Bitfi wallet - most user-friendly functionality, does not store private keys

[TheBitfi]

The Bitfi hardware wallet is a revolutionary blockchain hardware wallet capable of securing any digital asset without having to store a single thing. The device has been designed with one of the most sophisticated approaches to security while maintaining an intuitive and ease-of use interface.

The device is not a storage device, rather it works as a private key generator that calculates your private key which comes into existence for less than a second during a transaction. By generating a private key at the time of a transaction and storing nothing, Bitfi surpasses the security of all other hardware wallets. This makes stealing from it impossible. You cannot steal what isn't there.

Due to a significant amount unconfirmed media reporting and unverified claims there is a controversy surrounding our wallet which has resulted in very few people understanding the difference between the new Bitfi technology and other wallets and methods of securing digital assets. The controversy was triggered over the use of the word "unhackable" by John McAfee when Bitfi was first introduced.

To clarify our position on this matter, we would like to state for the record that we agree all electronic devices (or anything man-made) can be hacked, modified, taken apart, or altered. Bitfi took a security approach with this consideration in mind. The device was designed in such a way that should it ever be "hacked" - there is nothing to take. The device is always empty. Furthermore, John McAfee was not involved with the development or operations of Bitfi, and has no ownership in the company. However, he is an advocate of the use of Bitfi as he himself and his company, Team McAfee, use the Bitfi wallet. While he understands anything is hackable, his excitement comes from the innovation of never requiring the storage of private keys or data on the Bitfi device.

The word "unhackable" caused a significant amount of tension within the cyber security community and confusion in the market place and for that, we apologize. Our intention was to push a dialogue of what security means in the cryptocurrency community. Our goal is to have productive and open collaboration so that we may have the opportunity to clear up any misconceptions or questions surrounding the Bitfi wallet.


We welcome the opportunity to field any comments and questions you may have about our security, our approach and where we are heading in the future.


Twitter: @TheBitfi
Instagram: @TheBitfi
Facebook: @TheBitfi
Youtube: https://www.youtube.com/channel/UCIJXmTcPSUVW1I8PU05ZBbA

Our Youtube channel offers wallet tutorials in English, Korean, Japanese, German, and Portuguese.

[o_e_l_e_o]

Give it a rest.

The Bitfi wallet was repeatedly hacked, to the extent of having the coins stolen from the device: https://techcrunch.com/2018/08/30/john-mcafees-unhackable-bitfi-wallet-got-hacked-again/

In response to this hack, instead of paying the bounty like you should have done, you cancelled the bounty program and insulted and attacked the researchers who you should have been paying $250,000.

Even ignoring all of that, all Bitfi is is a glorified brain wallet, which is probably the single worst way to store your coins. No serious crypto user would ever purchase this wallet.

[TheBitfi]

Hi o_e_l_e_o,

There is a lot of misconception & false rumors going around regarding this. The fact is, we pay all of our obligations and all of our bounties. If we didn't who would take our bounties seriously? Regarding the hacks pertaining to the older model (before DMA-2) you are talking about, this was posted a long time ago: https://twitter.com/TheBitfi/status/1038339727961800704 and just 2 days ago we paid out the Jelurida challenge within 1 hour of them requesting payment: https://twitter.com/TheBitfi/status/1114618673061351426 So yes, we do pay everyone and we pay all of our obligations. We hope this clears up any confusion regarding this.

The article posted by TechCrunch is false and we will be definitely working on getting them to update it. Its false, starting with the title. For example, it is not "John McAfee's wallet" and never was. He has nothing to do with this company other than using the wallet himself and recommending it to his followers. TechCrunch could have easily reached out to us to confirm this, but they didn't bother.

Coins were never stolen from the device according to the bounty and this is provable fact. If you would like to dig further, we are happy to supply you with evidence that this did not happen.

Secondly, this is not like a brain wallet at all. First, lets imagine that you are storing 30 different digital assets and just for Bitcoin you have 15 different addresses. If you had been using a brain wallet, you would have to remember 45 different salts & phrases, which is completely impractical and unusable. With Bitfi, a single salt & phrase generates the correct private key for any currency or asset, and it can be an unlimited amount of currencies.

Then, a brain wallet has major security issues in creating the salt & phrase as it is done in a computer environment and then when you need to translate the salt & phrase back into a private key you have to do it in a computer environment again which can expose your private key. The other problem is that once you have imported that private key into some wallet, its no longer safe and you have to empty the entire balance and transfer it to a new brain wallet. Not to mention that you don't even know if the software you are using to create the brain wallet is safe and it is certainly not suitable for ordinary people who are not tech savvy (while our mission is mass adoption). With Bitfi, you never type your salt & phrase into a computer environment and the device never interfaces or connects with the computer environment or with any consumer device at all.

The point of all this is that Bitcoin was intended to be unseizable, but it can be seized from any wallet because they contain private keys. The only wallet that is congruent with the philosophy of Bitcoin is Bitfi because it is the only wallet that cannot be seized for one simple reason that you cannot steal what doesn't exist.

We thank you for the opportunity to respond to your comments and would welcome any other comments or questions.

Bitfi Team

[o_e_l_e_o]

The fact is, we pay all of our obligations and all of our bounties. If we didn't who would take our bounties seriously?

Except you don't. You came out with some nonsense excuse about how their hack didn't exactly meet your criteria, insulted them on twitter, and shut down your $250,000 bounty reward program. Until you publicly apologize and pay the $250,000 you owe, no one will take you seriously.

For example, it is not "John McAfee's wallet" and never was. He has nothing to do with this company other than using the wallet himself and recommending it to his followers.

You might want to tell that to McAfee. He seems to think it's his product: https://twitter.com/officialmcafee/status/1018933263107330049. You might also want to back off from the nonsense claim that the word "unhackable" was only used by McAfee since you had it plastered all over your website: https://web.archive.org/web/20180731202155/https://bitfi.com/

Secondly, this is not like a brain wallet at all. First, lets imagine that you are storing 30 different digital assets and just for Bitcoin you have 15 different addresses. If you had been using a brain wallet, you would have to remember 45 different salts & phrases, which is completely impractical and unusable. With Bitfi, a single salt & phrase generates the correct private key for any currency or asset, and it can be an unlimited amount of currencies.

Yeah, that's still a brain wallet, regardless of how many private keys you derive from the phrase.

Then, a brain wallet has major security issues in creating the salt & phrase as it is done in a computer environment and then when you need to translate the salt & phrase back into a private key you have to do it in a computer environment again which can expose your private key.

You are asking people to enter their phrase into, and therefore trust, your provably insecure and hackable wallet rather than their own potentially airgapped and encrypted computer. If for some reason I was forced to use a brain wallet, I know which one I would choose.

Not to mention that you don't even know if the software you are using to create the brain wallet is safe

And we are supposed to take you on your word that your wallet is safe, since it's not open source?

