Bitfi wallet - most user-friendly functionality, does not store private keys

[o_e_l_e_o]

We will just leave you with this. Ever heard of Cellebrite? Yeah, the same company that helped FBI unlock the iPhone of the San Bernadino terrorist. They charge exactly $2,500 to do data extraction from any device and it takes them minutes, all they need is a court order from law enforcement. If you are naive enough to believe that a $100 toy is going to stop them from getting all your money, then you can keep believing that.

If you are naive enough to think hacking an iPhone is equivalent to breaking the encryption on a secure element in a Ledger, I don't know what else to say. This was actually spelt out in by the Ledger CTO in the screenshot you provided in your last post. I guess you didn't understand the difference.

I would kindly suggest that if you do have a "team of engineers" working on this "all day, every day" as you claim, then you choose one of them to take control of your Twitter, Reddit and Bitcointalk accounts. No one is going to take you seriously or buy your device when you consistently demonstrate such a poor understanding of crypto security.

[TheBitfi]

Hi o_e_l_e_o,

This is just getting silly. You continue to claim that you are an expert in security and that we apparently know nothing about security even though we are a manufacturer of a security product.

We never said that breaking into an iPhone is the same as breaking into a Ledger. Right? So why are you speculating that this is what we think?

Actually, it is much easier to break the encryption on a hardware wallet than it is to break into an iPhone, especially one running iOS12.

You are aware that every week law enforcement seizes Bitcoin and other cryptocurrencies in criminal investigations and then later auctions them off (and this is just in the USA). How do you think law enforcement seizes this Bitcoin? You think criminals (or wrongly accused innocent people) just leave their private keys printed out on their desk? No. All this Bitcoin is seized from hardware wallets.

Here is an actual law enforcement guide describing how seizure is made from hardware wallets: http://www.iacpcybercenter.org/wp-content/uploads/2018/03/Bitcoin.pdf - look at pg. 13 - "For an officer seizing the property of a suspect, it is sufficient to secure the hardware wallet and get it into the hands of an IT specialist as soon as possible." And this is just a local law enforcement guide (like sheriff or police) using an internal IT department. Which doesn't even come close to the capabilities of federal agencies like FBI, CIA, and NSA. In addition, an internal IT department of local law enforcement is basically like a garage compared to the labs at Celebrite and other companies in CyberSecurity.

Even teams like wallet.fail are able to extract private keys from both Ledger & Trezor (as they demonstrated just a month ago) and they do not have anything close to the capabilities of the big CyberSecurity firms.

While our engineers indeed don't participate in any social media discussions (if you want to interact with them, go to https://bitfi.dev) we do correspond with them when they have time.

What you are doing is misleading other people in the community and giving them (and yourself) a false sense of security. We never said that cold storage hardware wallets are not secure, they are extremely secure as protection from online attacks, because the private keys are not online. This is exactly what cold storage hardware wallets were designed for and they do it well. All we are saying is that Bitfi is different because it protects users from online and offline attacks. We didn't think the world needed yet another cold storage hardware wallet, there are plenty of good ones. We are pursuing something else.

But if you would instead of trying to mock and ridicule us, tried to actually have a constructive discussion it would be better for the community. That's all we are trying to do.

Bitfi Team

[bones261]

      @Bitfi, I'm not sure about Ledger, but the Trezor doesn't store your private keys. It only stores the seed. If you enable the passphrase function on a Trezor, they may be able to get the seed, but they need the correct password to generate the correct wallet. This passphrase is not stored on the Trezor. In fact, you can have multiple wallets with various amounts of coins. Therefore, your product doesn't have much of an advantage in this situation compared to your competitor. However, enabling a passphrase is only an opt-in only option on Trezor. I suspect many users don't bother with it.

[o_e_l_e_o]

If you enable the passphrase function on a Trezor, they may be able to get the seed, but they need the correct password to generate the correct wallet. This passphrase is not stored on the Trezor. In fact, you can have multiple wallets with various amounts of coins.

Exactly correct, and by using a passphrase you also completely prevent the advanced laboratory physical attacks on the device that this Bitfi account currently seems to be hung up on. Not that these facts will make any difference to their argument, since according to them, this functionality doesn't even exist (despite it currently being in use by thousands of users):

Again, we repeat, Bitfi is the ONLY wallet that can give you protection from this kind of attack and neither Ledger nor Trezor allow you to have multiple wallets on one device.

