An unhackable crypto wallet hacked?

Don't want to miss any action? You might be able to order food from your seats using your smartphone soon.
Next generation of mobile phone payments?
September 4, 2018
When a credit card processor goes offline you better have some of this on hard as many residents of Europe found out.
What happens when payments cannot be processed?
September 18, 2018
Don't want to miss any action? You might be able to order food from your seats using your smartphone soon.
Next generation of mobile phone payments?
September 4, 2018
When a credit card processor goes offline you better have some of this on hard as many residents of Europe found out.
What happens when payments cannot be processed?
September 18, 2018
Show all
Declare your system unhackable? You've just issued a challenge to this person.

Declare your system unhackable? You've just issued a challenge to this person.

There is no such thing as an unsinkable ship. Those who were on the RMS Titanic can attest to that. There are no indestructible cars or planes either. There is also nothing that is unhackable either. With the spate of data breaches and hacks that seem to occur almost every single day the public does not seem to believe that there is any such thing but that has not stopped one person from claiming they had something that was unhackable.

John McAfee is a security expert. He founded McAfee Associates where he created the world’s first commercial antivirus software and ran it until 1994. He has worked for NASA, Univac, Xerox, Booz Allen Hamilton and Lockheed as well. He is perhaps most famous for being the target of a murder investigation in Belize involving his neighbor. He was never convicted, only suspected and he fled Belize to Guatemala where he sought asylum. His asylum was denied and he was deported back to the US.

McAfee developed an interest in cryptocurrency which led to his partnering with crypto-wallet maker Bitfi to prove it was unhackable. Hacking crypto wallets has been a major problem with victims losing tens of millions of dollars worth of cryptocurrencies, driving some to near extinction. McAfee offered $100,000 to anyone who could hack his Bitfi wallet successfully. That offer was later upped to $250,000 by Bitfi.

The wallets can be purchased for $120 and come preloaded with cryptocurrency. They are about the size of a cell phone with a touchscreen for interfacing with it. Purchasing one of these was a prerequisite for winning the challenge. McAfee called this the “most sophisticated instrument in the world” with “fortress-like security” and naming it the “world’s first unhackable device.” To successfully hack it the coins had to be taken off of the device. An interesting change of stance from McAfee who has stated before that nothing is unhackable.

A self-described computer geek from the Netherlands set out to win the contest and announced over Twitter that they had gained root (super user) access o a wallet. McAfee claimed that this was not a successful hack as the root account access had no write or modify capability with no way to move money off of the wallet rendering it useless. The hacker of course disagreed claiming that because they could get root access the wallet was not secure and that the contest was a sham, though they did not request payment for the reward. Bitfi has also offered a bounty to find other security weaknesses.

In a way the contest was a sham. The only way to win was to recover the key needed to unlock the wallet from a device that does not store the key. The device itself is not secure as the back can be popped off and with enough know-how the hardware reprogrammed which could create a backdoor and allow someone to siphon off coins. Thanks to this challenge other security vulnerabilities were discovered. The only positive is that they were not discovered by criminals but by people interested in the device’s security. The claim of unhackable security was withdrawn late in August by Bitfi though McAfee stands by his claim.

Whether or not the hacker won the money he demonstrated that once again there is no such thing as an unhackable device. As long as it is connected to the Internet it can be hacked. Bear that in mind with your business. While you can be hacked maintaining PCI compliance at all times can go a long way towards thwarting any attack. The harder you make it for a criminal the more likely they will move on looking for a softer target. Just whatever you do, do not declare your business unhackable (unless you are completely offline!) because you will find out just how hackable you are very quickly.