Bitcoin Forum

The Bitfi hardware wallet is a revolutionary blockchain hardware wallet capable of securing any digital asset without having to store a single thing. The device has been designed with one of the most sophisticated approaches to security while maintaining an intuitive and ease-of use interface.

The device is not a storage device, rather it works as a private key generator that calculates your private key which comes into existence for less than a second during a transaction. By generating a private key at the time of a transaction and storing nothing, Bitfi surpasses the security of all other hardware wallets. This makes stealing from it impossible. You cannot steal what isn't there.

Due to a significant amount unconfirmed media reporting and unverified claims there is a controversy surrounding our wallet which has resulted in very few people understanding the difference between the new Bitfi technology and other wallets and methods of securing digital assets. The controversy was triggered over the use of the word "unhackable" by John McAfee when Bitfi was first introduced.

To clarify our position on this matter, we would like to state for the record that we agree all electronic devices (or anything man-made) can be hacked, modified, taken apart, or altered. Bitfi took a security approach with this consideration in mind. The device was designed in such a way that should it ever be "hacked" - there is nothing to take. The device is always empty. Furthermore, John McAfee was not involved with the development or operations of Bitfi, and has no ownership in the company. However, he is an advocate of the use of Bitfi as he himself and his company, Team McAfee, use the Bitfi wallet. While he understands anything is hackable, his excitement comes from the innovation of never requiring the storage of private keys or data on the Bitfi device.

The word "unhackable" caused a significant amount of tension within the cyber security community and confusion in the market place and for that, we apologize. Our intention was to push a dialogue of what security means in the cryptocurrency community. Our goal is to have productive and open collaboration so that we may have the opportunity to clear up any misconceptions or questions surrounding the Bitfi wallet.


We welcome the opportunity to field any comments and questions you may have about our security, our approach and where we are heading in the future.


Twitter: @TheBitfi
Instagram: @TheBitfi
Facebook: @TheBitfi
Youtube: https://www.youtube.com/channel/UCIJXmTcPSUVW1I8PU05ZBbA

Our Youtube channel offers wallet tutorials in English, Korean, Japanese, German, and Portuguese.

Give it a rest.

The Bitfi wallet was repeatedly hacked, to the extent of having the coins stolen from the device: https://techcrunch.com/2018/08/30/john-mcafees-unhackable-bitfi-wallet-got-hacked-again/

In response to this hack, instead of paying the bounty like you should have done, you cancelled the bounty program and insulted and attacked the researchers who you should have been paying $250,000.

Even ignoring all of that, all Bitfi is is a glorified brain wallet, which is probably the single worst way to store your coins. No serious crypto user would ever purchase this wallet.

Hi o_e_l_e_o,

There is a lot of misconception & false rumors going around regarding this. The fact is, we pay all of our obligations and all of our bounties. If we didn't who would take our bounties seriously? Regarding the hacks pertaining to the older model (before DMA-2) you are talking about, this was posted a long time ago: https://twitter.com/TheBitfi/status/1038339727961800704 and just 2 days ago we paid out the Jelurida challenge within 1 hour of them requesting payment: https://twitter.com/TheBitfi/status/1114618673061351426 So yes, we do pay everyone and we pay all of our obligations. We hope this clears up any confusion regarding this.

The article posted by TechCrunch is false and we will be definitely working on getting them to update it. Its false, starting with the title. For example, it is not "John McAfee's wallet" and never was. He has nothing to do with this company other than using the wallet himself and recommending it to his followers. TechCrunch could have easily reached out to us to confirm this, but they didn't bother.

Coins were never stolen from the device according to the bounty and this is provable fact. If you would like to dig further, we are happy to supply you with evidence that this did not happen.

Secondly, this is not like a brain wallet at all. First, lets imagine that you are storing 30 different digital assets and just for Bitcoin you have 15 different addresses. If you had been using a brain wallet, you would have to remember 45 different salts & phrases, which is completely impractical and unusable. With Bitfi, a single salt & phrase generates the correct private key for any currency or asset, and it can be an unlimited amount of currencies.

Then, a brain wallet has major security issues in creating the salt & phrase as it is done in a computer environment and then when you need to translate the salt & phrase back into a private key you have to do it in a computer environment again which can expose your private key. The other problem is that once you have imported that private key into some wallet, its no longer safe and you have to empty the entire balance and transfer it to a new brain wallet. Not to mention that you don't even know if the software you are using to create the brain wallet is safe and it is certainly not suitable for ordinary people who are not tech savvy (while our mission is mass adoption). With Bitfi, you never type your salt & phrase into a computer environment and the device never interfaces or connects with the computer environment or with any consumer device at all.

The point of all this is that Bitcoin was intended to be unseizable, but it can be seized from any wallet because they contain private keys. The only wallet that is congruent with the philosophy of Bitcoin is Bitfi because it is the only wallet that cannot be seized for one simple reason that you cannot steal what doesn't exist.

We thank you for the opportunity to respond to your comments and would welcome any other comments or questions.

Bitfi Team

Except you don't. You came out with some nonsense excuse about how their hack didn't exactly meet your criteria, insulted them on twitter, and shut down your $250,000 bounty reward program. Until you publicly apologize and pay the $250,000 you owe, no one will take you seriously.

You might want to tell that to McAfee. He seems to think it's his product: https://twitter.com/officialmcafee/status/1018933263107330049. You might also want to back off from the nonsense claim that the word "unhackable" was only used by McAfee since you had it plastered all over your website: https://web.archive.org/web/20180731202155/https://bitfi.com/

Yeah, that's still a brain wallet, regardless of how many private keys you derive from the phrase.

You are asking people to enter their phrase into, and therefore trust, your provably insecure and hackable wallet rather than their own potentially airgapped and encrypted computer. If for some reason I was forced to use a brain wallet, I know which one I would choose.

And we are supposed to take you on your word that your wallet is safe, since it's not open source?

Except the hacks I linked to before show that this isn't true. And a $5 wrench attack will quite easily lead to you losing your coins.

Maybe if you stopped making claims that are demonstrably untrue, people might be more willing to take you seriously.

Hi o_e_l_e_o,

If you don't mind we have some more thoughts on your comments:

"Except you don't. You came out with some nonsense excuse about how their hack didn't exactly meet your criteria, insulted them on twitter, and shut down your $250,000 bounty reward program. Until you publicly apologize and pay the $250,000 you owe, no one will take you seriously."

The text for that bounty is still up and you can read it: https://bitfi.com/bounty Please explain who, how, or where the conditions for this Bounty were met and we will make the $250,000 payment immediately. What is the nonsense excuse? Are the rules stipulated in this bounty not clear or hard to understand? We genuinely want to pay out this bounty to anyone who achieved it, but we are not aware of anyone who achieved it. Please help us find someone who did this and as stated above payment will be made immediately.

Regarding, the claim "unhackable" please read the first FAQ on our website. It explains our position on what happened and why it was used.

It is a private key generator. Yes, it can be used to store everything in your brain with a single phrase. The only reason its wrong to refer to it as a brain wallet is because it has dozens of important differences with brain wallets and executed in a very different way. Calling it a brain wallet creates confusion. To be able to walk around with hundreds of different coins and tokens in your brain & potentially millions of dollars (and soon terabytes of data and many other things) is very exciting. Sounds almost like science fiction, except its real.

We have created our own custom system that allows all developers in the world to participate in reviewing and contributing to Bitfi code which is going live in 2 days, this announcement was made here: https://twitter.com/TheBitfi/status/1110744867951513600. We made it so that each developer will have their own private key, rather than using GitHub so that you know each post is made by the person who they claim to be. All users and developers can interact through this system and review code before it goes to device. In addition, we have already done forensic testing and revealed methods that anyone can use to verify for themselves that indeed the private keys don't exist on this device: https://twitter.com/TheBitfi/status/1054884530199449600

Please describe how a $5 wrench attack will lead to loss of coins? We would be very interested in your feedback.

The vulnerabilities discovered now almost year ago were on the first version of device and we are now shipping DMA-2 which had all potential vulnerabilities fixed.

Finally, can you please tell us which claims we are making at this time that are demonstrably untrue and we will immediately remove them.

We understand and appreciate why you are skeptical. All we are asking is that you monitor the facts and data that is being released over the next few weeks so you can make a decision based on fact and not rumor. You may decide that its absolutely not for you or you might realize that this is a tool you can benefit from. We are not asking for anything other than an open mind and collaboration. We are doing all we can to contribute to the cryptocurrency community, not to take anything away from it.

Thanks again.

Bitfi Team

     Unfortunately, in order to ensure that this password is only stored in a person's mind, that person needs to pick a passphrase that is easy to remember. Otherwise, if that person forgets, that person will not be able to access the coins. Unfortunately, phrases that are easy to remember are also easy to brute force. If a person picks a sufficiently difficult passphrase, they would have to write it down. Then it would no longer only reside in their mind and would be subject to confiscation/theft. Also, since your code is closed source, what happens if your company becomes defunct? In such an event will the person's device still be able to operate, if the website that they are supposed to interact with goes down? If it will still be able to function and the device itself becomes broken, will the person have to hope to somehow find a working device in order to access their coins? Also, what if the device owner becomes deceased or suffers an injury/illness that severely impairs their memory. In order to ensure their coins can still be accessed by their estate in such an event, they will either have to share their passphrase with a trusted individual or they would have to write it down and keep the piece of paper secure. Once again, the phrase no longer only existing in one's mind. The trusted individual can betray them or the piece of paper can be confiscated/subject to theft.