[TheBitfi]

Hello bones261 & o_e_l_e_o,

You are mistaken. There is a tremendous difference between Bitfi and all other wallets. Again, if we are talking about Trezor it is “cold storage” which means it is literally storing all your access to your money. The Bitfi is storing nothing, extraction is not possible.

Here are things that happened to Trezor in just the last few weeks. And these are proven attacks with method disclosed, not random twitter posts:

https://www.reddit.com/r/TREZOR/comments/aa2dl3/these_guys_just_demonstrated_key_extraction_of/?utm_source=share&utm_medium=ios_app

https://cryptoslate.com/ledger-reveals-five-vulnerabilities-in-competitor-trezors-wallets/

https://blog.adafruit.com/2018/06/07/extracting-the-private-key-from-a-trezor-bitcoin-wallet-with-a-70-oscilloscope/

https://cointelegraph.com/news/trezor-responds-to-ledger-report-on-vulnerabilities-in-its-hardware-wallets

You will notice in the last article Trezor themselves tells you to prevent physical access to your device: As per Trezor, none of them can be exploited remotely, as the attacks described require “physical access to the device, specialized equipment, time, and technical expertise.”

And o_e_l_e_o, when we told you that Bitfi is the only wallet that can protect you in the situation where you are being tortured, you dismissed it as nonsense due to our apparent lack of knowledge about anything security related. Well in the same article Trezor themselves makes a statement: “Furthermore, Trezor noted that a “$5 wrench attack” — a targeted theft when the user is forced by intruders to disclose his password — cannot be prevented by a hardware barrier set by the manufacturer.”

Finally, as you can see in all these articles both Ledger and Trezor have a counterfeiting problem which is particularly severe for Trezor. Bitfi is also the only hardware wallet that is virtually impossible to counterfeit. If you are interested in understanding why, we are happy to explain.

Bitfi Team

[bones261]

@Bitfi

Did you actually read the reddit thread you cite?

From the reddit thread the title is this.

These guys just demonstrated key extraction of @trezor. #35c3 Using a passphrase only way to prevent this attack.

As I posted earlier, if you use a passphrase, the attack can't happen. Also, it appears that the extraction of private keys while the device is calculating them has been corrected over a year ago. Now the device doesn't start the calculation until after the PIN is entered. Furthermore, this wouldn't happen if you used a passphrase anyway, since the calculation of the private keys for the wallet you are using will not begin until after you entered the passphrase.

Now, please advise us exactly how your device is counterfeit proof.

[TheBitfi]

Hi bones261,

That PARTICULAR attack can't happen. They demonstrated one method of extraction. So this method won't work if there is a passphrase. But let's just be realistic here, all stored data in all systems is extractable. The top name in cyber security is Cellebrite but there are many similar firms that are not as well known. They are able to extract data from very sophisticated and highly secure systems that cost thousands if not millions of dollars. Ask yourself, do you really believe that a $100 consumer device that stores data will prevent this data from being extracted?

These are the lengths that people go to in order to keep their private keys secure: https://qz.com/1103310/photos-the-secret-swiss-mountain-bunker-where-millionaires-stash-their-bitcoins/ - an underground military bunker with millions of dollars worth of equipment (they obviously built this monstrosity before Bitfi existed, because Bitfi eliminates the need for this  ). So if a $100 consumer device makes extraction impossible why would someone go to such trouble and investment to build this bunker to store private keys? And let's say someone creates a $10,000 cold storage wallet with encryption so high that it indeed takes months for a cyber security firm to break into? Well, thats only valid today. Their technology and tools are rapidly evolving and so if its difficult for them now, they will crack it very quickly in a year or two. So if you bought this $10,000 marvel of technology and you some situation (these situations can and do happen) like a coma, or prison, or any other long absence while your device is out there, it will be just a matter of time before it is cracked just like a $100 device today.

So we just took an elegant approach to this whole problem, rather than building more and more encrypted systems to store things that become obsolete over time, steel metal plates, fancy vaults, etc. we just created a device that doesn't store anything at all (except the operating system of course). Its a logical fallacy to think that an attacker (even an attacker with unlimited resources) can extract data that doesn't exist in the first place.

