Remember, we wrote about the “unbreakable” crypto-currency wallet, which is so ardently promoted John McAfee?
A group of researchers successfully made several of the signed transaction, despite all the “safety mechanisms” that were supposed to prevent this.
Well, that’s a transaction made with a MitMed Bitfi, with the phrase and seed being sent to a remote machine.That sounds a lot like Bounty 2 to me. pic.twitter.com/qBOVQ1z6P2— Ask Cybergibbons! (@cybergibbons) 13 December 2018
Researchers believe that they have fulfilled all conditions to receive compensation in the amount of $ 10,000. Bitfi announced three criteria for awards: the researchers had to prove that they can modify the device to connect to the server Bitfi and send sensitive data through the device.
Getting access to the device was rather easy: white hackers gained full access (root) to him two weeks ago. Since then, they kept track of all the information transferable device. The researchers also was able to confirm that the wallet is still connected to the servers Bitfi.
One of the researchers, Andrew Tierney (better known as Cybergibbons), comments on the work done:
We intercepted a message between a purse and [Bitfi]. This allowed us to display all sorts of silly messages. Interception really does not play a major role. We did it to demonstrate that it still works despite the significant changes we have made to the device.
But more importantly: Tierney also confirmed that they had fulfilled the third condition – they sent private keys of the device and its passphrase to the remote server by completing all three requirements to receive a US $ 10,000 as a reward.
We sent the led and the phrase from the device to another server using netcat, nothing unusual in this. We believe that all [the conditions] are met.