Hi bones261,

You make excellent points and we would like a chance to comment on them to clarify these issues.

First, there are two ways to set a passphrase for your Bitfi. One is a totally custom phrase and the second is a phrase using Diceware (please see: https://theintercept.com/2015/03/26/passphrases-can-memorize-attackers-cant-guess/). The Bitfi device comes included with a physical die that you will roll for perfect analogue randomness to choose words out of a Diceware word list. With this method only 7 words are needed. You might think that 24 words as used in ordinary hardware wallet must have higher entropy than 7 words, but its actually the opposite. This article here does a decent job explaining why these 7 words on Bitfi give more protection than 24 words: https://medium.com/@surprisedwarrior/the-art-of-mnemonics-90fa439c76f3

The Bitfi Wallet requires two passwords a salt & your passphrase. But lets say you use a completely custom phrase like Bones261LovesBitcoinTalk.orgFor$Advice. If you want to see how long it would take a computer to crack this phrase, please use the following tool: hsim.pw  or https://howsecureismypassword.net

Once you get the time involved, please note that should your phrase be cracked, it is still useless without the salt. The attacker can't even know if he/she cracked your phrase or not because they have no way to test it without knowing the salt. However, we want to also point out that there is still a significant advantage if you decide not to memorize your salt & phrase (this is only optional) and instead write it down. Here is why - if someone breaks into your house (or it could just be your babysitter) and they find 24 words they know instantly they just found a wallet, but if they find Bones261LovesBitcoinTalk.orgFor$Advice they are unlikely to think this is access to a wallet because its completely non-standardized and just a random phrase that can be anything. And again, should they manage to figure out that its access to a wallet, still useless without the salt.

Finally what happens if Bitfi disappears (for example, the government shuts us down for making a wallet they can't ever extract money from)? That would be no problem whatsoever and as long as you know your salt & phrase your money is always safe. The private key recovery tools are all on https://www.btknox.org and many copies have already circulated all over the internet. Here we demonstrate how easy it is to recover all your money in case Bitfi disappears: https://twitter.com/TheBitfi/status/1111434686645960707 It literally takes less than a minute to generate all your private keys and import them into another wallet.

Thank you for opportunity to respond to your comments and we would be delighted to see any other comments or questions from you.

Bitfi Team

You closed the old bounty without paying. Launching a second bounty (which you also won't pay) is not the same. Here is where you tweeted about cancelling your bounty program: https://twitter.com/TheBitfi/status/1035279307617259523.

https://twitter.com/saleemrash1d/status/1035269363903946755 - he cold booted the wallet and extracted the previously used passphrase from RAM, which allows him to steal every single coin stored on the device. You refused to pay.

That's all well and good, but your first post in this thread claims "unhackable" was only used by McAfee, and that he isn't part of your company. Both of those are not true, as I've shown in my previous posts. Here is the tweet (https://twitter.com/officialmcafee/status/1018933263107330049) where McAfee states that Bitfi is "his product", and here is an archive of your website (https://web.archive.org/web/20180731202155/https://bitfi.com/) with the unhackable claim on the front page.

You are right. A true brain wallet doesn't allow the passphrase to be extracted from its RAM.

I very much doubt this will actually equate to open source, otherwise you would just have used GitHub. It's good enough for every other crypto project out there, but not for you? Please.

Attacker hits you until you tell him your passphrase.

So you finally admit that your device was hackable?

Please read this post and my previous one where I systematically explain how pretty much every claim you make is a lie.

Here are the facts:

1 - Release a wallet you claim is unhackable, and post a $250,000 bounty for anyone that can hack it
2 - It is hacked multiple times within days
3 - Insult the researchers, deny the proof of it being hacked, and cancel your bounty program without paying
4 - Wait for 6 months or so, hoping that people forget about your scammy behavior
5 - Relaunch the exact same insecure product again

This is all glossing over the fact that even if your hardware wasn't easily hackable, brain wallets are a terrible way to store your coins and only a moron would choose them.

TL:DR for anyone else: buy a Ledger or a Trezor.

Hi o_e_l_e_o,

We are going to assume that since you support cryptocurrency which was created by cypherpunks, that you also must believe that truth & fact are fundamental principles behind the social change that was driving Bitcoin's development. We are not asking you to agree with any of our opinions, but just to consider the facts that we will gladly and eagerly present.

Please allow us to address your comments with facts:

1) The reason the $250,000 bounty was discontinued is because large groups of hackers were referring to it as a "sham" and it clearly made many of them angry. This is the only reason why the bounty was discontinued. Here are a just a few examples of those attacks on the bounty:

https://twitter.com/barton_paul/status/1024395617525800961

https://twitter.com/MrSm0keTooMuch/status/1035574600564916224

https://twitter.com/gsuberland/status/1025083694070026242

However this bounty was open for several months before it was finally cancelled. In that time, no one has achieved it.

The second bounty was not launched when the first one was closed, it was also launched months before and both bounties were cancelled simultaneously (with the second one being achieved)

You are saying that we "won't pay the second bounty either", but this is demonstrably false as can be seen here where we are offering the payment and acknowledging that the second bounty has been achieved: https://twitter.com/TheBitfi/status/1038339727961800704 this public statement clearly indicates that the second bounty is being paid out.

2) There was simply no bounty for what you are showing here: https://twitter.com/saleemrash1d/status/1035269363903946755 How could we have refused to pay something that wasn't in place to begin with? If some attack was presented to Microsoft or Oracle (with absolutely no reproducible method, by the way) for which they had no bounty, they also would not pay unless something was negotiated in advance. To clarify, in this attack it does not allow him to steal every coin stored on the device, as the device didn't store coins. What this attack allowed was to modify the device in such a way so that if this attack is done without your knowledge and then you use it next, then your coins could be stolen. This is not stealing coins from a previously used Bitfi. (This was of course fixed a long time ago and we are no longer shipping the model on which this attack was demonstrated).

3) We are not saying that we were not using the unhackable claim. John McAfee was so impressed with the wallet that he told us that it was the first unhackable technology he has ever encountered and we started to use it in our marketing. What was meant by this claim is that the device does not store private keys and therefore the funds could not be extracted, not that the device itself could not be hacked. Unhackable is a word that has no definition and you will not find it in any dictionary. We meant no malice in using the word, we were just trying to find ways to communicate and explain Bitfi technology which is very different from anything else.

4) You cannot extract anything from Bitfi's RAM and this was already forensically measured. We are now shipping the DMA-2 that does not retain the private key for even one second. Having said that, the previous version which didn't have perfect memory management had the private key remain in RAM for some time, in some cases even for a few hours. However, a few hours is still infinitely better than having all your private keys (not just one key) remain on a cold storage wallet forever.

5) Please don't judge the developers platform before having seen it. We will give you a private key to grant you access so you can go in and look around. Its just a couple of days away.

6) The $5 wrench attack: Bitfi is actually the only wallet that can give you protection from this kind of attack. If someone comes to your house and you have a regular cold storage hardware wallet and they are torturing you, you have no choice but to give them access and they will take all your funds. However, because Bitfi does not have any private keys (it acts as a private key generator) you can create an unlimited number of wallets with one device. For example, you can have one wallet with passphrase o_e_l_e_oLovesBitcoinTalk.org that contains $500 and a second wallet with passphrase o_e_l_e_oLovesBitcoinTalk.org2 that contains your life savings (lets say $100,000). So if you are being tortured you would give the attacker access to the decoy wallet with the low balance and the attacker thinks he/she cleaned you out - they have absolutely no way of knowing that you have other wallets (it is impossible to know).

7) Of course we admit that the device was and is hackable. This is in our first FAQ on our website. However, it is also important to understand that the device is not the wallet. What we do know for sure: it is impossible to steal money from a previously used Bitfi Wallet and that the Bitfi Wallet is the only wallet that cannot be seized by law enforcement or anyone else. It does not have any private keys. We have also addressed all the vulnerabilities that have been pointed out on Twitter (some were real and many were fake) and launched the DMA-2 with these vulnerabilities fixed.

8.) We still don't see which claim is a lie. If you can point out any specific claim that is a lie, it will be immediately removed.

9) Regarding your summary:

A. We did not offer $250,000 for anyone to hack the wallet. We offered $250,000 specifically for accomplishing the following: https://bitfi.com/bounty
B. Yes, but not days. It was weeks.
C. Yes at times things got really emotional and we acted inappropriately and for that we apologize. However, the researchers also insulted us, for example by using our logo smeared in diarrhea as their avatar, calling our bounty a sham & then calling outrage when we cancel it, claiming that we don't pay bounties when we always pay (we even donated to the Mental Health Hackers, an organization that helps the very people who were attacking us: https://twitter.com/TheBitfi/status/1077054969902219265), etc.
D. During the last 7 months our engineers have been engaged in very intensive development, not just waiting. And just so you know, several hackers from the group who were originally attacking us on social media are working here as employees for the last 7 months because they realized they got some things wrong and they also realized the remarkable potential of Bitfi technology.
E. We did not relaunch the exact same product again, but a very different product shipping as DMA-2 that has all the vulnerabilities addressed (the ones we were able to verify as real) and then additional features to improve it even further over and above those vulnerabilities.