We are not trying to smear other wallets. These cold storage tools were initially created to prevent online hacking. For many people this is adequate. But its important to understand what your wallet can and cannot do. And after you understand it all, you may very well conclude that you don't need a tool like Bitfi. Also, the reason Bitfi technology is this way has to do with our beliefs about society, freedom, and privacy. We believe that no government should be able to seize your money any more than your water or oxygen. We think the government exercises abuse of power and that most governments are corrupt. In addition, surely Satoshi himself intended for Bitcoin to be unseizable and so we created an unseizable wallet which is congruent with the philosophy of Bitcoin and blockchain in general.

Now regarding counterfeiting. The reason that it is easy to counterfeit cold storage wallets like the one you have is because their software is completely open source and so anyone can just make an identical looking device and install this software and then you have a Trezor. The counterfeits are so good that sometimes the manufacturer themselves can't tell them apart from their genuine inventory. So lets say you want to counterfeit 10,000 units. You make 10,000 devices and then install the open source software on all of them and you are done.

With Bitfi however, each device is running a different package. To understand this, we have attached an image of two Bitfi devices side by side:

https://imgur.com/Phiy8tp

As you can see, each Bitfi has a unique Device ID. This means no two Bitfi's are the same. The Device ID is generated from devices internal private key which is stored in TEE. If someone managed to somehow obtain this private key (this private key has nothing to do with any of your funds, its strictly a private key assigned to the device itself), and decided to make 10,000 units (which they could because our code is also completely open source) they would then produce 10,000 Bitfi's which would all have the same Device ID. You are not going to be able to sell those and this is the last thing that a counterfeiter would want to do because all units are going to be returned by a swarm of angry customers.

Thank you,

Bitfi Team 

[bones261]

Hi bones261,

We are not trying to smear other wallets. These cold storage tools were initially created to prevent online hacking. For many people this is adequate. But its important to understand what your wallet can and cannot do. And after you understand it all, you may very well conclude that you don't need a tool like Bitfi. Also, the reason Bitfi technology is this way has to do with our beliefs about society, freedom, and privacy. We believe that no government should be able to seize your money any more than your water or oxygen. We think the government exercises abuse of power and that most governments are corrupt. In addition, surely Satoshi himself intended for Bitcoin to be unseizable and so we created an unseizable wallet which is congruent with the philosophy of Bitcoin and blockchain in general.

   Wouldn't the government's courts be able to compel you to give up your passpharse as a condition of your plea deal? I suppose that this only protects you if you are exonerated or are willing to go to trial and risk a more harsh sentence.

Now regarding counterfeiting. The reason that it is easy to counterfeit cold storage wallets like the one you have is because their software is completely open source and so anyone can just make an identical looking device and install this software and then you have a Trezor. The counterfeits are so good that sometimes the manufacturer themselves can't tell them apart from their genuine inventory. So lets say you want to counterfeit 10,000 units. You make 10,000 devices and then install the open source software on all of them and you are done.

With Bitfi however, each device is running a different package. To understand this, we have attached an image of two Bitfi devices side by side:


As you can see, each Bitfi has a unique Device ID. This means no two Bitfi's are the same. The Device ID is generated from devices internal private key which is stored in TEE. If someone managed to somehow obtain this private key (this private key has nothing to do with any of your funds, its strictly a private key assigned to the device itself), and decided to make 10,000 units (which they could because our code is also completely open source) they would then produce 10,000 Bitfi's which would all have the same Device ID. You are not going to be able to sell those and this is the last thing that a counterfeiter would want to do because all units are going to be returned by a swarm of angry customers.

Does the device not function properly without a valid device ID? I thought that you assured me earlier that I could still access my coins if your company went defunct and my device is on the fritz. Also, if my device is no longer functioning, am I going to not be able to access my coins until I get a replacement? Furthermore, what is to prevent the counterfeiter from simply making their own user ids and providing instructions to go to their similar looking web page? Also, why would this counterfeiter care about angry customers? If they sold 10000 units, I'm sure they would get a few suckers to steal from and then make a proper exit scam. Furthermore, when I am going to buy a hardware wallet or similar device, I'd prefer to buy this straight from the manufacturer. Buying from anyone else is just asking for trouble.

