John McAfee’s Bitfi cryptocurrency wallet was hacked by a security duo

By: Pierluigi Paganini

A security duo composed of Saleem Rashid and Ryan Castellucci demonstrated that it is possible to hack the John McAfee’s Bitfi cryptocurrency wallet.

Today let’s discuss John McAfee’s cryptocurrency wallet, the Bitfi wallet, defined by the popular cyber security expert “unhackable.”

Unfortunately, nothing is unhackable, and the Bitfi wallet was already hacked two times.

The Bitfi wallet is an Android-powered hardware device for storing cryptocurrencies and crypto assets.

A team of security researchers called THCMKACGASSCO devised a new attack that could allow them to steal all the stored funds from an unmodified Bitfi wallet.

The wallet relies on a user-generated secret phrase and a “salt” value to cryptographically scramble the secret phrase. The experts who devised the attack explained that the secret phrase and salt can be obtained allowing the attackers to generate the private keys and stole the funds.

“The Android-powered $120 wallet relies on a user-generated secret phrase and a “salt” value — like a phone number — to cryptographically scramble the secret phrase. The idea is that the two unique values ensure that your funds remain secure.” reported Techcrunch.com.

“But the researchers say that the secret phrase and salt can be extracted, allowing private keys to be generated and the funds stolen”

The security duo composed of Saleem Rashid and Ryan Castellucci, members of a the THCMKACGASSCO, developed the exploits for the attack and published a video PoC for the hack. In the video PoC is shown that setting a secret phrase and salt, and running a local exploit, it is possible to extract the keys from the device.

The video shows the attack can take less than two minutes to be executed.

More: https://securityaffairs.co/wordpress/75821/hacking/bitfi-wallet-hacked.html