John McAfee, creator of hardware wallet BitFi, was nominated and subsequently won the 2018 Pwnie Award for ‘lamest vendor response’.
A couple months ago McAfee, founder of renowned anti-malware named after him, announced the creation of the first ‘ultra-secure’ cold wallet, which he described as ‘unhackable’, and he developed in partnership with BitFi, a hardware wallets startup.
At the moment, he posted in his Twitter account “Not only is my Bitfi wallet unhackable, you can store your entire net worth in your brain, without a trace of anything anywhere. Imagine walking around with all your money in your brain? This was never before possible.”
So much was the confidence of the manufacturer in its product that BitFi introduced a bounty program that begun offering $ 100,000, only to be increased to $ 250,000 for anyone who can hack the wallet and collect all preloaded bitcoins.
Tempting the devil
However, the wallet was not as secure as the IT guru initially asserted, for in just a matter of hours, the flaws in the device were exposed by the bitcoin community.
In an effort to disregard his detractors, McAfee stated that the wallet was not violated, and only when someone managed to claim the aforementioned bitcoins stored in the device, then they could talk about hacking.
“Let’s put this to bed. Using the wallet as a component in a video player is not a hack. Gaining root access on a device with no memory is not a hack. Intercepting a UPS truck, whacking the driver, modifying our hardware and delivering to the user? Please!” he said.
But it was the well-known cyber security researcher and 15-year-old hacker Saleem Rashid, who played a key role unveiling the security flaws of the wallet, evidenced by a video released on the Internet where the boy is using the BitFi device to play “Doom” – a popular Sci-Fi action videogame.
Without any doubt, this demonstrated that the ‘unhackable’ device is not as ultra-secure as McAfee made it look like.
However, the creator of BitFi kept defending his product, alleging that neither of those hackings can be considered as successful according to the terms of the bounty program.
Additionally, a spokesperson of the manufacturer blamed the competition for the controversies surrounding the wallet.
“Please understand that the Bitfi wallet is a major threat to Ledger and Trezor because it renders their technology obsolete. So they hired an army of trolls to try to ruin our reputation (which is ok because the truth always prevails),” reads the email sent to Hard Fork
With all these responses from McAfee and the BitFi team, the organizers of the aforementioned award had it pretty easy to decide the winner, for in this particular category, only service providers with the worst handling of security flaws can participate.