As cryptocurrency and blockchain are still in their infancy, it would be criminal to believe that everyone would agree on the same concepts and theories. A similar controversy is taking hold of Bitfi, a wallet supported by antivirus magnate John McAfee. He spent a good deal of July promoting the product, even posting a 1+ minute long video suggesting why Bitfi should be a user’s wallet of choice.
In one instance, he said:
“We created a simple, foolproof way to use the brain as the wallet. The Bitfi.com wallet is the transcriber between the inner brain and the outer world of digital currencies. Until someone discovers a means of hacking the brain, your money is safe.”
A few days later, he then made a more aggressive statement about the wallet. He said:
“For all you naysayers who claim that ‘nothing is unhackable’ & who don’t believe that my Bitfi wallet is truly the world’s first unhackable device, a $100,000 bounty goes to anyone who can hack it. Money talks, bullshit walks. Details on Bitfi.com.”
Considering McAfee’s history of claims that he charges a hefty amount for promoting a product, it would be worthwhile to dive into this some more.
Some People Aren’t Impressed
A few people take McAfee’s advice with a grain of salt. One among them is Ryan Castellucci. In a blog post on his website, he said that the McAfee-endorsed hardware wallet isn’t “unhackable” and that the company’s claim regarding this is false. He talked about the $250,000 bounty for hackers and noted that he didn’t have the actual device, but he tested the publicly available source code and private key calculator. He claimed that the “product is most charitably described as a ‘foot gun.’”
Castellucci said that he has already debunked the idea that the brain can’t be hacked. He pointed out the bounty program that the company runs, suggesting that it is only meant to discredit researchers so they don’t raise any red flags or security concerns. He described that the program didn’t have any arbitrary rules. He said that the company only claims to be open source when it is not. Additionally, he pointed out that the source code PDF does not acknowledge anything close to BIP32 or scrypt.
He also suggested that the Bitfi wallet was at par with WarpWallet, which generates a seed for a BIP32 wallet. Anyone who can download a blockchain and has access to brainflayer could search for weak passphrases easily. He also noted that it is impractical to change one’s passphrase in the wallet as all addresses are derived from it. Also, the product comes with a failure mode.
He then writes:
“I strongly advise against using one of these devices. While Bitfi is perhaps not an outright scam, the design is inferior to that of hardware wallets where the device really is needed (or the backup of the seed) along with the passphrase in order to spend the coins. The fact that they’re using a lot of the same techniques to sell devices that have been used to sell snake oil, so many times in the past makes me very concerned. I’ve notified Bitfi of these issues. However, they showed no interest in fixing them.”
The Retaliation Came as Quickly
The rebuttal to his claims was swift. McAfee took to Twitter to speak his mind. He wrote:
“Everyone tells me http://BitFi.com is hackable. Then register as a hacker and do it. We send you the device pre-loaded with $50 in BTC. If you get the BTC, we send you $100,000. You will eventually give up. When you do, we send you the pass phrase to recover your $50. Do it.”
The preloaded BTC amount was later changed to $10.
Other people, such as Rob Loggia, have also discredited Castelluci’s statements. Meanwhile, two days after creating a storm in the crypto world, Castellucci addressed the concerns and said that individuals associated with Bitfi are trying to bring his financial interests into the matter. He replied that his work is not inspired to earn money or is sponsored by anyone.
The jury is still out. Is it just another McAfee-endorsed scheme that should be avoided or a genuine offering by a crypto company?