It wasn't long ago that we reported on John McAfee's cryptocurrency wallet. It's the one he called "unhackable" and invited hackers to give it their best shot.
The InfoSec community had a visceral reaction to that claim, and it got a lot of attention. Because if there are two thing attendees of SecureWorld conferences have told us repeatedly, it's the idea that there is no silver bullet in cybersecurity and that nothing is unhackable.
Well, researchers have not only hacked the BitFi hardware wallet, they've done it twice now.
TechCrunch has a nice piece on how the unhackable was hacked this time:
Security researchers have now developed a second attack, which they say can obtain all the stored funds from an unmodified Bitfi wallet. The Android-powered $120 wallet relies on a user-generated secret phrase and a "salt" value—like a phone number—to cryptographically scramble the secret phrase. The idea is that the two unique values ensure that your funds remain secure.
But the researchers say that the secret phrase and salt can be extracted, allowing private keys to be generated and the funds stolen.
Mabye the BitFi wallet will become "unhackable" after the company fixes this vulnerability?