is not.
At the end of the day, Castelluci is clearly not a fan of Bitfi. He sums up his Bitfi review with a scathing criticism of John McAfee’s purportedly unhackable wallet.
“I strongly advise against using one of these devices. While Bitfi is perhaps not an outright scam, the design is inferior to that of hardware wallets where the device really is needed (or the backup of the seed) along with the passphrase in order to spend the coins. The fact that they're using a lot of the same techniques to sell devices that have been used to sell snake oil so many times in the past makes me very concerned. I've notified Bitfi of these issues, however they showed no interest in fixing them. “
Yikes! Clearly, Castelluci is not a fan of Bitfi.
Update: Bitfi Responds (In the Most Immature Way Possible)
Bitfi has responded to Ryan’s post in a surprisingly immature way. From the company’s official Twitter handle (@Bitfi6), the company had this to say:
An extremely poorly written article filled with lies, deception, and misleading. He is just an angry nerd who cannot hack the wallet & so his only way of dealing with his emotions is to vent & call Bitfi terrible like a 5 year old. We are happy to address every point one by one.
— Bitfi (@Bitfi6) July 27, 2018
“An extremely poorly written article filled with lies, deception, and misleading. He is just an angry nerd who cannot hack the wallet & so his only way of dealing with his emotions is to vent & call Bitfi terrible like a 5 year old. We are happy to address every point one by one.”
Is the notoriously volatile John McAfee running Bitfi’s social media presence? It certainly seems that way based on how they’re responding to comments on Reddit and Twitter.
In any case, it seems like an unusually childish response from a professional bitcoin hardware developer. This isn’t how you like to see a company respond to a technical overview of a wallet. Calling a professional infosec researcher an “angry nerd” and a “5 year old” isn’t a very productive way to approach the situation.
The social media account has spent the rest of the day, meanwhile, retweeting positive reviews and tweets about Bitfi.
We’ll update you if and when Bitfi addresses every point one by one. We’re looking forward to hearing a more complete rebuttal.