CEO of Allegedly Compromised Wallet Bitfi Calls Teenage Hacker’s Claims ‘A Disgrace’

Published at: Aug. 2, 2018

Cryptocurrency hardware wallet manufacturer Bitfi called claims their wallet had in fact been hacked a “disgrace” in comments to Cointelegraph August 2, as controversy around the company’s security prowess builds.

In a statement to Cointelegraph, Bitfi CEO Daniel Khesin said that it had “absolutely no evidence” the wallet was insecure:

“As of now, we have no evidence that our device can be hacked and if someone succeeds in doing so then we will immediately put out a fix to all devices to address the vulnerability that was discovered and it will be unhackable once again.”

Bitfi and official partner John McAfee had offered a bounty worth $100,000 in July for anyone able to compromise their so-called “unhackable” hardware wallet.

Photos of the wallet’s components drew controversy when they surfaced online last week, commentators voicing concerns Bitfi’s claims it had built the “most sophisticated instrument in the world” had little basis.

On Thursday, those concerns increased after Saleem Rashid, the fifteen-year-old who unearthed a security vulnerability in fellow hardware wallet Ledger in 2017, announced on Twitter he had succeeded in hacking Bitfi’s product.

The company appeared not to believe Rashid, arguing his decision not to claim the bounty meant the situation was not all it seemed.

Responding, Rashid retweeted cryptocurrency researcher Alan Woodward, who had also discussed the hack with Bitfi in the same Twitter thread.

“It’s not speculation based on what I’m looking at,” Woodward had written, continuing:

“And we don’t want your money. Give it to charity. We are concerned that others will entrust their money to something that is not secure in the way appear to suggest.”

An official Bitfi spokesperson told Hard Fork August 1 that the recent criticism of the wallet’s security on Twitter was the product of an “army of trolls” hired by hard wallet competitors Trezor and Ledger, stating:

“Please understand that the Bitfi wallet is a major threat to Ledger and Trezor because it renders their technology obsolete [...] So they hired an army of trolls to try to ruin our reputation (which is ok because the truth always prevails).”

Trezor’s founder and CEO has since denied the accusation in a tweet.

Bitfi’s CEO Khesin meanwhile continued the skeptical position towards Rashid, challenging him to accept the money if he had in fact compromised the device.

“...The person claiming to have cracked the bounty has not come forward to prove it and has tweeted 5 min ago that he will not be pursuing the bounty because it’s not worth his time [...],” he told Cointelegraph.

“Yet he tweeted to the whole world this morning that he hacked into our wallet. I think it’s a disgrace for any human being to do such a thing but I will leave to you to judge.”

After Rashid created code to ‘backdoor’ Ledger’s wallets back in November 2017, the company released posts describing the events as “NOT critical” and said possible attacks “cannot extract the private keys or the seed.”

Rashid then refuted the claims on social media and a post on his personal blog in March of this year, stating he could still “autonomously extract the root private key once the user unlocks the device” and use to it instigate manipulation of destination addresses for transactions.

Tags
Related Posts
Hacker Sells Tens of Thousands of Ledger, Tezor, and Keepkey Users’ Info
The hacker that breached the Ethereum.org forum is allegedly selling the databases for the three most-popular crypto hard wallets — Ledger, Trezor, and KeepKey. The three databases contain the name, address, phone number, and email for more than 80,000 users combined, however, they do not contain passwords for the accounts. The hacker has also recently listed the SQL database for online investment platform, BnkToTheFuture. Ledger and Trezor databases reportedly compromised On May 24, cyber crime monitoring website, Under the Breach, spotted the hacker’s new listings for the databases of the top hardware wallet providers. The hacker claims to be in …
Technology / May 24, 2020
Simple in practice: Crypto education is key to curbing phishing scams
As the global crypto economy continues to prosper, with Bitcoin (BTC) currently occupying the $15,500 region, questions regarding the overall safety and security of digital assets continue to persist, especially in the wake of a new scam whereby hackers made use of a phishing email to direct users to a fake Ledger website. According to various reports, victims were scammed to the tune of 1,150,000 XRP, worth approximately $290,000. Dave Jevans, CEO of blockchain intelligence firm CipherTrace and chairman of Anti-Phishing Working Group, told Cointelegraph, “Ledger should clearly have a more aggressive defensive domain acquisition strategy, as look-alike domains were …
Technology / Nov. 11, 2020
Bitcoin in the Palm of Your Hand — Crypto Hardware Wallets Review
A hardware wallet may just be the safest way to store cryptocurrency for average users. Nowadays, many different devices are trying to tackle the challenges of secure crypto asset storage. In this article, Cointelegraph will review some of the most well-known hardware wallets and compare their features. The cryptocurrency wallets that will be covered in this article are Ledger’s Nano X and Nano S, SatoshiLabs’s Trezor One and Trezor Model T, ShapeShift’s KeepKey, and Coinkite’s Coldcard and Opendime. It is also important to point out that all the wallets tested in this article, other than the Ledger Nano S (which …
Bitcoin / March 26, 2020
Ledger Discloses Five Reported Vulnerabilities in Two Models of Trezor Hardware Wallets
Major hardware wallets manufacturer Ledger has unveiled vulnerabilities in its direct competitor Trezor’s devices, according to a report published on Monday, March. 11. As of press time, Trezor was not immediately available to comment on Ledger’s findings. The study states that the vulnerabilities were found by Attack Lab, the company’s department that hacks into both its own and competitors’ devices to improve security. Ledger claims that it has repeatedly addressed Trezor about weaknesses in their Trezor One and Trezor T wallets, and has decided to make them public after the responsible disclosure period ended. The first issue is related to …
Blockchain / March 11, 2019
Trezor One Wallets Forgery Reveals New Techniques Used to Steal Crypto
The cryptocurrency wallets made by Trezor have long been considered a standard of the industry and have been trusted as a reliable cold storage of cryptocurrencies by large media, blockchain developers and crypto enthusiasts worldwide. The company prides itself on the quality of its product and in being one of the leaders in the market of hardware wallets. But it was only a matter of time before the Trezor’s flagship device got the attention of fraudsters. On Nov. 19, the company issued an official warning to users which reported that an almost identical copy of Trezor One was spotted in …
Bitcoin / Nov. 28, 2018