John McAfee’s Bitfi cryptocurrency wallet was hacked by a security duo

Pierluigi Paganini September 02, 2018

A security duo composed of Saleem Rashid and Ryan Castellucci demonstrated that it is possible to hack the John McAfee’s Bitfi cryptocurrency wallet.

Today let’s discuss John McAfee’s cryptocurrency wallet, the Bitfi wallet, defined by the popular cyber security expert “unhackable.”

Unfortunately, nothing is unhackable, and the Bitfi wallet was already hacked two times.

The Bitfi wallet is an Android-powered hardware device for storing cryptocurrencies and crypto assets.

A team of security researchers called THCMKACGASSCO devised a new attack that could allow them to steal all the stored funds from an unmodified Bitfi wallet.

The wallet relies on a user-generated secret phrase and a “salt” value to cryptographically scramble the secret phrase. The experts who devised the attack explained that the secret phrase and salt can be obtained allowing the attackers to generate the private keys and stole the funds.

“The Android-powered $120 wallet relies on a user-generated secret phrase and a “salt” value — like a phone number — to cryptographically scramble the secret phrase. The idea is that the two unique values ensure that your funds remain secure.” reported Techcrunch.com.

“But the researchers say that the secret phrase and salt can be extracted, allowing private keys to be generated and the funds stolen”

The security duo composed of Saleem Rashid and Ryan Castellucci, members of a the THCMKACGASSCO, developed the exploits for the attack and published a video PoC for the hack. In the video PoC is shown that setting a secret phrase and salt, and running a local exploit, it is possible to extract the keys from the device.

The video shows the attack can take less than two minutes to be executed.

Rashid explained that they discovered that the keys are stored in the memory longer than Bitfi claims. The experts have devised a technique to run code on the hardware wallet without erasing the content of memory that included the keys, then they were able to extract the content of the m2mory including the keys.

The bad news is that the attack is trivial to carry out and doesn’t require any specific hardware as explained by Andrew Tierney, a security researcher with Pen Test Partners who verified the new attack.

Tierney was one of the members of the hacking team that carried out the first Bitfi attack.

McAfee offered a $250,000 bounty for anyone who could successfully carry out an attack on the wallet that will result with the theft of the coins.

Bitfi did not pay out the bug bounty because the attack demonstrated by the researchers was outside the scope of the bounty.

 

Differently from the first hack, this second one demonstrated by the security duo seems to in scope for the bug bounty.

Bill Powel, vice president of operations at Bitfi, told TechCrunch in an email that the company defines a hack “as anything that would allow an attacker to access funds held by the wallet.”

After the researchers published the video PoC of the attack, Bitfi announced to have hired an experienced security manager, who is confirming vulnerabilities that have been identified by researchers.

Rashid will not publicly disclose the exploit code to avoid hackers using it.

[adrotate banner=”9″] [adrotate banner=”12″]

Pierluigi Paganini

(Security Affairs – Bitfi, hacking)

[adrotate banner=”5″]

[adrotate banner=”13″]



you might also like

leave a comment