Bitfi and the "Unhackable" Controversy
A bounty of $250,000 USD was placed on the Bitfi wallet. Have a wallet sent to you, extract the coins, and claim your prize. Approximately one hour after a twitter user, and alleged hacker, @cybergibbons uploaded a video claiming to have hacked the Bitfi wallet and taken the coins, Bitfi took down their "unhackable" claim from their twitter page and website and recognized they have made some decisions that have been detrimental to the crypto community. Furthermore, they shut down their bounty program and said they were reviewing bounty claims to be paid out. Cybergibbons and his team was calling for a total recall on the device.
As a Bitfi affiliate, I felt as though it was my duty to seek clarity surrounding these claims. I navigated into my Bitfi wallet, and my coin balances were not available. The balance issue was short lived, but being a victim to numerous ICO scams in 2017, instant panic had kicked in. I said to myself, "Please God no, not again. Not John McAfee." So far, all of McAfee's crypto investing tips have worked out tremendously well, including big gains on Docademic from the ICO, and the freak-like increase of value (1000s of %) of Verge Currency last year after he tweeted about it. Talk about a McAfee affect. Thankfully the Bitfi team responded to me almost immediately over twitter direct message regarding my concerns.
After getting a lesson on how RAM works, Bitfi admitted it had a few vulnerabilities but is still much more secure than its competitors. Also, they will be minimizing the main vulnerability of how long your private key stays in the RAM. They said their goal is to shed it from a few hours down to a single second. I reached out to @CyberGibbons too, the alleged hacker, to obtain his side of the story. I'm sure if McAfee was online to disregard this hack as nonsense, I probably wouldn't have even bothered.
Although there were no coins taken from the bounty wallets, but were concerns about the timing of all of this. There was mutual agreement between both parties that there are possible vulnerabilities. After stifling through CyberGibbons rationale, it seemed under realistic conditions of owning a Bitfi, it is pretty well unhackable. However, there may be a few scenarios where a Bitfi could be hacked, such as it being stolen, and not powered down after recent usage (the main vulnerability they are now tackling), or intercepted and bugged before delivery to the consumer (seems like a very far out scenario).
I wanted a comment from McAfee so I sent him these screenshots of the conversations, hoping he'd take on @CyberGibbons and his rough estimate of 11K followers at the time. I think he is around 12K as I write this, a clear McAfee boost. A few hours later I received a private response from the Father of Privacy himself. He wasn't too pleased to read these screenshots. After explaining that the bounty coins hadn't been taken, and to not waste his time over this again, I had my confirmation. The next day I woke up and it was a full fledged Twitter war between McAfee and CyberGibbons.
McAfee has now offered @cybergibbons a 20 million dollar reward to hack his Bitfi.
Both are claiming they want to prove their point under their own circumstances. But if the Bitfi was as hackable as @CyberGibbons says it is, one would think the bounty wallet balances that are visible to anyone would have been emptied by now, and the $250,000 reward would be claimed. The bounty wallets all still contain the original bitcoin. That being said, it is reasonable to believe Bitfi users are safe.
After chatting some time with Bitfi, they did disclose that somebody from the CyberGibbons team is to be joining their own team to improve security. And when I asked about new coin compatibilities, I was told SIA is a priority right now, a decentralized computer storage coin with a very large and supportive community.