Not sure why you are bringing up Ledger and Trezor when they have been hacked hundreds of times and had dozens of serious hacks in just the last few weeks (while our vulnerabilities occured within weeks of launch, these companies have been in business for years and they have more serious security issues now than we did upon our launch). Just a few recent examples:

https://www.chepicap.com/en/news/6222/trezor-one-ledger-nano-s-and-blue-get-hacked-ledger-denies-trezor-will-update-.html

https://thenextweb.com/hardfork/2018/03/20/ledger-nano-s-hack-cryptocurrency/

https://smartereum.com/46184/ledger-wallet-hacked-ledger-wallet-hacked-with-simple-radio-antenna-according-to-security-researchers-cryptocurrency-wallet-news-today/

https://steemit.com/trezor/@lexiconical/trezor-hack-devices-are-not-secure-private-key-can-be-extracted-at-startup

https://medium.com/@Zero404Cool/trezor-security-glitches-reveal-your-private-keys-761eeab03ff8

https://cryptoslate.com/ledger-reveals-five-vulnerabilities-in-competitor-trezors-wallets/


Thank you again for opportunity to respond,

Bitfi Team

When everyone is calling the bounty a sham because you refuse to pay it, and you are the only ones claiming otherwise, perhaps it might be you who are mistaken? The wallet was hacked (repeatedly). You refused to pay (repeatedly). End of.

Yes. You worded the bounty so exactly so you knew you would never have to pay it out, even when someone extracts the passphrase from your device's RAM. How about this one (https://twitter.com/OverSoftNL/status/1024684201575108615), who gained root access, installed a patched firmware, and your device continued to run, no questions asked. You didn't pay that one either.

Are (https://en.wiktionary.org/wiki/unhackable) you sure (https://www.yourdictionary.com/unhackable) about that? (https://www.wordsense.eu/unhackable/) Are you seriously now trying to claim you used the word unhackable but that it didn't mean that it couldn't be hacked? You are trying to redefine the English language instead of just admitting your lies? This is laughable.

Except you can, and I linked proof of that happening above.

So the key was on the RAM, and therefore extractable? I thought you just said it wasn't? You are really getting caught up in your own lies here.

If I need you to give me a key to access it, then it's not open source.
 
Another complete lie. Both Ledger and Trezor support unlimited wallets on one device with the use of a passphrase. See: https://support.ledger.com/hc/en-us/articles/115005214529-Advanced-passphrase-security (https://support.ledger.com/hc/en-us/articles/115005214529-Advanced-passphrase-security) and https://wiki.trezor.io/Passphrase (https://wiki.trezor.io/Passphrase).

Only because the entire crypto world has called you out for your repeated lies. You repeated the unhackable nonsense over and over again until you finally realized everyone was laughing at you:
https://twitter.com/TheBitfi/status/1024979075566329856
https://twitter.com/TheBitfi/status/1024552929074839552
https://twitter.com/TheBitfi/status/1025058277552467969
https://twitter.com/TheBitfi/status/1019231065599283200

Add all the points I just made to all the previous points I've made, we must be up to about 20-30 lies in this thread alone, never mind the hundreds on your twitter account.

You made it so specific so you would never have to pay, even when private keys and passphrases were extracted from your device.

So you admit your unhackable wallet has been hacked multiple times?

You literally threatened security researchers - https://twitter.com/matthew_d_green/status/1026432597856006145. No one in their right mind will ever trust you.

And the vast majority haven't sold out and are continuing to expose you for the scam that you are.

Why would an unhackable wallet need to have vulnerabilities addressed? I wonder. ::)

Hi o_e_l_e_o,

It sounds like you are not interested in learning the facts and the truth, rather than thinking objectively you appear to be happy to make assumptions and then assume that these assumptions represent reality. We will, however, respond anyway because it is our duty to educate and correct misleading information in order so that others can get a clear and objective understanding.

1.) "When everyone is calling the bounty a sham because you refuse to pay it, and you are the only ones claiming otherwise, perhaps it might be you who are mistaken? The wallet was hacked (repeatedly). You refused to pay (repeatedly). End of."

How on earth did you determine that the bounty was being called a sham because we were refusing to pay it (even though we were never refusing to pay it & still will gladly pay it to anyone who can demonstrate they achieved the bounty)? It was being called a sham because hackers were not happy with the conditions of the bounty and some thought it was a marketing stunt. Some thought it was a marketing stunt because they questioned how feasible it is to extract information from a device that does not have information. You can see proof of this right here: https://twitter.com/SeanG294/status/1023835288848752642

However, as it turned out, the bounty was not a sham at all because as already described in the above post the private key remained in RAM for some time and so it was extractable. So someone could have achieved this and received the $250,000 payment.

Again, the wallet was hacked and we paid for what we were responsible for according to bounty conditions. You keep repeating that it was hacked multiple times, and we keep agreeing with you. You just don't seem to understand that the $250,000 bounty had certain conditions attached to it (as a bounty from any other tech company) that were not met and never even came close to being met. Would you like further proof?

2.) Yes. You worded the bounty so exactly so you knew you would never have to pay it out, even when someone extracts the passphrase from your device's RAM. How about this one, who gained root access, installed a patched firmware, and your device continued to run, no questions asked. You didn't pay that one either.

Here is the $250,000 bounty again: https://bitfi.com/bounty What in it is not clear? We showed it to many different people, even children and they all can understand the conditions:

- We deposit coins into a Bitfi wallet
- If you successfully extract the coins and empty the wallet, this would be considered a successful hack
- You can then keep the coins and Bitfi will make a payment to you of $250,000
- Please note that we grant anyone who participates in this bounty permission to use all possible attack vectors, including our servers, nodes, and our infrastructure

Can you please explain what part of this is "worded so exactly" that we would never have to pay it? So if someone did extract the coins, we would not have to pay or is it pretty black & white that we would have to pay the $250,000?

3.) Are you sure about that? Are you seriously now trying to claim you used the word unhackable but that it didn't mean that it couldn't be hacked? You are trying to redefine the English language instead of just admitting your lies? This is laughable.

We are not trying to redefine any words and in the above post we did say that the Bitfi device was hacked, multiple times. You are completely ignoring the point where we explain that we were trying to describe Bitfi technology that does not store any private keys and therefore it is impossible to steal funds. In other words, if the device is hacked, there would be nothing to take. Its a completely new way of securing digital assets and its not always easy to explain. In any case, we dropped the word "unhackable" from our branding and it hasn't been used for a long time.

4.) Except you can, and I linked proof of that happening above.

No you cannot. You were able to last year. We stated several times already in our replies that we are shipping the DMA-2 which is a totally different product than what you saw in the hacking demonstrations. It cannot be done now, as already described, since our engineers addressed all discovered vulnerabilities.

5.) If I need you to give me a key to access it, then it's not open source.

Everyone gets a private key so long as they are a developer and every Bitfi user has a private key. No developer is denied a private key. So yes, it is completely open.

6.) Another complete lie. Both Ledger and Trezor support unlimited wallets on one device with the use of a passphrase. See: https://support.ledger.com/hc/en-us/articles/115005214529-Advanced-passphrase-security and https://wiki.trezor.io/Passphrase.

You didn't understand the content in the 2 links you provided. Both pages describe how you can set an additional password (for advanced users) on top of your 24 word seed. In the case of you being tortured you will give up that password and all your crypto will be gone. Again, we repeat, Bitfi is the ONLY wallet that can give you protection from this kind of attack and neither Ledger nor Trezor allow you to have multiple wallets on one device.

7.) Only because the entire crypto world has called you out for your repeated lies. You repeated the unhackable nonsense over and over again until you finally realized everyone was laughing at you.

Why would we want to create tension and bickering in the crypto community if our mission is to drive adoption and innovation? If the word "unhackable" made people in the cyber security community angry it would be foolish to keep using it.

8.) Add all the points I just made to all the previous points I've made, we must be up to about 20-30 lies in this thread alone, never mind the hundreds on your twitter account.

Can you point out one specific lie? You are saying 20 - 30, but we don't see them. We are asking for your help to identify the lies so we can remove them from our website and other materials. Don't you want your fellow crypto users to have access to accurate information? This isn't about Bitfi, but about the thousands of people who use it. Please help these innocent people by just identifying a few specific lies so we can fix them immediately.

9.) You literally threatened security researchers - https://twitter.com/matthew_d_green/status/1026432597856006145. No one in their right mind will ever trust you.

This was taken completely out of context as the hackers wanted to do anything they could to mislead and confuse the public about Bitfi. Even thought all this was conveniently deleted, the archive still exists: http://archive.is/Svbt7#selection-713.1-713.161

It is clear that our threat was due to their use of our logo smeared in diarrhea and posting it all over Twitter and in no way shape or form was anyone being threatened over the attempted hacks.

