'Unhackable' Bitfi crypto-currency wallet maker will be shocked to find fingernails exist

No, no, stupid, dig up, dig up!

Cue Bitfi backtracking.

In its bounty program rules – issued literally a week ago – the company boldly stated: "This bounty program is not intended to help Bitfi to identify security vulnerabilities since we already claim that our security is absolute and that the wallet cannot be hacked or penetrated by outside attacks."

But then, three hours after security researcher OverSoftNL posted the root console output from their Bitfi device online, what's this? Oh, it's a security vulnerability program – just like the one that Bitfi claimed it would never need – posted online and signed by Bitfi CEO Daniel Khesin.

This "BOUNTY #2" has a significantly smaller payout – just $10,000 – and will "help us identify potential security vulnerabilities in the firmware encryption of the Bitfi device."

It's not even that people didn't know the whole "unhackable" device was a load of marketing baloney: they did. In fact, within minutes of the claim being put out there, Bitfi was being dissed for saying something so stupid.

To those that say the people hating on Bitfi don't have one in their hands.

Look at this.

Guess what? The device has no idea it's been tampered with. pic.twitter.com/7pbEyhViFy

— Ask Cybergibbons! (@cybergibbons) July 31, 2018

"I don’t think any security researcher would complain if the claim and bounty were balanced and reasonable, but they’re not," reasoned Ken Munro of Pen Test Partners. "If they had claimed that they were MORE secure than other hardware wallets, fair enough. BUT, the headline claim is 'unhackable' and it’s been positioned to state that researchers are 'nay sayers'."

The Bitfi bods were also lampooned for claiming, publicly, that their device doesn't have any storage, prompting people to post images of the actual chip within the device that, you know, stores the firmware.

He's back

And McAfee also came back, weighing in with a now-deleted tweet that "there is no software on the device" when, of course, there is because, you know, it has an operating system and application code.

Of course, this being McAfee – a man who makes Donald Trump's tweeting compulsion look considered and thoughtful – there is not just one full-throated defense of the device he publicly associated himself with, not two, not ten, not twenty… so far we count more than 100 tweets and replies that can be split into four main categories:

• Accusing anyone critical of being a "hater."
• Suggesting that the answer to pretty much everything is to have sex with a prostitute.
• Gun references.
• Praising anyone who doesn't challenge him.

In other words, a normal day in McAfee Land.

Although for those wondering why on earth McAfee would risk undermining his professional reputation to make the ridiculous claim that something – anything – is "unhackable," fortunately John himself has supplied the answer.

Just a few months ago, the grizzled security wild card was actively promoting his sponsored tweet service, claiming that he charges $105,000 to endorse products on Twitter, and publishing an entire webpage laying out the value of having John McAfee endorse and support your product.

"Within the cryptocurrency industry, nothing can match the power of a McAfee tweet. Frequently, a single tweet has resulted in more than a million dollars of investment into an ICO, and multiple currencies have increased more than 100% in price from a single tweet," the page claimed.

In that sense, if he was paid to endorse the hardware wallet, John appears to have more than earned his money. We understand he is an adviser to the company, and is the chairman of its board.

As to whether Bitfi is unhackable… of course it's not. And we should all know better than to be even bother talking about it. ®

Updated to add

Bitfi CEO Daniel Khesin has been in touch claiming "if the firmware is modified with any other software, the device will not sync with our Dashboard, and therefore if it’s been tampered with and an unsuspecting customer tries to use it, it will never prompt him to enter his secret phrase."

This is contrary to claims by researchers this week that meddled-with wallets will still connect to the Dashboard as normal.

"At this time, we have no evidence whatsoever that the claims being made by these individuals are true," Khesin added. "However, if such a weakness is discovered, we already have a patch to fix it so that it would become impossible to do indefinitely."

We're told Bitfi will only deploy the patch if the bounty is claimed.