In a June press release, Bitfi, together with security mogul and crypto-enthusiast John McAfee, made a claim most technology makers avoid – that its product was "unhackable."
McAfee said no other security methods were as "epic" as Bitfi's, which "pulled out all the stops to ensure that the private key can never be obtained by illicit means." McAfee then tweeted on July 24:
As noted by Ryan Castellucci, principal security researcher and security engineer at cybersecurity firm White Ops:
"Indeed, you have to be spend $120 on a Bitfi device, and then pay another $10 to 'preload it with coins' to even try, and then you specifically have to hack the wallet associated with [the particular] device they send you. If a researcher found, for example, the device had a weak RNG that allowed for key recovery by examining a series of transactions generated by it, they would not win the bounty."
Castellucci went on to "strongly advise against using one of these devices."
On July 31, Bitfi upped the hacker bounty to $250,000.
Bitfi said the bounty is not to identify vulnerabilities*, as it claims security is "absolute," but to prove that Bitfi is indeed "unhackable."
The bounty has led to a debate, with some calling it a "sham," as the only way the bounty can be claimed is by retrieving the security key from the device, which doesn't actually hold the key.
McAfee continues to dismiss claims that the wallet has been hacked.
"This is getting absurd. Either something's 'unhackable' or it's not. Clearly, as evidenced many times over, the Bifi is not."
McAfee is also launching a privacy phone, the "Cloak Phone," and he is still confident about both technologies. Today, he tweeted :
*A second, $10,000 bounty has also been offered to help identify potential security vulnerabilities. This bounty will be given if a hacker can modify the wallet's firmware in a way that still allows the device to connect to the Bitfi Dashboard and allows the hacker to "transmit either private keys or the user's secret phrase to a third party."