10.) And the vast majority haven't sold out and are continuing to expose you for the scam that you are.

Please clarify what part of us is a scam so we can fix it. A scam is a fraud in which one is misleading people in order to steal their money. With Bitfi when a customer places an order they receive the wallet and are provided with both email and phone technical support. Not a single Bitfi user ever has lost funds and we have users with $50m or more in a single Bitfi Wallet and they too have never lost a dime. We are open to constructive feedback on how to end the scam that you claim.

I'm getting really bored of going round in circles while you simply deny provable facts. For anyone else interested, just search Google, Reddit or Twitter for "bitfi bounty" or "bitfi hack", and read the screeds and screeds of articles and posts which confirm everything I say.

https://rya.nc/bitfi-wallet.html
You made arbitrary conditions so you knew you would never have to pay out. You even tried to justify that with nonsense tweets such as this one: https://twitter.com/TheBitfi/status/1024930630293970944. Someone roots your device, gains full read/write access, and you say it doesn't count because "once someone installs something into that system it will no longer be a Bitfi wallet". This is utterly laughable. Did you know Windows is immune to viruses because once there is a virus installed then it is no longer Windows? My car is immune to damage because once it has been damaged it is no longer my car.


This is, yet again, simply not true. I have posted proof above that passphrases can be extracted from the device. I have posted proof that root access can be obtained, allowing a keylogger or similar to be installed and steal the passphrase. Just because it doesn't store private keys doesn't mean the funds can't be extracted when it is this easy to extract the passphrase.


Both Ledger and Trezor allow you to have as many different wallets protected by as many different passphrases as you want on a single device at the same time. There are literally thousands of users using this set up right now. I've been using this set up since before your awful brain wallet even existed. To claim otherwise is just showing just how ignorant of good crypto security you are.

I usually dont like jumping into discussions like this but I do want to provide my 2 cents on this message. This message does show that Bitfi (or atleast you) have not used ledger, trezor, keepkey, or similar devices that have a seed along with an additional passphrase, or probably have but just being plain ignorant. Using an additional passphrase will allow one to have multiple wallets all while still remaining protected. Such a thing is not stored on a device thus if someone were to extract the seed from any of those devices, as long as no coins are stored along with the seed itself, nothing is lost. If there is, you only lose whats there but nothing stored with an additional passphrase. Heck, I even use it to have different wallets for different things as if its multiple bank accounts for personal and business use and I trust that more than I would trust bitfi. Heck, I dont even like ledger after what they did with ledger blue but I would prefer that over bitfi honestly.

I would seriously suggest that Bitfi should take their heads out of whatever hole it is stuck in and start doing real research if you all expect to have a good reputation. The "unhackable" claim couldve lead to lawsuits for false advertisement (and honestly surprised there was no class action after the stunt that was pulled after being called out about the issues noted with the device). Speak and operate from a realistic point of view especially if you want the business to survive.

Wow.

Not sure if this is a troll post or for real  ???  ???


To anyone reading this and wondering:

The bitfi wallet is probably the least secure wallet in history of BTC. Even android / iOS mobile wallets are more secure than this crap.

Better invest your money into a real hardware wallet or buy more BTC and store them on your mobile. But never use a brainwallet (like bitfi is).

It has been repeatedly proven that this wallet is unsecure and not worth a single penny. Don't listen to empty promises, do your own research.

This is exactly correct. To claim that Ledger doesn't allow multiple wallets on one device, when I have a Ledger Nano S sitting two feet away from me which has multiple wallets on it, is either a deliberate lie designed to fool potential buyers, or phenomenal ignorance of the basics of hardware wallets. Either way, I wouldn't trust someone who makes such a nonsense statement.

In before a reply saying that their brain wallet isn't a brain wallet because it isn't on a computer or some other nonsense reason.

Hi Random8543,

You don't seem to understand Bitfi's security model. Bitfi does not have any private keys. Therefore extraction is not possible. On the other hand all cold storage wallets make it very easy to extract all your money should they be physically seized, lost or stolen. Here the CTO of Ledger himself admits that it is trivial to extract all your private keys: https://twitter.com/xtcc18/status/1109621986123284480

We are extremely aware of all the wallets you mention. However, we believe that you haven't taken the time to understand how Bitfi works.

Thanks for the opportunity to respond.

---

Hi Bob,

This is demonstrably wrong. Bitfi is the most secure wallet because it doesn't even have private keys. Please explain how something could be more secure than such a system where you don't even have anything to steal or extract?

First, we can prove every single one of the claims that we make.

Second, if you want to make an informed opinion rather than just a random angry post like "Bitfi sucks" please see our open source resources at https://bitfi.dev this is a completely open and transparent system that allows all developers in the world to participate, view the code, and see how every feature works.

Try to keep an open mind rather than spreading misleading information.

Thank you,

---

Hi o_e_l_e_o,

You don't seem to understand some crucial differences. The cold storage hardware wallets store all of your private keys and therefore they are device dependent wallets. Bitfi is not device dependent, it has no private keys (its a private key generator) and therefore you can have an unlimited number of wallets with one device (you can have 1000 if you like) and even share one device among multiple users. So long as the users don't know each other's salt & phrase, no one can access anyone's wallet but their own with their salt & phrase.

You were talking about a torture situation. In this case the hidden account with the 25th word is not that much protection. An attacker who is knowledgable about cryptocurrency will surely demand the hidden account as it is a common feature and they will especially demand it if they know anything about you.

With Bitfi, it is literally impossible to know or suspect if any other wallets exist or have been created with the device. It is true plausible deniability. This is a crucial difference in this kind of situation.

Yesterday we spoke about open source and our open source system is now live and we invite you to come and use it, if you are interested in understanding Bitfi technology better: https://bitfi.dev

Again, you may decide that Bitfi is totally not for you. Thats fine. But at this moment, you do not know enough about this technology to make a truly informed decision.

Finally, yes, the Bitfi wallet does allow you to store millions of dollars, thousands of coins and tokens, and terabytes of data in your brain by knowing a single phrase. Walking around with that in your brain sounds almost like science fiction, except its real. But this is optional and you do not have to use Bitfi this way. It is not a brain wallet for many reasons, but it does give you the best of what a brain wallet can offer should you choose to use it that way.

Thanks,

Bitfi Team

---

There is not much more we can say. You are saying our device was hacked, and we are saying yet it was. No disagreement there.

But then you start saying that it was hacked in a way that entitles hackers to $250,000 and that the rules are not clear, please explain what is not clear in these rules: https://bitfi.com/bounty

Just because some hacker is complaining about the bounty rules (perhaps because they wish it was easier) does not mean the rules are not clear or should have been changed. We were clearly simulating a situation where a wallet is stolen from a user and then to test if its possible to steal the user's funds. In this bounty we were not testing to see if a device can be modified without your knowledge and then you use it next time and it gives your information to attacker, that was being tested in this bounty: https://bitfi.com/bounty2

Now you are saying again that passphrases can be extracted from device, even though we already told you nearly half a dozen times that they cannot. This is the equivalent of us taking this article from 2017: https://medium.com/@Zero404Cool/trezor-security-glitches-reveal-your-private-keys-761eeab03ff8 and using it as proof that ST32F05 chip on Trezor is vulnerable to fault injection. But don't you think that maybe Trezor fixed this or did something about this since 2017?

The memory management and the forensic testing method was disclosed here: https://twitter.com/TheBitfi/status/1054884530199449600

Anyone with advanced tech knowledge can use the same or similar method to attempt extraction to see for themselves. The private key, salt, and phrase are all not detectable at all after a transaction. We have a lot more technical resources coming that scientifically prove all claims being made by Bitfi.

We are really not here to bicker with anyone but rather to collaborate. We probably won't be the only hardware wallet in the world and consumers will always have choices just as they do with smartphones. Some think the iPhone is best and others think that Samsung is best. This argument about which is best will likely never end.

All we want is collaboration and stimulating discussion. We are trying to contribute to the space and actively educate people on Bitcoin. The enemy is on the outside. We don't need to fight on the inside, which just causes the industry to self destruct. All we ask is that you keep an open mind. Scam accusations are very serious, especially when you consider the emotional impact on the developers who have been putting in blood, sweat, and tears into this project and other projects. We shared some thoughts on this here: https://twitter.com/TheBitfi/status/1113634972840153088

We are not asking you to buy our wallet. And we also don't claim to know everything. In fact there is not a single engineer who knows absolutely every single thing about Bitcoin (including Bitcoin developers themselves), there is always something new to learn and discover. These are very complex systems.

We apologize that the previously used word "unhackable" caused so much anger and frustration and we apologize to you personally. Please just give us an opportunity to collaborate with people in this community and provide them with information or data they may want. We are not trying to do anything else.

Thank you,

 

     @Bitfi  I know that you have many objections to respond to. However, Bitcointalk has a thread bumping rule that does not allow the same poster to post more than once in a row in a 24 hour period. If you have additional thoughts to share, and no one else has posted, you will need to edit your last post and add your additional thoughts. I know that can make your messages a bit on the TLDR side; however, I don't want you to end up having posts deleted if a moderator finds out.