The only wallet that is congruent with the philosophy of Bitcoin is Bitfi because it is the only wallet that cannot be seized for one simple reason that you cannot steal what doesn't exist.

Except the hacks I linked to before show that this isn't true. And a $5 wrench attack will quite easily lead to you losing your coins.

Maybe if you stopped making claims that are demonstrably untrue, people might be more willing to take you seriously.

[TheBitfi]

Hi o_e_l_e_o,

If you don't mind we have some more thoughts on your comments:

"Except you don't. You came out with some nonsense excuse about how their hack didn't exactly meet your criteria, insulted them on twitter, and shut down your $250,000 bounty reward program. Until you publicly apologize and pay the $250,000 you owe, no one will take you seriously."

The text for that bounty is still up and you can read it: https://bitfi.com/bounty Please explain who, how, or where the conditions for this Bounty were met and we will make the $250,000 payment immediately. What is the nonsense excuse? Are the rules stipulated in this bounty not clear or hard to understand? We genuinely want to pay out this bounty to anyone who achieved it, but we are not aware of anyone who achieved it. Please help us find someone who did this and as stated above payment will be made immediately.

Regarding, the claim "unhackable" please read the first FAQ on our website. It explains our position on what happened and why it was used.

It is a private key generator. Yes, it can be used to store everything in your brain with a single phrase. The only reason its wrong to refer to it as a brain wallet is because it has dozens of important differences with brain wallets and executed in a very different way. Calling it a brain wallet creates confusion. To be able to walk around with hundreds of different coins and tokens in your brain & potentially millions of dollars (and soon terabytes of data and many other things) is very exciting. Sounds almost like science fiction, except its real.

We have created our own custom system that allows all developers in the world to participate in reviewing and contributing to Bitfi code which is going live in 2 days, this announcement was made here: https://twitter.com/TheBitfi/status/1110744867951513600. We made it so that each developer will have their own private key, rather than using GitHub so that you know each post is made by the person who they claim to be. All users and developers can interact through this system and review code before it goes to device. In addition, we have already done forensic testing and revealed methods that anyone can use to verify for themselves that indeed the private keys don't exist on this device: https://twitter.com/TheBitfi/status/1054884530199449600

Please describe how a $5 wrench attack will lead to loss of coins? We would be very interested in your feedback.

The vulnerabilities discovered now almost year ago were on the first version of device and we are now shipping DMA-2 which had all potential vulnerabilities fixed.

Finally, can you please tell us which claims we are making at this time that are demonstrably untrue and we will immediately remove them.

We understand and appreciate why you are skeptical. All we are asking is that you monitor the facts and data that is being released over the next few weeks so you can make a decision based on fact and not rumor. You may decide that its absolutely not for you or you might realize that this is a tool you can benefit from. We are not asking for anything other than an open mind and collaboration. We are doing all we can to contribute to the cryptocurrency community, not to take anything away from it.

Thanks again.

Bitfi Team

[bones261]

     Unfortunately, in order to ensure that this password is only stored in a person's mind, that person needs to pick a passphrase that is easy to remember. Otherwise, if that person forgets, that person will not be able to access the coins. Unfortunately, phrases that are easy to remember are also easy to brute force. If a person picks a sufficiently difficult passphrase, they would have to write it down. Then it would no longer only reside in their mind and would be subject to confiscation/theft. Also, since your code is closed source, what happens if your company becomes defunct? In such an event will the person's device still be able to operate, if the website that they are supposed to interact with goes down? If it will still be able to function and the device itself becomes broken, will the person have to hope to somehow find a working device in order to access their coins? Also, what if the device owner becomes deceased or suffers an injury/illness that severely impairs their memory. In order to ensure their coins can still be accessed by their estate in such an event, they will either have to share their passphrase with a trusted individual or they would have to write it down and keep the piece of paper secure. Once again, the phrase no longer only existing in one's mind. The trusted individual can betray them or the piece of paper can be confiscated/subject to theft.

[TheBitfi]

Hi bones261,

You make excellent points and we would like a chance to comment on them to clarify these issues.

First, there are two ways to set a passphrase for your Bitfi. One is a totally custom phrase and the second is a phrase using Diceware (please see: https://theintercept.com/2015/03/26/passphrases-can-memorize-attackers-cant-guess/). The Bitfi device comes included with a physical die that you will roll for perfect analogue randomness to choose words out of a Diceware word list. With this method only 7 words are needed. You might think that 24 words as used in ordinary hardware wallet must have higher entropy than 7 words, but its actually the opposite. This article here does a decent job explaining why these 7 words on Bitfi give more protection than 24 words: https://medium.com/@surprisedwarrior/the-art-of-mnemonics-90fa439c76f3

The Bitfi Wallet requires two passwords a salt & your passphrase. But lets say you use a completely custom phrase like Bones261LovesBitcoinTalk.orgFor$Advice. If you want to see how long it would take a computer to crack this phrase, please use the following tool: hsim.pw or https://howsecureismypassword.net

Once you get the time involved, please note that should your phrase be cracked, it is still useless without the salt. The attacker can't even know if he/she cracked your phrase or not because they have no way to test it without knowing the salt. However, we want to also point out that there is still a significant advantage if you decide not to memorize your salt & phrase (this is only optional) and instead write it down. Here is why - if someone breaks into your house (or it could just be your babysitter) and they find 24 words they know instantly they just found a wallet, but if they find Bones261LovesBitcoinTalk.orgFor$Advice they are unlikely to think this is access to a wallet because its completely non-standardized and just a random phrase that can be anything. And again, should they manage to figure out that its access to a wallet, still useless without the salt.

Finally what happens if Bitfi disappears (for example, the government shuts us down for making a wallet they can't ever extract money from)? That would be no problem whatsoever and as long as you know your salt & phrase your money is always safe. The private key recovery tools are all on https://www.btknox.org and many copies have already circulated all over the internet. Here we demonstrate how easy it is to recover all your money in case Bitfi disappears: https://twitter.com/TheBitfi/status/1111434686645960707 It literally takes less than a minute to generate all your private keys and import them into another wallet.

Thank you for opportunity to respond to your comments and we would be delighted to see any other comments or questions from you.

Bitfi Team

[o_e_l_e_o]

The text for that bounty is still up and you can read it: https://bitfi.com/bounty

You closed the old bounty without paying. Launching a second bounty (which you also won't pay) is not the same. Here is where you tweeted about cancelling your bounty program: https://twitter.com/TheBitfi/status/1035279307617259523.

Please explain who, how, or where the conditions for this Bounty were met and we will make the $250,000 payment immediately.

https://twitter.com/saleemrash1d/status/1035269363903946755 - he cold booted the wallet and extracted the previously used passphrase from RAM, which allows him to steal every single coin stored on the device. You refused to pay.

