Blog: Opinions

Hacking the Bitfi. Part 2: John McAfee’s video

Ken Munro 02 Aug 2018

The unhackable Bitfi story isn’t going away any time soon.

Following John McAfee’s tweet yesterday that he would put out a “definitive video countering all of the nonsense claims instigated and co-coordinated by BirFi’s [sic] established, monolithic competitors in the hardware wallet space” here’s a transcription of the three videos.

Part one

We are going to talk about all the fear, uncertainty and doubt surrounding the bitfi wallet. First of all what does it mean to hack something?

Someone hacked the personnel management of US government and took away 21 million records of every employee that had ever been there, or someone hacked into a business and encrypted their data and will now demand money in order get the data back.

Or you have a wallet, it has money in it, you hack that to get the money. That is what hacking is, you are modifying taking or doing something that affects the thing that you are hacking. Now the bitfi wallet, what does it mean to hack that wallet? You take the money.

What have we done, we have given wallets to anyone who wants to hack it and no-one has taken us up on it by the way. All you have to do is buy the wallet, we put $50 of bitcoin on it, if you take the bitcoin we give you $250,000, now that is hacking.

So, people said well we have hacked the wallet, one guy goes I got root access, big f***king deal what can you do with it? Absolutely nothing, there is no memory on the device, there is nothing you can modify or change, but you got root access and you hacked it.

No sir, that’s child’s play and a childish way to define hacking. Some people actually say its bullsh*t the way you define hacking, we give you the wallet and you have to take the money, that’s bullsh*t.

It’s only bullshi*t because they can’t do it. So this is what hacking means. When I say the wallet is unhackable I’m saying that you can’t take the money, you can’t get it for yourself. End of story. This is what I mean by hacking, this is part 1, in part 2 I am going to describe how we do this, stand by.

Link to video part 1

Part two

So I’ve always said that there is nothing unhackable and I believe that firmly and most of the security world believes that as well. I also said when I saw blockchain that the blockchain is going to radically transform all our ideas about the world, including the world of security;

Why is the Bitfi wallet unhackable? Because we have used the Blockchain as our security.

How do we do that? What is the blockchain? The blockchain is an immutable unchangeable ledger of what happens, in any area of life.

In the area of crypto currency wallets it is the record of everything since the inception of that wallet. So, what does that allow us to do, and no-one else has thought of this yet. Instead of having memory ourselves on our devices, which is what allows devices to be hacked, we are using the blockchain as our memory

Think about it, with the blockchain if you have your seed keys, which is an unintelligible list of words which is given to you to recreate the wallet at any point. If you have the seed keys, you have access to everything that has ever happened in that wallet

So you’re using it as our memory and we have none in our device, none. What happens is, Instead of just having to remember 12-20 random words, which is impossible for anybody, I can’t do it

We allow the user to have a phrase that they create that they can’t possibly forget and that phrase is then translated by our hardware in to the seed keys which accesses the wallet

The memory in the blockchain, so we have nothing to hack . We have no memory to look at; there is nothing in the wallet that anyone can possibly use to hack it.

Link to video part 2

Part three

Ok, so, hacking being defined as taking money from the wallet. No ,that is not possible.

I therefore say the device is unhackable.

Now, let us look at the issues surrounding the brain being the storage of the key. Well they say how ridiculous is that, its only one measure of security. Well you think that more than one measure is somehow better.

Let’s look at 2 factor authentication for things like twitter and other accounts where we now have our fun with them. Because of 2 factor authentication my twitter account was hacked earlier this year. How? By a thing called a SIM swap.

Someone calls AT&T, they have my phone number somehow convinces them to change my SIM card to their SIM card with whatever sob story they had.

Admittedly you may have to call 9 different people to find that 1 person with a heart that says oh you poor things yes let’s do it. I woke up in the morning and my phone didn’t work and my twitter account had been hacked. Why? Because they had lost their password, please send it to my phone.

So I took out 2 factor authentication, and if you are using 2 factor authentication you are an idiot.

So more than 1 way of securing something is not necessarily secure.  What about those things you might forget, what about you get old, you get senile.

Well you know, that happens and if you are in fact concerned about it, get yourself a safe deposit box in some safe institution, drop your information which is your passcode in that. Give the keys to the thing to your lawyer, say if I die, please give this to my children, so they can live happy ever after.

But OK, do that then. Or you can say the same thing, if you have memory loss or mental problem say please give me the key, so if you are worried about your kids  you can do it that way, or if you are in America what have they done for you recently, but in any case thank you very much.

Link to video part 3