     Now To get back on topic. The main problem with your approach is that in order for this to work, a person has to pick a password and salt that they can remember. The problem with such passwords is that they are easier to crack than the webpage you sent to me seems to suggest.
     You gave me this example of a password to use. Bones261LovesBitcoinTalk.orgFor$Advice. Although the web page that you directed me to suggests it will take many octillion years to crack the passphrase, if someone happens to know a little bit about me, it won't be that hard. If a cracker happens to know that I am bones261 and love bitcointalk, they can try those passphrases that contain my user name and bitcointalk.org. I know that you were only using this as an example, however any phrase that someone is going to be able to reasonably retain in their mind is probably going to be easier to crack if the cracker happens to have some information on you.  I also went to your web page and it recommends that the salt be something like a SSN, email address or phone number. This is a rather bad recommendation in my opinion.

    I realize you can have your dice generator generate 7 random words for you. It may seem easy to remember 7 random words; however we get people coming here quite often who can't even remember one word to access their encrypted wallet. The best thing to do is either write the words down or keep them in a password generator. Also, I am not understanding your argument that if a thief comes across a piece of paper with your passphrase written, that they wouldn't be able to tell that it may be a password to access your coins. If you use a phrase with good entropy, it's going to have some special characters. I'm sure a crafty thief can figure it out.

Please just stop. All you doing is making yourself sound more and more ignorant with every post.

The kind of technology required to extract a private key from a secure element is found in few laboratories around the world, there are few people with kind of knowledge required to utilize said equipment, and it would take months and tens of thousands of dollars to perform. Calling that "trivial" once again only shows your deep lack of knowledge regarding crypto security. This vulnerability applies to any and all microchips around the world, not just those in hardware wallets. It is also completely mitigated by using a passphrase on your Ledger (you know, that thing which you are denying even exists despite thousands of users currently using it).

Your "wallet", on the other hand, had its passphrase extracted by a 15 year old in his bedroom using a desktop computer.


Ooft. I had to double check that for myself. I know these guys don't understand security, but still, the advice they give about setting up your passphrase is some of the worst I have ever seen. They suggest an acceptable phrase is "!Why Is Dan So Crazy About Monero and Mustard?", and as you say, your phone number or email. I'd honestly rather store my private keys in plain text on my desktop computer than in a brain wallet with such poor security.

To be fair... WarpWallet (https://keybase.io/warp) (which put up a 2x 20 BTC(!) bounties for a "simple" 8 char alphanumeric password) suggests using your email address as a "salt"... and as far as I'm aware, neither of those bounties was ever claimed before the expiry date. #devilsAdvocate

But at least WarpWallet admit they're really just a "brainwallet" with extra security! :P


To me, Bitfi simply looks like an implementation of the WarpWallet/Brainwallet methodology on a modified mobile device... this doesn't bother me nearly as much as the attitude displayed to the crypto-analysis community.

From a relatively neutral position (insofar that I don't have any direct affiliation with any hardware wallet manufacturers other than I happen to use them)... it seems to me that rather than just accepting that their device got "pwned", thanking the community for their assistance in highlighting the flaws and then fixing the issues, they appeared to "double-down" on their "unhackable" claims and started trying to use semantics to argue that their device wasn't "hacked".

To try holding onto that claim... and then say:
is just disingenuous  :-\

Additionally, some of the responses on this thread would appear to show some gaps in their knowledge of how competitor's devices actually work...


Just my 0.00000002BTC

All we can say is that you are not interested in learning anything new or having a constructive discussion. Perhaps you are just trolling us. You certainly act as though you know everything and as though we know nothing when this is all we do with a team of engineers all day, every day.

We are now going to gracefully bow out of this discussion because you will always come back with some snide remark with absolutely no concern if it’s true or not, or if it has any bearing on reality.

We will just leave you with this. Ever heard of Cellebrite? Yeah, the same company that helped FBI unlock the iPhone of the San Bernadino terrorist. They charge exactly $2,500 to do data extraction from any device and it takes them minutes, all they need is a court order from law enforcement. If you are naive enough to believe that a $100 toy is going to stop them from getting all your money, then you can keep believing that.

You can go ahead and call them yourself to confirm the above, here is their phone number in USA: 201.848.8552

Have a wonderful evening,

Bitfi Team

If you are naive enough to think hacking an iPhone is equivalent to breaking the encryption on a secure element in a Ledger, I don't know what else to say. This was actually spelt out in by the Ledger CTO in the screenshot you provided in your last post. I guess you didn't understand the difference.

I would kindly suggest that if you do have a "team of engineers" working on this "all day, every day" as you claim, then you choose one of them to take control of your Twitter, Reddit and Bitcointalk accounts. No one is going to take you seriously or buy your device when you consistently demonstrate such a poor understanding of crypto security.

Hi o_e_l_e_o,

This is just getting silly. You continue to claim that you are an expert in security and that we apparently know nothing about security even though we are a manufacturer of a security product.

We never said that breaking into an iPhone is the same as breaking into a Ledger. Right? So why are you speculating that this is what we think?

Actually, it is much easier to break the encryption on a hardware wallet than it is to break into an iPhone, especially one running iOS12.

You are aware that every week law enforcement seizes Bitcoin and other cryptocurrencies in criminal investigations and then later auctions them off (and this is just in the USA). How do you think law enforcement seizes this Bitcoin? You think criminals (or wrongly accused innocent people) just leave their private keys printed out on their desk? No. All this Bitcoin is seized from hardware wallets.

Here is an actual law enforcement guide describing how seizure is made from hardware wallets: http://www.iacpcybercenter.org/wp-content/uploads/2018/03/Bitcoin.pdf - look at pg. 13 - "For an officer seizing the property of a suspect, it is sufficient to secure the hardware wallet and get it into the hands of an IT specialist as soon as possible." And this is just a local law enforcement guide (like sheriff or police) using an internal IT department. Which doesn't even come close to the capabilities of federal agencies like FBI, CIA, and NSA. In addition, an internal IT department of local law enforcement is basically like a garage compared to the labs at Celebrite and other companies in CyberSecurity.

Even teams like wallet.fail are able to extract private keys from both Ledger & Trezor (as they demonstrated just a month ago) and they do not have anything close to the capabilities of the big CyberSecurity firms.

While our engineers indeed don't participate in any social media discussions (if you want to interact with them, go to https://bitfi.dev) we do correspond with them when they have time.

What you are doing is misleading other people in the community and giving them (and yourself) a false sense of security. We never said that cold storage hardware wallets are not secure, they are extremely secure as protection from online attacks, because the private keys are not online. This is exactly what cold storage hardware wallets were designed for and they do it well. All we are saying is that Bitfi is different because it protects users from online and offline attacks. We didn't think the world needed yet another cold storage hardware wallet, there are plenty of good ones. We are pursuing something else.

But if you would instead of trying to mock and ridicule us, tried to actually have a constructive discussion it would be better for the community. That's all we are trying to do.

Bitfi Team

      @Bitfi, I'm not sure about Ledger, but the Trezor doesn't store your private keys. It only stores the seed. If you enable the passphrase function on a Trezor, they may be able to get the seed, but they need the correct password to generate the correct wallet. This passphrase is not stored on the Trezor. In fact, you can have multiple wallets with various amounts of coins. Therefore, your product doesn't have much of an advantage in this situation compared to your competitor. However, enabling a passphrase is only an opt-in only option on Trezor. I suspect many users don't bother with it.

Exactly correct, and by using a passphrase you also completely prevent the advanced laboratory physical attacks on the device that this Bitfi account currently seems to be hung up on. Not that these facts will make any difference to their argument, since according to them, this functionality doesn't even exist (despite it currently being in use by thousands of users):

Hello bones261 & o_e_l_e_o,

You are mistaken. There is a tremendous difference between Bitfi and all other wallets. Again, if we are talking about Trezor it is “cold storage” which means it is literally storing all your access to your money. The Bitfi is storing nothing, extraction is not possible.

Here are things that happened to Trezor in just the last few weeks. And these are proven attacks with method disclosed, not random twitter posts:

https://www.reddit.com/r/TREZOR/comments/aa2dl3/these_guys_just_demonstrated_key_extraction_of/?utm_source=share&utm_medium=ios_app

https://cryptoslate.com/ledger-reveals-five-vulnerabilities-in-competitor-trezors-wallets/

https://blog.adafruit.com/2018/06/07/extracting-the-private-key-from-a-trezor-bitcoin-wallet-with-a-70-oscilloscope/

https://cointelegraph.com/news/trezor-responds-to-ledger-report-on-vulnerabilities-in-its-hardware-wallets

You will notice in the last article Trezor themselves tells you to prevent physical access to your device: As per Trezor, none of them can be exploited remotely, as the attacks described require “physical access to the device, specialized equipment, time, and technical expertise.”

And o_e_l_e_o, when we told you that Bitfi is the only wallet that can protect you in the situation where you are being tortured, you dismissed it as nonsense due to our apparent lack of knowledge about anything security related. Well in the same article Trezor themselves makes a statement: “Furthermore, Trezor noted that a “$5 wrench attack” — a targeted theft when the user is forced by intruders to disclose his password — cannot be prevented by a hardware barrier set by the manufacturer.”