Regarding, the claim "unhackable" please read the first FAQ on our website. It explains our position on what happened and why it was used.

That's all well and good, but your first post in this thread claims "unhackable" was only used by McAfee, and that he isn't part of your company. Both of those are not true, as I've shown in my previous posts. Here is the tweet where McAfee states that Bitfi is "his product", and here is an archive of your website with the unhackable claim on the front page.

The only reason its wrong to refer to it as a brain wallet is because it has dozens of important differences with brain wallets and executed in a very different way.

You are right. A true brain wallet doesn't allow the passphrase to be extracted from its RAM.

We have created our own custom system that allows all developers in the world to participate in reviewing and contributing to Bitfi code which is going live in 2 days

I very much doubt this will actually equate to open source, otherwise you would just have used GitHub. It's good enough for every other crypto project out there, but not for you? Please.

Please describe how a $5 wrench attack will lead to loss of coins? We would be very interested in your feedback.

Attacker hits you until you tell him your passphrase.

The vulnerabilities discovered now almost year ago were on the first version of device and we are now shipping DMA-2 which had all potential vulnerabilities fixed.

So you finally admit that your device was hackable?

Finally, can you please tell us which claims we are making at this time that are demonstrably untrue and we will immediately remove them.

Please read this post and my previous one where I systematically explain how pretty much every claim you make is a lie.

We understand and appreciate why you are skeptical. All we are asking is that you monitor the facts and data that is being released over the next few weeks so you can make a decision based on fact and not rumor.

Here are the facts:

1 - Release a wallet you claim is unhackable, and post a $250,000 bounty for anyone that can hack it
2 - It is hacked multiple times within days
3 - Insult the researchers, deny the proof of it being hacked, and cancel your bounty program without paying
4 - Wait for 6 months or so, hoping that people forget about your scammy behavior
5 - Relaunch the exact same insecure product again

This is all glossing over the fact that even if your hardware wasn't easily hackable, brain wallets are a terrible way to store your coins and only a moron would choose them.

TL:DR for anyone else: buy a Ledger or a Trezor.

[TheBitfi]

Hi o_e_l_e_o,

We are going to assume that since you support cryptocurrency which was created by cypherpunks, that you also must believe that truth & fact are fundamental principles behind the social change that was driving Bitcoin's development. We are not asking you to agree with any of our opinions, but just to consider the facts that we will gladly and eagerly present.

Please allow us to address your comments with facts:

1) The reason the $250,000 bounty was discontinued is because large groups of hackers were referring to it as a "sham" and it clearly made many of them angry. This is the only reason why the bounty was discontinued. Here are a just a few examples of those attacks on the bounty:

https://twitter.com/barton_paul/status/1024395617525800961

https://twitter.com/MrSm0keTooMuch/status/1035574600564916224

https://twitter.com/gsuberland/status/1025083694070026242

However this bounty was open for several months before it was finally cancelled. In that time, no one has achieved it.

The second bounty was not launched when the first one was closed, it was also launched months before and both bounties were cancelled simultaneously (with the second one being achieved)

You are saying that we "won't pay the second bounty either", but this is demonstrably false as can be seen here where we are offering the payment and acknowledging that the second bounty has been achieved: https://twitter.com/TheBitfi/status/1038339727961800704 this public statement clearly indicates that the second bounty is being paid out.

2) There was simply no bounty for what you are showing here: https://twitter.com/saleemrash1d/status/1035269363903946755 How could we have refused to pay something that wasn't in place to begin with? If some attack was presented to Microsoft or Oracle (with absolutely no reproducible method, by the way) for which they had no bounty, they also would not pay unless something was negotiated in advance. To clarify, in this attack it does not allow him to steal every coin stored on the device, as the device didn't store coins. What this attack allowed was to modify the device in such a way so that if this attack is done without your knowledge and then you use it next, then your coins could be stolen. This is not stealing coins from a previously used Bitfi. (This was of course fixed a long time ago and we are no longer shipping the model on which this attack was demonstrated).

3) We are not saying that we were not using the unhackable claim. John McAfee was so impressed with the wallet that he told us that it was the first unhackable technology he has ever encountered and we started to use it in our marketing. What was meant by this claim is that the device does not store private keys and therefore the funds could not be extracted, not that the device itself could not be hacked. Unhackable is a word that has no definition and you will not find it in any dictionary. We meant no malice in using the word, we were just trying to find ways to communicate and explain Bitfi technology which is very different from anything else.

4) You cannot extract anything from Bitfi's RAM and this was already forensically measured. We are now shipping the DMA-2 that does not retain the private key for even one second. Having said that, the previous version which didn't have perfect memory management had the private key remain in RAM for some time, in some cases even for a few hours. However, a few hours is still infinitely better than having all your private keys (not just one key) remain on a cold storage wallet forever.

5) Please don't judge the developers platform before having seen it. We will give you a private key to grant you access so you can go in and look around. Its just a couple of days away.

6) The $5 wrench attack: Bitfi is actually the only wallet that can give you protection from this kind of attack. If someone comes to your house and you have a regular cold storage hardware wallet and they are torturing you, you have no choice but to give them access and they will take all your funds. However, because Bitfi does not have any private keys (it acts as a private key generator) you can create an unlimited number of wallets with one device. For example, you can have one wallet with passphrase o_e_l_e_oLovesBitcoinTalk.org that contains $500 and a second wallet with passphrase o_e_l_e_oLovesBitcoinTalk.org2 that contains your life savings (lets say $100,000). So if you are being tortured you would give the attacker access to the decoy wallet with the low balance and the attacker thinks he/she cleaned you out - they have absolutely no way of knowing that you have other wallets (it is impossible to know).

7) Of course we admit that the device was and is hackable. This is in our first FAQ on our website. However, it is also important to understand that the device is not the wallet. What we do know for sure: it is impossible to steal money from a previously used Bitfi Wallet and that the Bitfi Wallet is the only wallet that cannot be seized by law enforcement or anyone else. It does not have any private keys. We have also addressed all the vulnerabilities that have been pointed out on Twitter (some were real and many were fake) and launched the DMA-2 with these vulnerabilities fixed.

8.) We still don't see which claim is a lie. If you can point out any specific claim that is a lie, it will be immediately removed.

9) Regarding your summary:

A. We did not offer $250,000 for anyone to hack the wallet. We offered $250,000 specifically for accomplishing the following: https://bitfi.com/bounty
B. Yes, but not days. It was weeks.
C. Yes at times things got really emotional and we acted inappropriately and for that we apologize. However, the researchers also insulted us, for example by using our logo smeared in diarrhea as their avatar, calling our bounty a sham & then calling outrage when we cancel it, claiming that we don't pay bounties when we always pay (we even donated to the Mental Health Hackers, an organization that helps the very people who were attacking us: https://twitter.com/TheBitfi/status/1077054969902219265), etc.
D. During the last 7 months our engineers have been engaged in very intensive development, not just waiting. And just so you know, several hackers from the group who were originally attacking us on social media are working here as employees for the last 7 months because they realized they got some things wrong and they also realized the remarkable potential of Bitfi technology.
E. We did not relaunch the exact same product again, but a very different product shipping as DMA-2 that has all the vulnerabilities addressed (the ones we were able to verify as real) and then additional features to improve it even further over and above those vulnerabilities.

