John McAfee's 'unhackable' crypto-wallet allegedly hacked in a week

A hacker says McAfee and Bitfi won't pay the $250,000 bounty, but they disagree that the hack was a success.

Sean Keane Former Senior Writer
Sean knows far too much about Marvel, DC and Star Wars, and poured this knowledge into recaps and explainers on CNET. He also worked on breaking news, with a passion for tech, video game and culture.
Expertise Culture | Video Games | Breaking News
Sean Keane
2 min read
C2SV Technology Conference + Music Festival With Iggy And The Stooges - San Jose, CA

John McAfee disagrees about what constitutes a valid hack.

Tim Mosenfelder / Getty Images

Someone claims to have successfully hacked an "unhackable" cryptocurrency wallet.

A self-described IT geek in the Netherlands who goes by @OverSoftNL on Twitter tweeted Wednesday about gaining root access to a crypto-wallet, which antivirus software pioneer John McAfee and hardware crypto-wallet maker Bitfi said had "absolute" security.

Last week, McAfee said he'd entered into a partnership with Bitfi to offer a $100,000 bounty to anyone that could hack a Bitfi wallet. The bounty was later raised to $250,000. Participation in the challenge required the purchase of a $120 Bitfi wallet, preloaded with cryptocurrency.

"Short update without going into too much detail about BitFi: We have root access, a patched firmware and can confirm the BitFi wallet still connect happily to the dashboard," @OverSoftNL tweeted. "There are NO checks in place to prevent that like claimed by BitFi."

Root access gave @OverSoftNL a way into the wallet's root folder directory, which allowed for tweaking its backend, according to TheNextWeb.. McAfee disagreed that root access constitutes a hack.

"Root acces (sic) to a device with no write or modify capability. That's as useless as a dentist license un (sic) a nuclear power plant," McAfee tweeted Thursday. "Can you get the money on the wallet? No. That's what matters."

@OverSoftNL said the ability to gain root access meant the wallet wasn't secure and dismissed the first bounty as a "sham," adding Friday that Bitfi doesn't "even have $250k free on hand at this moment."

Bitfi, who didn't immediately respond to a request for comment, also offered a second, $10,000 bounty with a plea for help.

"Dear friends, we're announcing second bounty to help us assist potential security weaknesses of the Bitfi device. We would greatly appreciate assistance from the infosec community, we need help," tweeted CEO Daniel Khesin.

He said the $10,000 bounty -- which doesn't appear to be associated with McAfee -- was meant to simulate a scenario in which a user's device has been taken, modified and returned.

Blockchain Decoded: CNET looks at the tech powering bitcoin -- and soon, too, a myriad of services that will change your life.

Follow the Money: This is how digital cash is changing the way we save, shop and work.