John McAfee has done many things with his life, including trying to capitalise on the new-found cryptocurrency fad that's proving to be very lucrative for criminals and other nefarious scamming-types. He recently released Bitfi, an 'unhackable' cryptocurrency wallet, which was promptly hacked multiple times. But while you can port Doom onto it, McAfee's bounty terms were reliant on the coins themselves being accessed - which might have just happened.
The $250,000 bounty criteria hasn't been met yet, but security researchers have managed to break in and send signed transactions using the device. That should qualify them for a smaller $10,000 bounty.
Well, that's a transaction made with a MitMed Bitfi, with the phrase and seed being sent to a remote machine.
That sounds a lot like Bounty 2 to me. pic.twitter.com/qBOVQ1z6P2
— Ask Cybergibbons! (@cybergibbons) August 13, 2018
The second bounty has three criteria that need to be met before McAfee will pay up. The first is physically modifying the device, which multiple teams have shown isn't particularly difficult. The second involves connecting with the Bitfi server, and the third is send sensitive data using the device.
According to security researcher Andrew Tierney (aka Cybergibbons), the team was able to intercept communications between the wallet and Bitfi which shows it's still connected to the dashboard - despite the modifications that have been made. He also confirmed that the device’s private keys and its passphrase to a remote server, which he believes qualifies them for the smaller bounty.
The elusive $250,000 bounty requires someone to actually remove the coins from the Bitfi wallet, so there's still work for hackers to do if they want to try and prove McAfee wrong. Still this is something, and is further evidence that hackers are an intrepid bunch when they're given a challenge. McAfee's personal Twitter account hasn't made any mention of the development as far as I can see, but if I were him I'd try not to make a big deal out of it to avoid the inevitable gloating from random strangers.
Let's just hope he pays up, or has a very good excuse for not doing. [The Next Web]
Image: Gage Skidmore/Flickr