[TheBitfi]

Hi bones261,

Thank you for asking these thoughtful questions and having a civil discussion with us. Maybe other people will read this and learn a bit about what Bitfi is doing.

1) Wouldn't the government's courts be able to compel you to give up your passpharse as a condition of your plea deal? I suppose that this only protects you if you are exonerated or are willing to go to trial and risk a more harsh sentence.

There are hundreds of governments at country level and millions at state and city level. We are not just considering the conditions in the USA. The bottom line is that Bitfi makes you into your own bank. So what you do is entirely up to you. But what matters is that you have that choice to decide what you will or will not do and what you will or will not agree to. You have the leverage. One of the biggest abuses of power in the United States is that the government puts a freeze on your assets and your close relatives assets (lets say you are a really good person but you imported a container of mangos under the wrong license). The reason they do this is because then you don't have funds to hire an attorney and you are going to get a court appointed clueless lawyer fresh out of law school which pretty much guarantees a win for the government and a long prison sentence.

This is a violation of your Sixth Amendment rights of the US Constitution which states “in all criminal prosecutions, the accused shall enjoy right to have assistance of counsel for his defense.” But this has become nothing more than empty words. Cryptocurrency is so important because it restores people's constitutional rights. Secondly, we often get accused of things like "you are making technology that helps criminals!" Well, all technologies help criminals including encrypted communications, internet, boats, airplanes, etc. If we blocked every technology that helps crime, we would still be riding horses (although it can be argued that even horses can be used in criminal activity).

2) Does the device not function properly without a valid device ID? I thought that you assured me earlier that I could still access my coins if your company went defunct and my device is on the fritz. Also, if my device is no longer functioning, am I going to not be able to access my coins until I get a replacement? Furthermore, what is to prevent the counterfeiter from simply making their own user ids and providing instructions to go to their similar looking web page? Also, why would this counterfeiter care about angry customers? If they sold 10000 units, I'm sure they would get a few suckers to steal from and then make a proper exit scam. Furthermore, when I am going to buy a hardware wallet or similar device, I'd prefer to buy this straight from the manufacturer. Buying from anyone else is just asking for trouble.

It's important to understand that Bitfi is not a storage device. It is a computing device, a private key generator. Therefore it is not a device dependent wallet. The Bitfi device you see in pictures is not the wallet and neither is the Dashboard interface. The wallet is quite literally your salt & phrase. It is irrelevant what happens to your device. The reason each device has a unique ID is because it tells the Dashboard which device to send requests to. It works like this: lets say you want to send some Bitcoin; in your Dashboard you click send and in the send window you enter address you are sending to and the amount (lets say 1 Bitcoin), as soon as you press "submit" your device instantly receives a pop-up asking you for your salt & phrase. When you enter your salt & phrase the device then calculates the private key for that currency, signs with the key, and then transmits the approval to the blockchain. The private key instantly dissapears. So this is the sole purpose of the Device ID. If you had 10,000 devices with the same Device ID then when you do this, all 10,000 would get this pop-up request. It would be unusable and all developers around the world would see it happening immediately. Here you can see on our open source platform, we have a transparent web service which is a real time stream of each devices activity: https://bitfi.dev/NoxMessages/History.aspx?NOXWS=ServiceEvents you can see that each device has a unique public key. So since the platform is open to developers all over the world, everyone would see instantly that there are multiple devices with the same ID being used and then many frustrated users getting pop-up requests they didn't initiate.

If a counterfeiter creates an entire infrastructure to not only make the devices but even the Dashboard the devices work with, then this would not work at all because to log into the Bitfi Dashboard you need to go to https://bitfi.com/knox. So if you are being asked to go to any other URL, its pretty obvious that you are being scammed.

Finally, if no device is available at all you would just use the recovery tools to generate all your private keys with your salt & phrase and then import them into any other wallet. These tools can be downloaded on https://www.btknox.org and many other places. We show here how easily this is done: https://twitter.com/TheBitfi/status/1111434686645960707

So you are not dependent on any device and you are not dependent on Bitfi in any way. You are your own bank. Thanks again,

Bitfi Team

[HCP]

If a counterfeiter creates an entire infrastructure to not only make the devices but even the Dashboard the devices work with, then this would not work at all because to log into the Bitfi Dashboard you need to go to https://bitfi.com/knox. So if you are being asked to go to any other URL, its pretty obvious that you are being scammed.

