John McAfee's 'unhackable' crypto-wallet allegedly hacked in a week
A hacker says McAfee and Bitfi won't pay the $250,000 bounty, but they disagree that the hack was a success.
Someone claims to have successfully hacked an "unhackable" cryptocurrency wallet.
A self-described IT geek in the Netherlands who goes by @OverSoftNL on Twitter tweeted Wednesday about gaining root access to a crypto-wallet, which antivirus software pioneer John McAfee and hardware crypto-wallet maker Bitfi said had "absolute" security.
Last week, McAfee said he'd entered into a partnership with Bitfi to offer a $100,000 bounty to anyone that could hack a Bitfi wallet. The bounty was later raised to $250,000. Participation in the challenge required the purchase of a $120 Bitfi wallet, preloaded with cryptocurrency.
"Short update without going into too much detail about BitFi: We have root access, a patched firmware and can confirm the BitFi wallet still connect happily to the dashboard," @OverSoftNL tweeted. "There are NO checks in place to prevent that like claimed by BitFi."
Root access gave @OverSoftNL a way into the wallet's root folder directory, which allowed for tweaking its backend, according to TheNextWeb.. McAfee disagreed that root access constitutes a hack.
"Root acces (sic) to a device with no write or modify capability. That's as useless as a dentist license un (sic) a nuclear power plant," McAfee tweeted Thursday. "Can you get the money on the wallet? No. That's what matters."
@OverSoftNL said the ability to gain root access meant the wallet wasn't secure and dismissed the first bounty as a "sham," adding Friday that Bitfi doesn't "even have $250k free on hand at this moment."
Bitfi, who didn't immediately respond to a request for comment, also offered a second, $10,000 bounty with a plea for help.
"Dear friends, we're announcing second bounty to help us assist potential security weaknesses of the Bitfi device. We would greatly appreciate assistance from the infosec community, we need help," tweeted CEO Daniel Khesin.
He said the $10,000 bounty -- which doesn't appear to be associated with McAfee -- was meant to simulate a scenario in which a user's device has been taken, modified and returned.
Blockchain Decoded: CNET looks at the tech powering bitcoin -- and soon, too, a myriad of services that will change your life.
Follow the Money: This is how digital cash is changing the way we save, shop and work.