Not sure why you are bringing up Ledger and Trezor when they have been hacked hundreds of times and had dozens of serious hacks in just the last few weeks (while our vulnerabilities occured within weeks of launch, these companies have been in business for years and they have more serious security issues now than we did upon our launch). Just a few recent examples:

https://www.chepicap.com/en/news/6222/trezor-one-ledger-nano-s-and-blue-get-hacked-ledger-denies-trezor-will-update-.html

https://thenextweb.com/hardfork/2018/03/20/ledger-nano-s-hack-cryptocurrency/

https://smartereum.com/46184/ledger-wallet-hacked-ledger-wallet-hacked-with-simple-radio-antenna-according-to-security-researchers-cryptocurrency-wallet-news-today/

https://steemit.com/trezor/@lexiconical/trezor-hack-devices-are-not-secure-private-key-can-be-extracted-at-startup

https://medium.com/@Zero404Cool/trezor-security-glitches-reveal-your-private-keys-761eeab03ff8

https://cryptoslate.com/ledger-reveals-five-vulnerabilities-in-competitor-trezors-wallets/


Thank you again for opportunity to respond,

Bitfi Team

[o_e_l_e_o]

1) The reason the $250,000 bounty was discontinued is because large groups of hackers were referring to it as a "sham"

When everyone is calling the bounty a sham because you refuse to pay it, and you are the only ones claiming otherwise, perhaps it might be you who are mistaken? The wallet was hacked (repeatedly). You refused to pay (repeatedly). End of.

2) There was simply no bounty for what you are showing here: https://twitter.com/saleemrash1d/status/1035269363903946755

Yes. You worded the bounty so exactly so you knew you would never have to pay it out, even when someone extracts the passphrase from your device's RAM. How about this one, who gained root access, installed a patched firmware, and your device continued to run, no questions asked. You didn't pay that one either.

3) What was meant by this claim is that the device does not store private keys and therefore the funds could not be extracted, not that the device itself could not be hacked. Unhackable is a word that has no definition and you will not find it in any dictionary.

Are you sure about that? Are you seriously now trying to claim you used the word unhackable but that it didn't mean that it couldn't be hacked? You are trying to redefine the English language instead of just admitting your lies? This is laughable.

4) You cannot extract anything from Bitfi's RAM and this was already forensically measured.

Except you can, and I linked proof of that happening above.

Having said that, the previous version which didn't have perfect memory management had the private key remain in RAM for some time, in some cases even for a few hours.

So the key was on the RAM, and therefore extractable? I thought you just said it wasn't? You are really getting caught up in your own lies here.

5) Please don't judge the developers platform before having seen it. We will give you a private key to grant you access so you can go in and look around. Its just a couple of days away.

If I need you to give me a key to access it, then it's not open source.
 

6) The $5 wrench attack: Bitfi is actually the only wallet that can give you protection from this kind of attack.

Another complete lie. Both Ledger and Trezor support unlimited wallets on one device with the use of a passphrase. See: https://support.ledger.com/hc/en-us/articles/115005214529-Advanced-passphrase-security and https://wiki.trezor.io/Passphrase.

7) Of course we admit that the device was and is hackable.

Only because the entire crypto world has called you out for your repeated lies. You repeated the unhackable nonsense over and over again until you finally realized everyone was laughing at you:
https://twitter.com/TheBitfi/status/1024979075566329856
https://twitter.com/TheBitfi/status/1024552929074839552
https://twitter.com/TheBitfi/status/1025058277552467969
https://twitter.com/TheBitfi/status/1019231065599283200

8.) We still don't see which claim is a lie. If you can point out any specific claim that is a lie, it will be immediately removed.

Add all the points I just made to all the previous points I've made, we must be up to about 20-30 lies in this thread alone, never mind the hundreds on your twitter account.

A. We did not offer $250,000 for anyone to hack the wallet. We offered $250,000 specifically for accomplishing the following: https://bitfi.com/bounty

You made it so specific so you would never have to pay, even when private keys and passphrases were extracted from your device.

B. Yes, but not days. It was weeks.

So you admit your unhackable wallet has been hacked multiple times?

C. Yes at times things got really emotional and we acted inappropriately and for that we apologize.

You literally threatened security researchers - https://twitter.com/matthew_d_green/status/1026432597856006145. No one in their right mind will ever trust you.

And just so you know, several hackers from the group who were originally attacking us on social media are working here as employees for the last 7 months

And the vast majority haven't sold out and are continuing to expose you for the scam that you are.

E. We did not relaunch the exact same product again, but a very different product shipping as DMA-2 that has all the vulnerabilities addressed (the ones we were able to verify as real) and then additional features to improve it even further over and above those vulnerabilities.

Why would an unhackable wallet need to have vulnerabilities addressed? I wonder.

[TheBitfi]

Hi o_e_l_e_o,

It sounds like you are not interested in learning the facts and the truth, rather than thinking objectively you appear to be happy to make assumptions and then assume that these assumptions represent reality. We will, however, respond anyway because it is our duty to educate and correct misleading information in order so that others can get a clear and objective understanding.

1.) "When everyone is calling the bounty a sham because you refuse to pay it, and you are the only ones claiming otherwise, perhaps it might be you who are mistaken? The wallet was hacked (repeatedly). You refused to pay (repeatedly). End of."

How on earth did you determine that the bounty was being called a sham because we were refusing to pay it (even though we were never refusing to pay it & still will gladly pay it to anyone who can demonstrate they achieved the bounty)? It was being called a sham because hackers were not happy with the conditions of the bounty and some thought it was a marketing stunt. Some thought it was a marketing stunt because they questioned how feasible it is to extract information from a device that does not have information. You can see proof of this right here: https://twitter.com/SeanG294/status/1023835288848752642

However, as it turned out, the bounty was not a sham at all because as already described in the above post the private key remained in RAM for some time and so it was extractable. So someone could have achieved this and received the $250,000 payment.

Again, the wallet was hacked and we paid for what we were responsible for according to bounty conditions. You keep repeating that it was hacked multiple times, and we keep agreeing with you. You just don't seem to understand that the $250,000 bounty had certain conditions attached to it (as a bounty from any other tech company) that were not met and never even came close to being met. Would you like further proof?

2.) Yes. You worded the bounty so exactly so you knew you would never have to pay it out, even when someone extracts the passphrase from your device's RAM. How about this one, who gained root access, installed a patched firmware, and your device continued to run, no questions asked. You didn't pay that one either.