Ask the Electrum devs how good users are at "checking if the URL is correct"...

Finally, if no device is available at all you would just use the recovery tools to generate all your private keys with your salt & phrase and then import them into any other wallet. These tools can be downloaded on https://www.btknox.org and many other places. We show here how easily this is done: https://twitter.com/TheBitfi/status/1111434686645960707

Do you have (or are you planning to release) Linux and MacOSX versions of the recovery tools? As far as I can see... all that is available is a couple of Windows .exe/.dll binaries?

Also, given these tools are available from "many other places", are these recovery tools digitally signed, or is there any other way to verify that they are legitimate and not malware or fake versions designed to simply steal passphrases+salts?

So you are not dependent on any device and you are not dependent on Bitfi in any way. You are your own bank. Thanks again,

Except for the fact that you need some executable Windows binaries, developed I assume by Bitfi, to recover your funds should your device be unusable for whatever reason... is that correct?

[TheBitfi]

Hi HCP,

1) Ask the Electrum devs how good users are at "checking if the URL is correct"...

This is true. Ultimately someone will get scammed, especially if they are not careful. We hope that our comments are not misinterpreted to mean that we believe that we have perfect or foolproof systems. Far from it. If we did, we can just send all the engineers home, yet our development is ongoing and only just beginning. But since it is impossible to evaluate a product in a vacuum, competitors products are used as a frame of reference. So to clarify, we are simply saying that it is much more difficult to counterfeit Bitfi compared to other hardware wallets and it is much more difficult for a counterfeiter to sell them. We are not saying it is impossible. It is just not worth the effort for counterfeiters.

2) Do you have (or are you planning to release) Linux and MacOSX versions of the recovery tools? As far as I can see... all that is available is a couple of Windows .exe/.dll binaries? Also, given these tools are available from "many other places", are these recovery tools digitally signed, or is there any other way to verify that they are legitimate and not malware or fake versions designed to simply steal passphrases+salts?

Yes, we will release MacOSX version. Linux not sure, will have to ask. We are sorry for the inconvenience and that it is only available for Windows at this time.

Yes the tools are digitally signed. For instance, The MD5 Hash for ToolV2.exe is: MD f422c50d68b9fe1435892523a6af6580 or SHA256:   1926c3af7566efc4ce8b1405dc71c77e6c699f80e864c41391cefe469f4d3273.

However, even if the tools were not digitally signed, you operate the program offline. If its not running the correct algorithm it just wouldn't generate the correct private key. So the only danger would be that it has malware designed to steal users salt & phrase when they reconnect to the internet. For this reason we have dozens of warnings on this website: https://www.btknox.org


3) Except for the fact that you need some executable Windows binaries, developed I assume by Bitfi, to recover your funds should your device be unusable for whatever reason... is that correct?

We recommend that users download and save a copy of these recovery tools and keep them in many places. And of course thousands of other Bitfi users have done the same. So there will always be a copy out there to generate your private keys should devices not be available. All you ever need is your salt & phrase.  

4) We thought this might be of interest to bones261 & o_e_l_e_o: https://twitter.com/danheld/status/1116326374166364160 People underestimate how many innocent people are affected by this every day and this is what is fueling the development of Bitfi.

Thank you,

Bitfi Team

[o_e_l_e_o]

“Furthermore, Trezor noted that a “$5 wrench attack” — a targeted theft when the user is forced by intruders to disclose his password — cannot be prevented by a hardware barrier set by the manufacturer.”

This is true of all storage methods, including all hardware wallets and also including your brain wallet.

Its a logical fallacy to think that an attacker (even an attacker with unlimited resources) can extract data that doesn't exist in the first place.

There is literally video evidence I provided higher in this thread of an attacker extracting the passphrase from one of your devices.

The bottom line is that Bitfi makes you into your own bank.

This is true of any wallet which isn't a web/exchange wallet, not just Bitfi.

If you had 10,000 devices with the same Device ID then when you do this, all 10,000 would get this pop-up request.