Finally, as you can see in all these articles both Ledger and Trezor have a counterfeiting problem which is particularly severe for Trezor. Bitfi is also the only hardware wallet that is virtually impossible to counterfeit. If you are interested in understanding why, we are happy to explain.

Bitfi Team

@Bitfi

Did you actually read the reddit thread you cite?

From the reddit thread the title is this.


As I posted earlier, if you use a passphrase, the attack can't happen. Also, it appears that the extraction of private keys while the device is calculating them has been corrected over a year ago. Now the device doesn't start the calculation until after the PIN is entered. Furthermore, this wouldn't happen if you used a passphrase anyway, since the calculation of the private keys for the wallet you are using will not begin until after you entered the passphrase.

Now, please advise us exactly how your device is counterfeit proof.

Hi bones261,

That PARTICULAR attack can't happen. They demonstrated one method of extraction. So this method won't work if there is a passphrase. But let's just be realistic here, all stored data in all systems is extractable. The top name in cyber security is Cellebrite but there are many similar firms that are not as well known. They are able to extract data from very sophisticated and highly secure systems that cost thousands if not millions of dollars. Ask yourself, do you really believe that a $100 consumer device that stores data will prevent this data from being extracted?

These are the lengths that people go to in order to keep their private keys secure: https://qz.com/1103310/photos-the-secret-swiss-mountain-bunker-where-millionaires-stash-their-bitcoins/ - an underground military bunker with millions of dollars worth of equipment (they obviously built this monstrosity before Bitfi existed, because Bitfi eliminates the need for this  :)). So if a $100 consumer device makes extraction impossible why would someone go to such trouble and investment to build this bunker to store private keys? And let's say someone creates a $10,000 cold storage wallet with encryption so high that it indeed takes months for a cyber security firm to break into? Well, thats only valid today. Their technology and tools are rapidly evolving and so if its difficult for them now, they will crack it very quickly in a year or two. So if you bought this $10,000 marvel of technology and you some situation (these situations can and do happen) like a coma, or prison, or any other long absence while your device is out there, it will be just a matter of time before it is cracked just like a $100 device today.

So we just took an elegant approach to this whole problem, rather than building more and more encrypted systems to store things that become obsolete over time, steel metal plates, fancy vaults, etc. we just created a device that doesn't store anything at all (except the operating system of course). Its a logical fallacy to think that an attacker (even an attacker with unlimited resources) can extract data that doesn't exist in the first place.

We are not trying to smear other wallets. These cold storage tools were initially created to prevent online hacking. For many people this is adequate. But its important to understand what your wallet can and cannot do. And after you understand it all, you may very well conclude that you don't need a tool like Bitfi. Also, the reason Bitfi technology is this way has to do with our beliefs about society, freedom, and privacy. We believe that no government should be able to seize your money any more than your water or oxygen. We think the government exercises abuse of power and that most governments are corrupt. In addition, surely Satoshi himself intended for Bitcoin to be unseizable and so we created an unseizable wallet which is congruent with the philosophy of Bitcoin and blockchain in general.

Now regarding counterfeiting. The reason that it is easy to counterfeit cold storage wallets like the one you have is because their software is completely open source and so anyone can just make an identical looking device and install this software and then you have a Trezor. The counterfeits are so good that sometimes the manufacturer themselves can't tell them apart from their genuine inventory. So lets say you want to counterfeit 10,000 units. You make 10,000 devices and then install the open source software on all of them and you are done.

With Bitfi however, each device is running a different package. To understand this, we have attached an image of two Bitfi devices side by side:

https://imgur.com/Phiy8tp

As you can see, each Bitfi has a unique Device ID. This means no two Bitfi's are the same. The Device ID is generated from devices internal private key which is stored in TEE. If someone managed to somehow obtain this private key (this private key has nothing to do with any of your funds, its strictly a private key assigned to the device itself), and decided to make 10,000 units (which they could because our code is also completely open source) they would then produce 10,000 Bitfi's which would all have the same Device ID. You are not going to be able to sell those and this is the last thing that a counterfeiter would want to do because all units are going to be returned by a swarm of angry customers.

Thank you,

Bitfi Team 

   Wouldn't the government's courts be able to compel you to give up your passpharse as a condition of your plea deal? I suppose that this only protects you if you are exonerated or are willing to go to trial and risk a more harsh sentence.



Does the device not function properly without a valid device ID? I thought that you assured me earlier that I could still access my coins if your company went defunct and my device is on the fritz. Also, if my device is no longer functioning, am I going to not be able to access my coins until I get a replacement? Furthermore, what is to prevent the counterfeiter from simply making their own user ids and providing instructions to go to their similar looking web page? Also, why would this counterfeiter care about angry customers? If they sold 10000 units, I'm sure they would get a few suckers to steal from and then make a proper exit scam. Furthermore, when I am going to buy a hardware wallet or similar device, I'd prefer to buy this straight from the manufacturer. Buying from anyone else is just asking for trouble.

Hi bones261,

Thank you for asking these thoughtful questions and having a civil discussion with us. Maybe other people will read this and learn a bit about what Bitfi is doing.

1) Wouldn't the government's courts be able to compel you to give up your passpharse as a condition of your plea deal? I suppose that this only protects you if you are exonerated or are willing to go to trial and risk a more harsh sentence.

There are hundreds of governments at country level and millions at state and city level. We are not just considering the conditions in the USA. The bottom line is that Bitfi makes you into your own bank. So what you do is entirely up to you. But what matters is that you have that choice to decide what you will or will not do and what you will or will not agree to. You have the leverage. One of the biggest abuses of power in the United States is that the government puts a freeze on your assets and your close relatives assets (lets say you are a really good person but you imported a container of mangos under the wrong license). The reason they do this is because then you don't have funds to hire an attorney and you are going to get a court appointed clueless lawyer fresh out of law school which pretty much guarantees a win for the government and a long prison sentence.

This is a violation of your Sixth Amendment rights of the US Constitution which states “in all criminal prosecutions, the accused shall enjoy right to have assistance of counsel for his defense.” But this has become nothing more than empty words. Cryptocurrency is so important because it restores people's constitutional rights. Secondly, we often get accused of things like "you are making technology that helps criminals!" Well, all technologies help criminals including encrypted communications, internet, boats, airplanes, etc. If we blocked every technology that helps crime, we would still be riding horses (although it can be argued that even horses can be used in criminal activity).

2) Does the device not function properly without a valid device ID? I thought that you assured me earlier that I could still access my coins if your company went defunct and my device is on the fritz. Also, if my device is no longer functioning, am I going to not be able to access my coins until I get a replacement? Furthermore, what is to prevent the counterfeiter from simply making their own user ids and providing instructions to go to their similar looking web page? Also, why would this counterfeiter care about angry customers? If they sold 10000 units, I'm sure they would get a few suckers to steal from and then make a proper exit scam. Furthermore, when I am going to buy a hardware wallet or similar device, I'd prefer to buy this straight from the manufacturer. Buying from anyone else is just asking for trouble.

It's important to understand that Bitfi is not a storage device. It is a computing device, a private key generator. Therefore it is not a device dependent wallet. The Bitfi device you see in pictures is not the wallet and neither is the Dashboard interface. The wallet is quite literally your salt & phrase. It is irrelevant what happens to your device. The reason each device has a unique ID is because it tells the Dashboard which device to send requests to. It works like this: lets say you want to send some Bitcoin; in your Dashboard you click send and in the send window you enter address you are sending to and the amount (lets say 1 Bitcoin), as soon as you press "submit" your device instantly receives a pop-up asking you for your salt & phrase. When you enter your salt & phrase the device then calculates the private key for that currency, signs with the key, and then transmits the approval to the blockchain. The private key instantly dissapears. So this is the sole purpose of the Device ID. If you had 10,000 devices with the same Device ID then when you do this, all 10,000 would get this pop-up request. It would be unusable and all developers around the world would see it happening immediately. Here you can see on our open source platform, we have a transparent web service which is a real time stream of each devices activity: https://bitfi.dev/NoxMessages/History.aspx?NOXWS=ServiceEvents you can see that each device has a unique public key. So since the platform is open to developers all over the world, everyone would see instantly that there are multiple devices with the same ID being used and then many frustrated users getting pop-up requests they didn't initiate.

If a counterfeiter creates an entire infrastructure to not only make the devices but even the Dashboard the devices work with, then this would not work at all because to log into the Bitfi Dashboard you need to go to https://bitfi.com/knox. So if you are being asked to go to any other URL, its pretty obvious that you are being scammed.

Finally, if no device is available at all you would just use the recovery tools to generate all your private keys with your salt & phrase and then import them into any other wallet. These tools can be downloaded on https://www.btknox.org and many other places. We show here how easily this is done: https://twitter.com/TheBitfi/status/1111434686645960707

So you are not dependent on any device and you are not dependent on Bitfi in any way. You are your own bank. Thanks again,

Bitfi Team

Ask the Electrum devs how good users are at "checking if the URL is correct"... :-\


Do you have (or are you planning to release) Linux and MacOSX versions of the recovery tools? As far as I can see... all that is available is a couple of Windows .exe/.dll binaries?