Here is the $250,000 bounty again: https://bitfi.com/bounty What in it is not clear? We showed it to many different people, even children and they all can understand the conditions:

- We deposit coins into a Bitfi wallet
- If you successfully extract the coins and empty the wallet, this would be considered a successful hack
- You can then keep the coins and Bitfi will make a payment to you of $250,000
- Please note that we grant anyone who participates in this bounty permission to use all possible attack vectors, including our servers, nodes, and our infrastructure

Can you please explain what part of this is "worded so exactly" that we would never have to pay it? So if someone did extract the coins, we would not have to pay or is it pretty black & white that we would have to pay the $250,000?

3.) Are you sure about that? Are you seriously now trying to claim you used the word unhackable but that it didn't mean that it couldn't be hacked? You are trying to redefine the English language instead of just admitting your lies? This is laughable.

We are not trying to redefine any words and in the above post we did say that the Bitfi device was hacked, multiple times. You are completely ignoring the point where we explain that we were trying to describe Bitfi technology that does not store any private keys and therefore it is impossible to steal funds. In other words, if the device is hacked, there would be nothing to take. Its a completely new way of securing digital assets and its not always easy to explain. In any case, we dropped the word "unhackable" from our branding and it hasn't been used for a long time.

4.) Except you can, and I linked proof of that happening above.

No you cannot. You were able to last year. We stated several times already in our replies that we are shipping the DMA-2 which is a totally different product than what you saw in the hacking demonstrations. It cannot be done now, as already described, since our engineers addressed all discovered vulnerabilities.

5.) If I need you to give me a key to access it, then it's not open source.

Everyone gets a private key so long as they are a developer and every Bitfi user has a private key. No developer is denied a private key. So yes, it is completely open.

6.) Another complete lie. Both Ledger and Trezor support unlimited wallets on one device with the use of a passphrase. See: https://support.ledger.com/hc/en-us/articles/115005214529-Advanced-passphrase-security and https://wiki.trezor.io/Passphrase.

You didn't understand the content in the 2 links you provided. Both pages describe how you can set an additional password (for advanced users) on top of your 24 word seed. In the case of you being tortured you will give up that password and all your crypto will be gone. Again, we repeat, Bitfi is the ONLY wallet that can give you protection from this kind of attack and neither Ledger nor Trezor allow you to have multiple wallets on one device.

7.) Only because the entire crypto world has called you out for your repeated lies. You repeated the unhackable nonsense over and over again until you finally realized everyone was laughing at you.

Why would we want to create tension and bickering in the crypto community if our mission is to drive adoption and innovation? If the word "unhackable" made people in the cyber security community angry it would be foolish to keep using it.

8.) Add all the points I just made to all the previous points I've made, we must be up to about 20-30 lies in this thread alone, never mind the hundreds on your twitter account.

Can you point out one specific lie? You are saying 20 - 30, but we don't see them. We are asking for your help to identify the lies so we can remove them from our website and other materials. Don't you want your fellow crypto users to have access to accurate information? This isn't about Bitfi, but about the thousands of people who use it. Please help these innocent people by just identifying a few specific lies so we can fix them immediately.

9.) You literally threatened security researchers - https://twitter.com/matthew_d_green/status/1026432597856006145. No one in their right mind will ever trust you.

This was taken completely out of context as the hackers wanted to do anything they could to mislead and confuse the public about Bitfi. Even thought all this was conveniently deleted, the archive still exists: http://archive.is/Svbt7#selection-713.1-713.161

It is clear that our threat was due to their use of our logo smeared in diarrhea and posting it all over Twitter and in no way shape or form was anyone being threatened over the attempted hacks.

10.) And the vast majority haven't sold out and are continuing to expose you for the scam that you are.

Please clarify what part of us is a scam so we can fix it. A scam is a fraud in which one is misleading people in order to steal their money. With Bitfi when a customer places an order they receive the wallet and are provided with both email and phone technical support. Not a single Bitfi user ever has lost funds and we have users with $50m or more in a single Bitfi Wallet and they too have never lost a dime. We are open to constructive feedback on how to end the scam that you claim.

[o_e_l_e_o]

I'm getting really bored of going round in circles while you simply deny provable facts. For anyone else interested, just search Google, Reddit or Twitter for "bitfi bounty" or "bitfi hack", and read the screeds and screeds of articles and posts which confirm everything I say.

https://rya.nc/bitfi-wallet.html

To start with, I had a look at their their bounty offer:

This bounty program is not intended to help Bitfi to identify security vulnerabilities since we already claim that our security is absolute and that the wallet cannot be hacked or penetrated by outside attacks. Rather this program is intended to demonstrate to anyone who claims or believes that nothing is unhackable or that they can hack into the Bitfi wallet, that such attempts are futile and that the advertised claims about the Bitfi wallet are accurate.

In other words, the sole purpose of it is to discredit security researchers like myself who raise concerns about the design of their product. This is not a new trick — it was specifically called out by Bruce Schneier as a red flag nearly twenty years ago. In this instance, Bitfi is calling it a "bounty program" to try to ride on the coattails of legitimate bug bounty programs, which are generally wide in scope. This one is unfair, falling into exactly the pattern that Schneier described:

Most cryptanalysis contests have arbitrary rules. They define what the attacker has to work with, and how a successful break looks. Jaws Technologies provided a ciphertext file and, without explaining how their algorithm worked, offered a prize to anyone who could recover the plaintext. This isn't how real cryptanalysis works; if no one wins the contest, it means nothing.

Indeed, you have to be spend $120 on a Bitfi device, and then pay another $10[4] to "preload it with coins" to even try, and then you specifically have to hack the wallet associated with particular the device they send you. If a researcher found, for example, the device had a weak RNG that allowed for key recovery by examining a series of transactions generated by it, they would not win the bounty. Neither would they for finding a way to hijack their automatic update system to install a keylogger.

You made arbitrary conditions so you knew you would never have to pay out. You even tried to justify that with nonsense tweets such as this one: https://twitter.com/TheBitfi/status/1024930630293970944. Someone roots your device, gains full read/write access, and you say it doesn't count because "once someone installs something into that system it will no longer be a Bitfi wallet". This is utterly laughable. Did you know Windows is immune to viruses because once there is a virus installed then it is no longer Windows? My car is immune to damage because once it has been damaged it is no longer my car.

You are completely ignoring the point where we explain that we were trying to describe Bitfi technology that does not store any private keys and therefore it is impossible to steal funds. In other words, if the device is hacked, there would be nothing to take.

This is, yet again, simply not true. I have posted proof above that passphrases can be extracted from the device. I have posted proof that root access can be obtained, allowing a keylogger or similar to be installed and steal the passphrase. Just because it doesn't store private keys doesn't mean the funds can't be extracted when it is this easy to extract the passphrase.

