The Bitfi Wallet, advertised as “the world’s first unhackable wallet” by notorious John MacAfee, has recently raised quite some attention, especially after a group of hackers claimed it hacked it, but that claim was rejected by the developer company. The dispute seems to be evolving around the exact meaning of the word “unhackable”, according to Cryptovest’s recent interview with Bill Powell, VP of operations at Bitfi and the subsequent answer by the group of hackers, calling itself THCMKACGASSCO.
In a media statement, sent to Cryptovest by Andrew Tierney, a.k.a. Cybergibbons, the group claims it had been able to “backdoor” the Bitfi wallet.
Before we move on to the detailed statement, we must clarify that the people working on the Bitfi wallet attack were not employees of Pen Test Partners. Our perception that PTP was doing the brunt of the work on the wallet came mostly from the fact that most of the tweets we saw came from Tierney, who works for PTP as a security consultant, and the fact that there were published articles in the company’s blog that referred to these efforts.
However, Tierney was part of a larger group of individuals who worked on challenging Bitfi’s claims of making an unhackable wallet, including:
- Professor Alan Woodward from the University of Surrey (@profwoodward),
- Security researcher Saleem Rashid (@spudowiar),
- Security researcher and software engineer Ryan Castellucci (@ryancdotorg),
- An unidentified security researcher from The Netherlands that goes by the Twitter handle @OverSoftNL, and
- Security consultant Andrew Tierney, a spokesperson for the group (@cybergibbons).
Its name THCMKACGASSCO is an abbreviation for “The Hacker Collective Mistakenly Known As Cyber Gibbons, Also Sometimes Somehow Called OverSoft”.
The statements starts with a summary:
“We have developed a practical attack against the Bitfi wallet, allowing us to ‘backdoor’ the device to send the phrase and seed to a remote server. Someone with access to the device - either in the supply chain, or once possessed by the user - can carry out this attack. The bounty set by Bitfi is a marketing ploy which we are not taking part in.”
This is followed by a response to Bitfi’s definition of “unhackable”.
“The only definition of ‘unhackable’ we accept is that the device cannot be hacked and will not ever be hacked by any means. ‘...
This article appeared first on Cryptovest