Also, given these tools are available from "many other places", are these recovery tools digitally signed, or is there any other way to verify that they are legitimate and not malware or fake versions designed to simply steal passphrases+salts?


Except for the fact that you need some executable Windows binaries, developed I assume by Bitfi, to recover your funds should your device be unusable for whatever reason... is that correct?

Hi HCP,

1) Ask the Electrum devs how good users are at "checking if the URL is correct"...

This is true. Ultimately someone will get scammed, especially if they are not careful. We hope that our comments are not misinterpreted to mean that we believe that we have perfect or foolproof systems. Far from it. If we did, we can just send all the engineers home, yet our development is ongoing and only just beginning. But since it is impossible to evaluate a product in a vacuum, competitors products are used as a frame of reference. So to clarify, we are simply saying that it is much more difficult to counterfeit Bitfi compared to other hardware wallets and it is much more difficult for a counterfeiter to sell them. We are not saying it is impossible. It is just not worth the effort for counterfeiters.

2) Do you have (or are you planning to release) Linux and MacOSX versions of the recovery tools? As far as I can see... all that is available is a couple of Windows .exe/.dll binaries? Also, given these tools are available from "many other places", are these recovery tools digitally signed, or is there any other way to verify that they are legitimate and not malware or fake versions designed to simply steal passphrases+salts?

Yes, we will release MacOSX version. Linux not sure, will have to ask. We are sorry for the inconvenience and that it is only available for Windows at this time.

Yes the tools are digitally signed. For instance, The MD5 Hash for ToolV2.exe is: MD f422c50d68b9fe1435892523a6af6580 or SHA256:   1926c3af7566efc4ce8b1405dc71c77e6c699f80e864c41391cefe469f4d3273.

However, even if the tools were not digitally signed, you operate the program offline. If its not running the correct algorithm it just wouldn't generate the correct private key. So the only danger would be that it has malware designed to steal users salt & phrase when they reconnect to the internet. For this reason we have dozens of warnings on this website: https://www.btknox.org


3) Except for the fact that you need some executable Windows binaries, developed I assume by Bitfi, to recover your funds should your device be unusable for whatever reason... is that correct?

We recommend that users download and save a copy of these recovery tools and keep them in many places. And of course thousands of other Bitfi users have done the same. So there will always be a copy out there to generate your private keys should devices not be available. All you ever need is your salt & phrase.  

4) We thought this might be of interest to bones261 & o_e_l_e_o: https://twitter.com/danheld/status/1116326374166364160 People underestimate how many innocent people are affected by this every day and this is what is fueling the development of Bitfi.

Thank you,

Bitfi Team

This is true of all storage methods, including all hardware wallets and also including your brain wallet.

There is literally video evidence I provided higher in this thread of an attacker extracting the passphrase from one of your devices.

This is true of any wallet which isn't a web/exchange wallet, not just Bitfi.

This seems like a pretty big flaw to me. So you are saying it is possible for an attacker with the same Device ID to spam fraudulent requests, and they would all get pushed to my device? So when I try to make a transaction, an attacker with the same Device ID could quickly try to make a different transaction, it would be pushed to my device, and I could end up signing it by mistake?

If this were true at all, phishing sites would simply not exist. You again demonstrate a lack of understanding surrounding basic security and attacks.

Hi o_e_l_e_o,

Good to hear from you again.

1) This is true of all storage methods, including all hardware wallets and also including your brain wallet.

Yes, this is true of all storage methods and all hardware wallets, except Bitfi. First, as already explained Bitfi is not a brain wallet. Here is a brain wallet: https://keybase.io/warp/warp_1.0.9_SHA256_a2067491ab582bde779f4505055807c2479354633a2216b22cf1e92d1a6e4a87.html - as you can see all it does is generate one Bitcoin address, it does not have any way to send coins, it has no way to view your balances, it does not show your transaction history, it does not allow you to sign messages with your private key, it does not lets you store an unlimited number of coins, tokens, and files under a single salt & phrase, and so on. Calling Bitfi a brain wallet, is like saying that a car is just a horse that can go slightly faster.

Second, the Bitfi device is just a private key generator. So it is impossible to know if a user has 10 wallets or even has a wallet at all. Its like finding a Texas Instruments calculator. A thief cannot target you because it is impossible for him to know what you have or don't have. We want to again make it clear that we are not saying our method has reached perfection. Some people, even if they have set proper protections from a wrench attack, if they are easily frightened and have a gun to their head they will panic and give over all the information anyway. But the ones who are a little calmer can give the attacker a wallet they specifically created for this situation so the attacker thinks they cleaned them out. There is just no way to know about any other wallets and it pointless for thief to take the device itself since it has no data.

2) There is literally video evidence I provided higher in this thread of an attacker extracting the passphrase from one of your devices.

First, as we have indicated already several times this vulnerability has been fixed. Second, the passphrase that was extracted was one that the hacker himself set and retrieved in an evil made attack. It works like this: you have a Bitfi Wallet, then some experienced hacker breaks into your house while you are away and then injects the device with code, and then when you use it next he will get your passphrase. This is not the same as taking a wallet you have used previously and then extracting the passphrase. This relies on capturing your passphrase when you use it next (assuming you don't know it has been modified). But again, we can show your hundreds of attacks on the wallets you currently use in the last few years but you won't accept them as evidence that your wallet has these issues because your will rightfully think that probably the manufacturer fixed these vulnerabilities when they were discovered. So why keep saying over and over again that you have proof of something from a year ago? We have same proof of your wallet but a hundred times over. We are not denying that the evidence you presented is real (despite the fact that the person who presented this never disclosed any reproducible method). We are telling you that devices that people are using today, do not have this vulnerability including the people who purchase the very first batch of devices. Why do you keep repeating over and over that this can be done on our wallet because of vulnerability found a year ago? It has been fixed. Really, it has been fixed.

3) This is true of any wallet which isn't a web/exchange wallet, not just Bitfi.

Yes. You are right. We are just trying to take this a bit further. Your current bank can be seized by the government, that much we are sure you understand. Bitfi cannot be seized.

4) This seems like a pretty big flaw to me. So you are saying it is possible for an attacker with the same Device ID to spam fraudulent requests, and they would all get pushed to my device? So when I try to make a transaction, an attacker with the same Device ID could quickly try to make a different transaction, it would be pushed to my device, and I could end up signing it by mistake?

It doesn't work like that at all. If someone pushes a request to your device from their Dashboard (because they know your device ID, which is ok for them to know) your device will receive a pop-up requesting salt & phrase. But the request is for the wallet of the individual that pushed the request (lets say to send 1 BTC), so then the only way for that BTC to go out is for you to sign the request with HIS/HER salt & phrase. And even if you knew this random individuals salt & phrase (which of course you don't) and signed with it, all it would do is send THEIR BTC out, not yours. If you somehow get confused and actually sign that request with your salt & phrase you will get an error because the private key the device would generate is not the correct private key for that persons wallet. In other words, in this whole exercise, nothing you do (even if you are very sloppy and confused) would result in any loss of funds to you.

5) If this were true at all, phishing sites would simply not exist. You again demonstrate a lack of understanding surrounding basic security and attacks.

We think you are twisting words. Obviously what we are saying is that it is a massive undertaking to not only counterfeit the device, but then to also build the entire infrastructure around it so that everything works exactly the same, all in the hopes that some very clueless person goes to a different URL and actually sets up this fake wallet and uses it. Phishing attempts are looking for a quick way to scam someone. Like gain access to some account on some website. Because its easy, inexpensive, and you can target many people at the same time. But to set up the entire infrastructure, manufacture an identical device, make it work in an identical way, basically spend millions of dollars on development then set-up distribution for people to buy this device all in the hopes that a few individuals get duped into creating their wallet on the wrong URL is far fetched. We are not saying it's impossible. But its about as likely to happen as Craig Wright admitting he is not Satoshi Nakamoto.

You are still wrong here. Bitfi is just as vulnerable as any other hardware wallet. I don't know how many other ways I can try to explain this.

This is true of Ledger and Trezor devices as well. Owning a Ledger/Trezor doesn't guarantee a wallet is on it, and with the use of passphrases, I could have 100 different wallets on the same Ledger/Trezor at the same time.

Again, this is true of Ledger and Trezor.

I honestly cant fathom why you keep claiming Bitfi is the only device with this functionality, when both Ledger and Trezor had this functionality before your device even existed.

1) You are still wrong here. Bitfi is just as vulnerable as any other hardware wallet. I don't know how many other ways I can try to explain this.

Well all the ways you have explained so far have been false because you are using vulnerability from a year ago to demonstrate your point. But how is it just as vulnerable now? Let’s assume for a moment, if you are willing to keep an open mind, that we are not lying about fixing those vulnerabilities. Then what specifically would you point out that makes it just as vulnerable?

2) This is true of Ledger and Trezor devices as well. Owning a Ledger/Trezor doesn't guarantee a wallet is on it, and with the use of passphrases, I could have 100 different wallets on the same Ledger/Trezor at the same time.

