On August 1st, 15-year old Saleem Rashid, who had already gained notoriety for discovering vulnerability in hardware wallet Ledger in 2017, has purported to have penetrated the “unhackable” Bitfi hardware wallet endorsed by John McAfee.
This news follows after Bitfi experienced some backlash after releasing photos of the hardware used in its wallet which raised questions concerning the quality displayed not corresponding with what was claimed.
In regards to Rashid hacking the hardware wallet, Bitfi tweeted out its disbelief:
“The reason why this would not be a hack is because the device won’t sync with our Dashboard and so a customer who buys this modified device will think its defective. But we have a bounty out to see if it can be done maybe the people in infosek community know something we don’t.”
Rashid in a quippy retort, responded with:
“That would make sense, apart from the fact that the rooted device syncs with the Dashboard. Maybe you’re mistakenly checking for a su binary, but i’m not that sloppy in my work.”
Bitfi and McAfee had previously presented a $100,000 reward for successfully breaking into the wallet, McAfee using the tagline “money talks, bullshit walks.”
McAfee stated back in July:
“For all you naysayers who claim that ‘nothing is unhackable’ & who don’t believe that my Bitfi wallet is truly the world’s first unhackable device, a $100,000 bounty goes to anyone who can hack it.”
Responding, Rashid retweeted security researcher Alan Woodward, who had also had a back and forth with Bitfi on the same twitter thread:
Woodward had previously written:
…It’s not speculation based on what I’m looking at. And we don’t want your money. Give it to charity. We are concerned that others will entrust their money to something that is not secure in the way appear to suggest.”
Bitfi even summed up the ‘alleged hack’ as an underhanded attempt to discredit them by competitors:
“Please understand that the Bitfi wallet is a major threat to Ledger and Trezor because it renders their technology obsolete […] So they hired an army of trolls to try to ruin our reputation (which is ok because the truth always prevails).”
Trezor has denied the allegation. But as it stands, Rashid has not come forward for the bounty and Bitfi still claims to have “the most sophisticated instrument in the world.”