Acknowledging that researchers have identified legitimate security vulnerabilities in its cryptocurrency wallet, Bitfi announced in a Twitter post that its branding will no longer claim that the product is ‘unhackable.” The company also confirmed that it is closing its existing bounty programs, that it says caused “anger and frustration among researchers.”
Bitfi’s existing bounty programs sparked controversy when the company offered a quarter-million-dollar reward to hackers who could break into the wallet – but only considered a hack successful if the attack resulted in the removal of Bitcoin. While the company apparently stands by that decision, Bitfi’s leadership has apparently recognized that its wallet product is not as secure as its “unhackable” branding label would suggest.
Meanwhile, Bitfi backer John McAfee reportedly stands by the company’s former security claims. According to reports from the BBC, McAfee told one of his Twitter followers that the wallet is “clearly unhackable.” His reasoning was simple: “Since the purpose of the wallet is to store coins, every claimed “hack” has been unsuccessful.”
However, security researchers who successfully compromised the wallet released evidence that was confirmed by Bitfi’s recently-hired Security Manager. One member of that research group, Surrey University cybersecurity expert Professor Alan Woodward, suggested that a successful hack was all but inevitable:
"Security can be complex and the wider public rely upon vendors telling the truth. However, there are certain signals that should immediately ring alarm bells. The worst is if a vendor claims something is unhackable as Bitfi did: nothing is unhackable."