Again, we repeat, Bitfi is the ONLY wallet that can give you protection from this kind of attack and neither Ledger nor Trezor allow you to have multiple wallets on one device.

Both Ledger and Trezor allow you to have as many different wallets protected by as many different passphrases as you want on a single device at the same time. There are literally thousands of users using this set up right now. I've been using this set up since before your awful brain wallet even existed. To claim otherwise is just showing just how ignorant of good crypto security you are.

[ThatRandom8543]

Again, we repeat, Bitfi is the ONLY wallet that can give you protection from this kind of attack and neither Ledger nor Trezor allow you to have multiple wallets on one device.

I usually dont like jumping into discussions like this but I do want to provide my 2 cents on this message. This message does show that Bitfi (or atleast you) have not used ledger, trezor, keepkey, or similar devices that have a seed along with an additional passphrase, or probably have but just being plain ignorant. Using an additional passphrase will allow one to have multiple wallets all while still remaining protected. Such a thing is not stored on a device thus if someone were to extract the seed from any of those devices, as long as no coins are stored along with the seed itself, nothing is lost. If there is, you only lose whats there but nothing stored with an additional passphrase. Heck, I even use it to have different wallets for different things as if its multiple bank accounts for personal and business use and I trust that more than I would trust bitfi. Heck, I dont even like ledger after what they did with ledger blue but I would prefer that over bitfi honestly.

I would seriously suggest that Bitfi should take their heads out of whatever hole it is stuck in and start doing real research if you all expect to have a good reputation. The "unhackable" claim couldve lead to lawsuits for false advertisement (and honestly surprised there was no class action after the stunt that was pulled after being called out about the issues noted with the device). Speak and operate from a realistic point of view especially if you want the business to survive.

[bob123]

Wow.

Not sure if this is a troll post or for real   


To anyone reading this and wondering:

The bitfi wallet is probably the least secure wallet in history of BTC. Even android / iOS mobile wallets are more secure than this crap.

Better invest your money into a real hardware wallet or buy more BTC and store them on your mobile. But never use a brainwallet (like bitfi is).

It has been repeatedly proven that this wallet is unsecure and not worth a single penny. Don't listen to empty promises, do your own research.

[o_e_l_e_o]

This message does show that Bitfi (or atleast you) have not used ledger, trezor, keepkey, or similar devices that have a seed along with an additional passphrase, or probably have but just being plain ignorant.

This is exactly correct. To claim that Ledger doesn't allow multiple wallets on one device, when I have a Ledger Nano S sitting two feet away from me which has multiple wallets on it, is either a deliberate lie designed to fool potential buyers, or phenomenal ignorance of the basics of hardware wallets. Either way, I wouldn't trust someone who makes such a nonsense statement.

But never use a brainwallet (like bitfi is).

In before a reply saying that their brain wallet isn't a brain wallet because it isn't on a computer or some other nonsense reason.

[TheBitfi]

Hi Random8543,

You don't seem to understand Bitfi's security model. Bitfi does not have any private keys. Therefore extraction is not possible. On the other hand all cold storage wallets make it very easy to extract all your money should they be physically seized, lost or stolen. Here the CTO of Ledger himself admits that it is trivial to extract all your private keys: https://twitter.com/xtcc18/status/1109621986123284480

We are extremely aware of all the wallets you mention. However, we believe that you haven't taken the time to understand how Bitfi works.

Thanks for the opportunity to respond.

Again, we repeat, Bitfi is the ONLY wallet that can give you protection from this kind of attack and neither Ledger nor Trezor allow you to have multiple wallets on one device.

I usually dont like jumping into discussions like this but I do want to provide my 2 cents on this message. This message does show that Bitfi (or atleast you) have not used ledger, trezor, keepkey, or similar devices that have a seed along with an additional passphrase, or probably have but just being plain ignorant. Using an additional passphrase will allow one to have multiple wallets all while still remaining protected. Such a thing is not stored on a device thus if someone were to extract the seed from any of those devices, as long as no coins are stored along with the seed itself, nothing is lost. If there is, you only lose whats there but nothing stored with an additional passphrase. Heck, I even use it to have different wallets for different things as if its multiple bank accounts for personal and business use and I trust that more than I would trust bitfi. Heck, I dont even like ledger after what they did with ledger blue but I would prefer that over bitfi honestly.

I would seriously suggest that Bitfi should take their heads out of whatever hole it is stuck in and start doing real research if you all expect to have a good reputation. The "unhackable" claim couldve lead to lawsuits for false advertisement (and honestly surprised there was no class action after the stunt that was pulled after being called out about the issues noted with the device). Speak and operate from a realistic point of view especially if you want the business to survive.

Hi Bob,

This is demonstrably wrong. Bitfi is the most secure wallet because it doesn't even have private keys. Please explain how something could be more secure than such a system where you don't even have anything to steal or extract?

First, we can prove every single one of the claims that we make.

Second, if you want to make an informed opinion rather than just a random angry post like "Bitfi sucks" please see our open source resources at https://bitfi.dev this is a completely open and transparent system that allows all developers in the world to participate, view the code, and see how every feature works.

Try to keep an open mind rather than spreading misleading information.

Thank you,

Wow.

Not sure if this is a troll post or for real   


To anyone reading this and wondering:

The bitfi wallet is probably the least secure wallet in history of BTC. Even android / iOS mobile wallets are more secure than this crap.

Better invest your money into a real hardware wallet or buy more BTC and store them on your mobile. But never use a brainwallet (like bitfi is).

It has been repeatedly proven that this wallet is unsecure and not worth a single penny. Don't listen to empty promises, do your own research.

Hi o_e_l_e_o,

You don't seem to understand some crucial differences. The cold storage hardware wallets store all of your private keys and therefore they are device dependent wallets. Bitfi is not device dependent, it has no private keys (its a private key generator) and therefore you can have an unlimited number of wallets with one device (you can have 1000 if you like) and even share one device among multiple users. So long as the users don't know each other's salt & phrase, no one can access anyone's wallet but their own with their salt & phrase.

You were talking about a torture situation. In this case the hidden account with the 25th word is not that much protection. An attacker who is knowledgable about cryptocurrency will surely demand the hidden account as it is a common feature and they will especially demand it if they know anything about you.

With Bitfi, it is literally impossible to know or suspect if any other wallets exist or have been created with the device. It is true plausible deniability. This is a crucial difference in this kind of situation.

Yesterday we spoke about open source and our open source system is now live and we invite you to come and use it, if you are interested in understanding Bitfi technology better: https://bitfi.dev

Again, you may decide that Bitfi is totally not for you. Thats fine. But at this moment, you do not know enough about this technology to make a truly informed decision.

Finally, yes, the Bitfi wallet does allow you to store millions of dollars, thousands of coins and tokens, and terabytes of data in your brain by knowing a single phrase. Walking around with that in your brain sounds almost like science fiction, except its real. But this is optional and you do not have to use Bitfi this way. It is not a brain wallet for many reasons, but it does give you the best of what a brain wallet can offer should you choose to use it that way.

