This article was published on August 14, 2018

Bitfi is threatening the hackers who hacked its ‘unhackable’ crypto-wallet

The Bitfi team has lost its mind


Bitfi is threatening the hackers who hacked its ‘unhackable’ crypto-wallet

This is getting ugly. It appears the creators of the purportedly (but not really) “unhackable” cryptocurrency wallet Bitfi, endorsed by John McAfee, have sent veiled threats to the security researchers that hacked the device.

In a now-deleted tweet, Bitfi warned the researchers (one of whom is only 15 years old) that there might be certain negative “consequences” for doing proper security work.

“This is my last tweet as my shift is ending, but did you guys ever bother to look into who you picked fight with [sic] [and] the resources these people have,” the company wrote. “Not wise. Remember that the lies [and] deception that you deliberately spread about Bitfi can have consequences.”

As is often the case, the suggestive tweet was swiftly screenshot by a number of users before Bitfi could take it down. Here is a copy for posterity:

The 💜 of EU tech

The latest rumblings from the EU tech scene, a story from our wise ol' founder Boris, and some questionable AI art. It's free, every week, in your inbox. Sign up now!

Following the threats, the researchers released a statement in a public Pastebin, saying they will no longer engage with Bitfi. “We aren’t engaging with Bitfi after they made several threats on Twitter,” the hacking collective said.

For the record, Bitfi first made headlines with bombastic claims it had developed the very first truly “unhackable” cryptocurrency storage solution. As the researchers proved shortly after, this wasn’t quite the case.

After security experts were able to pinpoint a bunch of red flags in the wallet’s design and also crack the device to play DOOM on it, Bitfi attempted to redefine what “unhackable” means. The researchers have since argued that Bitfi’s narrow definition is intended to prevent anyone from claiming their bug bounty (and thus proving the device is “hackable”).

“We recognized the bounty was a sham immediately,” researcher Andrew Tierney (more commonly known as Cybergibbons) told Hard Fork. “I like open bug bounties, but ones to prove you are unhackable are just silly.”

It seems Bitfi didn’t get the memo: threatening researchers for doing their job is the easiest way to burn bridges.

Get the TNW newsletter

Get the most important tech news in your inbox each week.