We already discussed the 25th passphrase option at length. There is just a lot more to it. One of the wallets you cite the 25th word or phrase is entered into a computer (where it’s acting like a hot wallet on top of a cold storage wallet) and in the second device the 25th word is auto generated and on device itself making it accessible via a second pin code. And there is much more to take into consideration. We are not here to trash other wallets. We think that these cold storage device and the companies behind them are doing a wonderful job with their specific solution. We are providing an entirely different technology. We are not asking you to use the Bitfi Wallet. But it would be nice to engage in constructive discussion where we both learn something (we don’t know everything, obviously). There is a lot more to security than just what we are discussing here.

3) I honestly cant fathom why you keep claiming Bitfi is the only device with this functionality, when both Ledger and Trezor had this functionality before your device even existed.

Please note that the Bitfi device does not have any data at all. No seed, no private keys, nothing to ever recover, nothing to ever download or install, and many other things. The security mechanism of Bitfi is also completely different. It may not be for you. Not everyone has an iPhone. It’s a good product but some people just love their Blackberry.

I was referring to a $5 wrench attack. Every wallet, every hardware wallet, every brain wallet, is vulnerable to a $5 wrench attack, yours included. Using multiple passphrases like you can on a Ledger or Trezor can help to mitigate it, but your wallet is not invulnerable to it as you claim.

Again, that's not accurate. On my Ledger I choose my passphrase myself, it is not stored on the device, I only enter it in to the device and not a computer, and I don't use a second PIN code. I have multiple passphrases unlocking multiple wallets.

We understand what you are saying. But we are not sure if you understand what we are trying to say. This sheds some light on the issues we have been discussing: https://ciphertrace.com/ledger-bitcoin-wallet-hacked/

This says nothing about the points you have been making, namely that Bitfi is immune to a $5 wrench attack and the only wallet that can store multiple wallets at once, neither of which are true.

That article simply documents a supply chain attack on Ledger. All wallets, yours included, are vulnerable to supply chain attacks. Ledger have long ago addressed this (https://www.ledger.com/2018/03/20/firmware-1-4-deep-dive-security-fixes/), showing that private keys were never at risk, and patching the exploit regardless.

o_e_l_e_o, please..  don't feed the troll.

The majority of this community knows what 'kind of wallet' the bitfi wallet is.
Only newbies without much information and people who want to find another vulnerabilities are going to buy a bitfi wallet.

Here is not the right place to inform newbies about why this wallet is one of the worst possible ideas to be used for crypto.


They are obviously not capable of understanding (or ignoring) each logic argument.
They will never admit that their wallet is broken by design (and additionally implemented badly). It is just a waste of time.

I know you are right, but I would hate for all their nonsense to go uncorrected and even one newbie lose their funds to this device. When they open the thread with phrases like "stealing from it [is] impossible" and it "surpasses all other hardware wallets", it is obvious they are targeting newbies who don't know any better. It is obviously false to the majority of the community, as you say, but the majority of the community is not their target audience.

Hi Bob123,

The definition of a troll is: “a person who makes a deliberately offensive or provocative online post.”

When we have taken to the time to patiently answer every comment & question.

1) Please advise what logical argument are we not understanding or ignoring?

2) So your logic is, that a wallet that contains no private keys and therefore cannot be seized even by the NSA is a one of the worst possible ideas in crypto?

If that’s your logic then ok.

Thanks,

Bitfi Team

I see no reason in debating with you. All you do is trying to make your wallet looking good. No matter what we say

The real question is whether you are REALLY believing that shit you are saying, or whether you just want your wallet to look good.



You do not understand that the whole concept of the bitfi wallet is trash.




The 'key' to your BTC has to be stored somewhere.
It is better to store them on a device, than in your own head (= brainwallet).

Brainwallets are bad. This is a fact.
There is 0 sense in using a bitfi wallet if you are going to store coins on a brain wallet. Might as well use free software instead.

Quite funny that people still were able to extract private keys from a bitfi  ::)
They can't extract private keys from a 'software brain wallet'...

So YOUR brain wallet is even worse than a standard brain wallet. Congratulations.


This was my last post in this thread. You are obviously just making provocative online posts. Call it trolling or not.

Oh boy I worked me through this thread and I don´t know what to think of all the posters attacking Bitfi with such a passion and wonder what their real drive is.
Come to the point guys.

As far as I understood there was NOBODY that did empty the delivered wallet, is that fact or not? Don´t come with the "but I got root-access sh..." that was clearly not the part of the deal.
If somebody found out that the device RAM was readable than he should just do the transaction and got the 250k.

So we have hackers who clearly can´t read bounty rules because they where only able to do sh... after modifing the device and then trace the RAM, but still the stored coins could not be extracted right?

On the other hand we have a company who did lean a bit to much out of the window, not knowing that the device RAM did store their private keys for some time.
I guess they did fix that with an firmware update for the first generation and on the getgo with the second generation.

To me, both claims are somekind of wrong, but in the end, Bitfi was more right, their claim could not be broken.
The product needed some more "optimization" as we learned and they delivered on that.

What else should be answered:
Who did found the weakness first????
Hacker of the bounty? Then this person might "deserve" a reward for saving Bitfis ass, this could have ended in a big scandale many years later.
It simply would be a nice gesture of Bitfi, with the help of the bounty they where able to optimize their product.

Fix was implemented, has since then anybody came out proving they are able to move coins out???
Was someone able to root-hack, modify device and trace the RAM again???

Is the device still rootable?
The device is branded with a unique ID great, but how can I be 100% sure the firmware was not modified?
Is there somekind of an online check today where we can see and be sure that the device was not modified on the way or anytime later.
In the past hackers did modify with root-access and the Bitfi Dashboard didn´t even detected that. Is it even possible to protect yourself from that
or is this technically not possible? Would be bad if not, the integrity of the device is super important.

All in all I would say this is great alternative on the market. I´m using both trezor and ledger at the moment and as far as I know, using the trezor with extra 25th phrase is as secure
as you can get. I´m not scared about losing my fund on them. So I´m not in a hurry to buy an Bitfi but in the next few month I think I will buy one.

The real drive is we don't want newbies who don't know any better to be ripped off by buying a glorified brain wallet and end up losing all their hard earned bitcoin.

The only reason the bounty wasn't awarded is because Bitfi kept changing the goal posts and then cancelling it all together so they didn't have to pay out. The conditions were met several times by different people. They managed to extract the seed in plain text from the device, meaning all coins can be instantly stolen. Bitfi's claim was their wallet was "unhackable". I'm pretty sure extracting the seed counts as being hacked.

Even forgetting how horribly insecure their device is, even forgetting it had been hacked wide open multiple times, even forgetting the seed is extractable, even forgetting you can gain root access and install custom firmware; even forgetting all that, at the end of the day, it's still a brain wallet. Brain wallets are even worse than web wallets on the scale of "good security".

Buy one if you want, but realise that your funds are at constant risk of being stolen, and there is literally nothing it does that cannot be achieved more securely and for free with some freely available and open source software.

I´m not sure if I agree with you 100%, you focusing to much on the bounty IMO

The hackers were able to hack into the firmware, modified the whole device and only then do a transaction and tracing the seed out of the RAM as long as it was there in using a security whole in the device.
Am I wrong with that? They did not get into anything that already was on the device, didn´t do a withdrawl of the original transfered coins.
To me this is totally fine with the bounty rules. If they said, buy a new one, load it up with your coins yourself and try to hack it, that would be a different story, then they would have
lost the bounty.

Is it OK to not reward the bounty hackers with something after there experts didn´t find that RAM problem themself and actually produce the first Bitfi? Or did they find out themself???
I think rewards should get paid out if it can be proven. There was something paid so don´t know for what and if that front is cleared or not, lost overview with that  :o

So as I said before, we have 2 parties who are not 100% right or wrong. Doesn´t Bitfi have the right to correct themself even if they had a big mouth?

- I´m with you that a security device at first should not be hackable that easy and get root-access on top of that -- is this fixed? I don´t think so, is it feasible at all? I don´t know!
- Nothing in the device should store anything from a past transaction -- that was fixed, can anybody prove it is not so? That would solve the most important big problem IMO
- The Dashboard did not detect that the device was modified -- is a fix feasible? I don´t know, but this is a problem every device has and SURELY I WANT THEM ALL TO FIX THAT.
 
If your device can´t be 100% secured from a root-hack, your software/portal/dashboard, whatever !!! HAS TO DETECT THAT AND WORN YOU THAT THE DEVICE WAS COMPROMISED !!!
I don´t care how they do it but without that safety of our funds are at risk. You know how I shit myself when Komodo had their problem with the Agama Wallet? I sick of all that nonsense.
If I can´t be 100% sure that my device is 100% as the manufacturer produced it how secure can I feel then?

Is this wallet better or worst than nano ledger s?  Is there a reason why anyone would use any wallet besides trezor or nano ledger?

Read the thread.

Short summary:

• It is just a brainwallet, and we all know how bad brainwallets are..
• It had tons of vulnerabilities (no clue about the current state, but wouldn't expect it to be better now)
• The company is doing shady stuff
• It is just a brainwallet.

I think you can answer the question, whether it is better or worse than a regular hardware wallet, yourself.


P.s. Even a webwallet is more secure than this crap.

Vertbase and Digibyte are happy with the security Bitfi has TODAY, so I guess I will buy one, split my coins over trezor, ledger and bitfi