Thanks,

Bitfi Team

This message does show that Bitfi (or atleast you) have not used ledger, trezor, keepkey, or similar devices that have a seed along with an additional passphrase, or probably have but just being plain ignorant.

This is exactly correct. To claim that Ledger doesn't allow multiple wallets on one device, when I have a Ledger Nano S sitting two feet away from me which has multiple wallets on it, is either a deliberate lie designed to fool potential buyers, or phenomenal ignorance of the basics of hardware wallets. Either way, I wouldn't trust someone who makes such a nonsense statement.

But never use a brainwallet (like bitfi is).

In before a reply saying that their brain wallet isn't a brain wallet because it isn't on a computer or some other nonsense reason.

There is not much more we can say. You are saying our device was hacked, and we are saying yet it was. No disagreement there.

But then you start saying that it was hacked in a way that entitles hackers to $250,000 and that the rules are not clear, please explain what is not clear in these rules: https://bitfi.com/bounty

Just because some hacker is complaining about the bounty rules (perhaps because they wish it was easier) does not mean the rules are not clear or should have been changed. We were clearly simulating a situation where a wallet is stolen from a user and then to test if its possible to steal the user's funds. In this bounty we were not testing to see if a device can be modified without your knowledge and then you use it next time and it gives your information to attacker, that was being tested in this bounty: https://bitfi.com/bounty2

Now you are saying again that passphrases can be extracted from device, even though we already told you nearly half a dozen times that they cannot. This is the equivalent of us taking this article from 2017: https://medium.com/@Zero404Cool/trezor-security-glitches-reveal-your-private-keys-761eeab03ff8 and using it as proof that ST32F05 chip on Trezor is vulnerable to fault injection. But don't you think that maybe Trezor fixed this or did something about this since 2017?

The memory management and the forensic testing method was disclosed here: https://twitter.com/TheBitfi/status/1054884530199449600

Anyone with advanced tech knowledge can use the same or similar method to attempt extraction to see for themselves. The private key, salt, and phrase are all not detectable at all after a transaction. We have a lot more technical resources coming that scientifically prove all claims being made by Bitfi.

We are really not here to bicker with anyone but rather to collaborate. We probably won't be the only hardware wallet in the world and consumers will always have choices just as they do with smartphones. Some think the iPhone is best and others think that Samsung is best. This argument about which is best will likely never end.

All we want is collaboration and stimulating discussion. We are trying to contribute to the space and actively educate people on Bitcoin. The enemy is on the outside. We don't need to fight on the inside, which just causes the industry to self destruct. All we ask is that you keep an open mind. Scam accusations are very serious, especially when you consider the emotional impact on the developers who have been putting in blood, sweat, and tears into this project and other projects. We shared some thoughts on this here: https://twitter.com/TheBitfi/status/1113634972840153088

We are not asking you to buy our wallet. And we also don't claim to know everything. In fact there is not a single engineer who knows absolutely every single thing about Bitcoin (including Bitcoin developers themselves), there is always something new to learn and discover. These are very complex systems.

We apologize that the previously used word "unhackable" caused so much anger and frustration and we apologize to you personally. Please just give us an opportunity to collaborate with people in this community and provide them with information or data they may want. We are not trying to do anything else.

Thank you,

 

I'm getting really bored of going round in circles while you simply deny provable facts. For anyone else interested, just search Google, Reddit or Twitter for "bitfi bounty" or "bitfi hack", and read the screeds and screeds of articles and posts which confirm everything I say.

https://rya.nc/bitfi-wallet.html

To start with, I had a look at their their bounty offer:

This bounty program is not intended to help Bitfi to identify security vulnerabilities since we already claim that our security is absolute and that the wallet cannot be hacked or penetrated by outside attacks. Rather this program is intended to demonstrate to anyone who claims or believes that nothing is unhackable or that they can hack into the Bitfi wallet, that such attempts are futile and that the advertised claims about the Bitfi wallet are accurate.

In other words, the sole purpose of it is to discredit security researchers like myself who raise concerns about the design of their product. This is not a new trick — it was specifically called out by Bruce Schneier as a red flag nearly twenty years ago. In this instance, Bitfi is calling it a "bounty program" to try to ride on the coattails of legitimate bug bounty programs, which are generally wide in scope. This one is unfair, falling into exactly the pattern that Schneier described:

Most cryptanalysis contests have arbitrary rules. They define what the attacker has to work with, and how a successful break looks. Jaws Technologies provided a ciphertext file and, without explaining how their algorithm worked, offered a prize to anyone who could recover the plaintext. This isn't how real cryptanalysis works; if no one wins the contest, it means nothing.

Indeed, you have to be spend $120 on a Bitfi device, and then pay another $10[4] to "preload it with coins" to even try, and then you specifically have to hack the wallet associated with particular the device they send you. If a researcher found, for example, the device had a weak RNG that allowed for key recovery by examining a series of transactions generated by it, they would not win the bounty. Neither would they for finding a way to hijack their automatic update system to install a keylogger.

You made arbitrary conditions so you knew you would never have to pay out. You even tried to justify that with nonsense tweets such as this one: https://twitter.com/TheBitfi/status/1024930630293970944. Someone roots your device, gains full read/write access, and you say it doesn't count because "once someone installs something into that system it will no longer be a Bitfi wallet". This is utterly laughable. Did you know Windows is immune to viruses because once there is a virus installed then it is no longer Windows? My car is immune to damage because once it has been damaged it is no longer my car.

You are completely ignoring the point where we explain that we were trying to describe Bitfi technology that does not store any private keys and therefore it is impossible to steal funds. In other words, if the device is hacked, there would be nothing to take.

This is, yet again, simply not true. I have posted proof above that passphrases can be extracted from the device. I have posted proof that root access can be obtained, allowing a keylogger or similar to be installed and steal the passphrase. Just because it doesn't store private keys doesn't mean the funds can't be extracted when it is this easy to extract the passphrase.

Again, we repeat, Bitfi is the ONLY wallet that can give you protection from this kind of attack and neither Ledger nor Trezor allow you to have multiple wallets on one device.

Both Ledger and Trezor allow you to have as many different wallets protected by as many different passphrases as you want on a single device at the same time. There are literally thousands of users using this set up right now. I've been using this set up since before your awful brain wallet even existed. To claim otherwise is just showing just how ignorant of good crypto security you are.

[bones261]

     @Bitfi  I know that you have many objections to respond to. However, Bitcointalk has a thread bumping rule that does not allow the same poster to post more than once in a row in a 24 hour period. If you have additional thoughts to share, and no one else has posted, you will need to edit your last post and add your additional thoughts. I know that can make your messages a bit on the TLDR side; however, I don't want you to end up having posts deleted if a moderator finds out.