This seems like a pretty big flaw to me. So you are saying it is possible for an attacker with the same Device ID to spam fraudulent requests, and they would all get pushed to my device? So when I try to make a transaction, an attacker with the same Device ID could quickly try to make a different transaction, it would be pushed to my device, and I could end up signing it by mistake?

If a counterfeiter creates an entire infrastructure to not only make the devices but even the Dashboard the devices work with, then this would not work at all because to log into the Bitfi Dashboard you need to go to https://bitfi.com/knox. So if you are being asked to go to any other URL, its pretty obvious that you are being scammed.

If this were true at all, phishing sites would simply not exist. You again demonstrate a lack of understanding surrounding basic security and attacks.

[TheBitfi]

Hi o_e_l_e_o,

Good to hear from you again.

1) This is true of all storage methods, including all hardware wallets and also including your brain wallet.

Yes, this is true of all storage methods and all hardware wallets, except Bitfi. First, as already explained Bitfi is not a brain wallet. Here is a brain wallet: https://keybase.io/warp/warp_1.0.9_SHA256_a2067491ab582bde779f4505055807c2479354633a2216b22cf1e92d1a6e4a87.html - as you can see all it does is generate one Bitcoin address, it does not have any way to send coins, it has no way to view your balances, it does not show your transaction history, it does not allow you to sign messages with your private key, it does not lets you store an unlimited number of coins, tokens, and files under a single salt & phrase, and so on. Calling Bitfi a brain wallet, is like saying that a car is just a horse that can go slightly faster.

Second, the Bitfi device is just a private key generator. So it is impossible to know if a user has 10 wallets or even has a wallet at all. Its like finding a Texas Instruments calculator. A thief cannot target you because it is impossible for him to know what you have or don't have. We want to again make it clear that we are not saying our method has reached perfection. Some people, even if they have set proper protections from a wrench attack, if they are easily frightened and have a gun to their head they will panic and give over all the information anyway. But the ones who are a little calmer can give the attacker a wallet they specifically created for this situation so the attacker thinks they cleaned them out. There is just no way to know about any other wallets and it pointless for thief to take the device itself since it has no data.

2) There is literally video evidence I provided higher in this thread of an attacker extracting the passphrase from one of your devices.

First, as we have indicated already several times this vulnerability has been fixed. Second, the passphrase that was extracted was one that the hacker himself set and retrieved in an evil made attack. It works like this: you have a Bitfi Wallet, then some experienced hacker breaks into your house while you are away and then injects the device with code, and then when you use it next he will get your passphrase. This is not the same as taking a wallet you have used previously and then extracting the passphrase. This relies on capturing your passphrase when you use it next (assuming you don't know it has been modified). But again, we can show your hundreds of attacks on the wallets you currently use in the last few years but you won't accept them as evidence that your wallet has these issues because your will rightfully think that probably the manufacturer fixed these vulnerabilities when they were discovered. So why keep saying over and over again that you have proof of something from a year ago? We have same proof of your wallet but a hundred times over. We are not denying that the evidence you presented is real (despite the fact that the person who presented this never disclosed any reproducible method). We are telling you that devices that people are using today, do not have this vulnerability including the people who purchase the very first batch of devices. Why do you keep repeating over and over that this can be done on our wallet because of vulnerability found a year ago? It has been fixed. Really, it has been fixed.

3) This is true of any wallet which isn't a web/exchange wallet, not just Bitfi.

Yes. You are right. We are just trying to take this a bit further. Your current bank can be seized by the government, that much we are sure you understand. Bitfi cannot be seized.

4) This seems like a pretty big flaw to me. So you are saying it is possible for an attacker with the same Device ID to spam fraudulent requests, and they would all get pushed to my device? So when I try to make a transaction, an attacker with the same Device ID could quickly try to make a different transaction, it would be pushed to my device, and I could end up signing it by mistake?

It doesn't work like that at all. If someone pushes a request to your device from their Dashboard (because they know your device ID, which is ok for them to know) your device will receive a pop-up requesting salt & phrase. But the request is for the wallet of the individual that pushed the request (lets say to send 1 BTC), so then the only way for that BTC to go out is for you to sign the request with HIS/HER salt & phrase. And even if you knew this random individuals salt & phrase (which of course you don't) and signed with it, all it would do is send THEIR BTC out, not yours. If you somehow get confused and actually sign that request with your salt & phrase you will get an error because the private key the device would generate is not the correct private key for that persons wallet. In other words, in this whole exercise, nothing you do (even if you are very sloppy and confused) would result in any loss of funds to you.

