A hacker says they have hacked into John McAfee’s “unhackable” Bitfi cryptocurrency wallet.
A Dutch “IT geek” that goes by OverSoft on Twitter tweeted Wednesday they had root access to the antivirus software pioneer’s crypto-wallet, which McAfee and hardware wallet company Bitfi said.
Last week, McAffee said he’d entered into a partnership with Bitfi to offer a $100,000 bounty to anyone that could hack his Bitfi wallet. The bounty was later raised to $250,000. Participation in the challenge required the purchase of a $120 Bitfi wallet and for it to be preloaded with $50 worth of coins.
“Short update without going into too much detail about BitFi: We have root access, a patched firmware and can confirm the BitFi wallet still connect happily to the dashboard,” OverSoft tweeted. “There are NO checks in place to prevent that like claimed by BitFi.”
Root access gave OverSoft a way into the wallet’s root folder directory, which allowed them to make tweaks to its backend, according to TheNextWeb.. McAfee, however, disagreed that root access constitutes a hack.
“Root acces (sic) to a device with no write or modify capability. That’s as useless as a dentist license un (sic) a nuclear power plant,” he tweeted Thursday. “Can you get the money on the wallet? No. That’s what matters.”
OverSoft said their ability to gain root access meant the wallet wasn’t secure and dismissed the first bounty as “a sham” — saying on Friday that Bitfi “don’t even have $250k free on hand at this moment.” They also said that people didn’t need to buy a Bitfi device to run one of the company’s crypto-wallets.
Bitfi, which didn’t immediately respond to a request for comment, also offered a second, $10,000 bounty with a plea for help.
“Dear friends, we’re announcing second bounty to help us assist potential security weaknesses of the Bitfi device. We would greatly appreciate assistance from the infosec community, we need help,” wrote CEO Daniel Khesin.
He said that bounty — which doesn’t appear to be associated with McAfee — was meant to simulate a scenario in which a user’s device has been taken, modified and returned to them.