     Now To get back on topic. The main problem with your approach is that in order for this to work, a person has to pick a password and salt that they can remember. The problem with such passwords is that they are easier to crack than the webpage you sent to me seems to suggest.
     You gave me this example of a password to use. Bones261LovesBitcoinTalk.orgFor$Advice. Although the web page that you directed me to suggests it will take many octillion years to crack the passphrase, if someone happens to know a little bit about me, it won't be that hard. If a cracker happens to know that I am bones261 and love bitcointalk, they can try those passphrases that contain my user name and bitcointalk.org. I know that you were only using this as an example, however any phrase that someone is going to be able to reasonably retain in their mind is probably going to be easier to crack if the cracker happens to have some information on you.  I also went to your web page and it recommends that the salt be something like a SSN, email address or phone number. This is a rather bad recommendation in my opinion.

    I realize you can have your dice generator generate 7 random words for you. It may seem easy to remember 7 random words; however we get people coming here quite often who can't even remember one word to access their encrypted wallet. The best thing to do is either write the words down or keep them in a password generator. Also, I am not understanding your argument that if a thief comes across a piece of paper with your passphrase written, that they wouldn't be able to tell that it may be a password to access your coins. If you use a phrase with good entropy, it's going to have some special characters. I'm sure a crafty thief can figure it out.

[o_e_l_e_o]

You don't seem to understand Bitfi's security model. Bitfi does not have any private keys. Therefore extraction is not possible. On the other hand all cold storage wallets make it very easy to extract all your money should they be physically seized, lost or stolen. Here the CTO of Ledger himself admits that it is trivial to extract all your private keys: https://twitter.com/xtcc18/status/1109621986123284480

Please just stop. All you doing is making yourself sound more and more ignorant with every post.

The kind of technology required to extract a private key from a secure element is found in few laboratories around the world, there are few people with kind of knowledge required to utilize said equipment, and it would take months and tens of thousands of dollars to perform. Calling that "trivial" once again only shows your deep lack of knowledge regarding crypto security. This vulnerability applies to any and all microchips around the world, not just those in hardware wallets. It is also completely mitigated by using a passphrase on your Ledger (you know, that thing which you are denying even exists despite thousands of users currently using it).

Your "wallet", on the other hand, had its passphrase extracted by a 15 year old in his bedroom using a desktop computer.

I also went to your web page and it recommends that the salt be something like a SSN, email address or phone number.

Ooft. I had to double check that for myself. I know these guys don't understand security, but still, the advice they give about setting up your passphrase is some of the worst I have ever seen. They suggest an acceptable phrase is "!Why Is Dan So Crazy About Monero and Mustard?", and as you say, your phone number or email. I'd honestly rather store my private keys in plain text on my desktop computer than in a brain wallet with such poor security.

[HCP]

To be fair... WarpWallet (which put up a 2x 20 BTC(!) bounties for a "simple" 8 char alphanumeric password) suggests using your email address as a "salt"... and as far as I'm aware, neither of those bounties was ever claimed before the expiry date. #devilsAdvocate

WarpWallet adds two improvements: (1) WarpWallet uses scrypt to make address generation both memory and time-intensive. And (2) you can "salt" your passphrase with your email address. Though salting is optional, we recommend it. Any attacker of WarpWallet addresses would have to target you individually, rather than netting you in a wider, generic sweep. And your email is trivial to remember, so why not?

But at least WarpWallet admit they're really just a "brainwallet" with extra security!

WarpWallet is a deterministic bitcoin address generator. You never have to save or store your private key anywhere. Just pick a really good password - many random words, for example - and never use it for anything else.

This is not an original idea. bitaddress.org's brainwallet is our inspiration.

To me, Bitfi simply looks like an implementation of the WarpWallet/Brainwallet methodology on a modified mobile device... this doesn't bother me nearly as much as the attitude displayed to the crypto-analysis community.

From a relatively neutral position (insofar that I don't have any direct affiliation with any hardware wallet manufacturers other than I happen to use them)... it seems to me that rather than just accepting that their device got "pwned", thanking the community for their assistance in highlighting the flaws and then fixing the issues, they appeared to "double-down" on their "unhackable" claims and started trying to use semantics to argue that their device wasn't "hacked".

To try holding onto that claim... and then say:

The vulnerabilities discovered now almost year ago were on the first version of device and we are now shipping DMA-2 which had all potential vulnerabilities fixed.

is just disingenuous  

Additionally, some of the responses on this thread would appear to show some gaps in their knowledge of how competitor's devices actually work...


Just my 0.00000002BTC

[TheBitfi]

All we can say is that you are not interested in learning anything new or having a constructive discussion. Perhaps you are just trolling us. You certainly act as though you know everything and as though we know nothing when this is all we do with a team of engineers all day, every day.

We are now going to gracefully bow out of this discussion because you will always come back with some snide remark with absolutely no concern if it’s true or not, or if it has any bearing on reality.

We will just leave you with this. Ever heard of Cellebrite? Yeah, the same company that helped FBI unlock the iPhone of the San Bernadino terrorist. They charge exactly $2,500 to do data extraction from any device and it takes them minutes, all they need is a court order from law enforcement. If you are naive enough to believe that a $100 toy is going to stop them from getting all your money, then you can keep believing that.

You can go ahead and call them yourself to confirm the above, here is their phone number in USA: 201.848.8552

Have a wonderful evening,

Bitfi Team

You don't seem to understand Bitfi's security model. Bitfi does not have any private keys. Therefore extraction is not possible. On the other hand all cold storage wallets make it very easy to extract all your money should they be physically seized, lost or stolen. Here the CTO of Ledger himself admits that it is trivial to extract all your private keys: https://twitter.com/xtcc18/status/1109621986123284480

Please just stop. All you doing is making yourself sound more and more ignorant with every post.

The kind of technology required to extract a private key from a secure element is found in few laboratories around the world, there are few people with kind of knowledge required to utilize said equipment, and it would take months and tens of thousands of dollars to perform. Calling that "trivial" once again only shows your deep lack of knowledge regarding crypto security. This vulnerability applies to any and all microchips around the world, not just those in hardware wallets. It is also completely mitigated by using a passphrase on your Ledger (you know, that thing which you are denying even exists despite thousands of users currently using it).

Your "wallet", on the other hand, had its passphrase extracted by a 15 year old in his bedroom using a desktop computer.

I also went to your web page and it recommends that the salt be something like a SSN, email address or phone number.

Ooft. I had to double check that for myself. I know these guys don't understand security, but still, the advice they give about setting up your passphrase is some of the worst I have ever seen. They suggest an acceptable phrase is "!Why Is Dan So Crazy About Monero and Mustard?", and as you say, your phone number or email. I'd honestly rather store my private keys in plain text on my desktop computer than in a brain wallet with such poor security.