5) If this were true at all, phishing sites would simply not exist. You again demonstrate a lack of understanding surrounding basic security and attacks.

We think you are twisting words. Obviously what we are saying is that it is a massive undertaking to not only counterfeit the device, but then to also build the entire infrastructure around it so that everything works exactly the same, all in the hopes that some very clueless person goes to a different URL and actually sets up this fake wallet and uses it. Phishing attempts are looking for a quick way to scam someone. Like gain access to some account on some website. Because its easy, inexpensive, and you can target many people at the same time. But to set up the entire infrastructure, manufacture an identical device, make it work in an identical way, basically spend millions of dollars on development then set-up distribution for people to buy this device all in the hopes that a few individuals get duped into creating their wallet on the wrong URL is far fetched. We are not saying it's impossible. But its about as likely to happen as Craig Wright admitting he is not Satoshi Nakamoto.

[o_e_l_e_o]

Yes, this is true of all storage methods and all hardware wallets, except Bitfi.

You are still wrong here. Bitfi is just as vulnerable as any other hardware wallet. I don't know how many other ways I can try to explain this.

it is impossible to know if a user has 10 wallets or even has a wallet at all.

This is true of Ledger and Trezor devices as well. Owning a Ledger/Trezor doesn't guarantee a wallet is on it, and with the use of passphrases, I could have 100 different wallets on the same Ledger/Trezor at the same time.

But the ones who are a little calmer can give the attacker a wallet they specifically created for this situation so the attacker thinks they cleaned them out.

Again, this is true of Ledger and Trezor.

I honestly cant fathom why you keep claiming Bitfi is the only device with this functionality, when both Ledger and Trezor had this functionality before your device even existed.

[TheBitfi]

1) You are still wrong here. Bitfi is just as vulnerable as any other hardware wallet. I don't know how many other ways I can try to explain this.

Well all the ways you have explained so far have been false because you are using vulnerability from a year ago to demonstrate your point. But how is it just as vulnerable now? Let’s assume for a moment, if you are willing to keep an open mind, that we are not lying about fixing those vulnerabilities. Then what specifically would you point out that makes it just as vulnerable?

2) This is true of Ledger and Trezor devices as well. Owning a Ledger/Trezor doesn't guarantee a wallet is on it, and with the use of passphrases, I could have 100 different wallets on the same Ledger/Trezor at the same time.

We already discussed the 25th passphrase option at length. There is just a lot more to it. One of the wallets you cite the 25th word or phrase is entered into a computer (where it’s acting like a hot wallet on top of a cold storage wallet) and in the second device the 25th word is auto generated and on device itself making it accessible via a second pin code. And there is much more to take into consideration. We are not here to trash other wallets. We think that these cold storage device and the companies behind them are doing a wonderful job with their specific solution. We are providing an entirely different technology. We are not asking you to use the Bitfi Wallet. But it would be nice to engage in constructive discussion where we both learn something (we don’t know everything, obviously). There is a lot more to security than just what we are discussing here.

3) I honestly cant fathom why you keep claiming Bitfi is the only device with this functionality, when both Ledger and Trezor had this functionality before your device even existed.

Please note that the Bitfi device does not have any data at all. No seed, no private keys, nothing to ever recover, nothing to ever download or install, and many other things. The security mechanism of Bitfi is also completely different. It may not be for you. Not everyone has an iPhone. It’s a good product but some people just love their Blackberry.

[o_e_l_e_o]

Then what specifically would you point out that makes it just as vulnerable?

I was referring to a $5 wrench attack. Every wallet, every hardware wallet, every brain wallet, is vulnerable to a $5 wrench attack, yours included. Using multiple passphrases like you can on a Ledger or Trezor can help to mitigate it, but your wallet is not invulnerable to it as you claim.

We already discussed the 25th passphrase option at length. There is just a lot more to it. One of the wallets you cite the 25th word or phrase is entered into a computer (where it’s acting like a hot wallet on top of a cold storage wallet) and in the second device the 25th word is auto generated and on device itself making it accessible via a second pin code

Again, that's not accurate. On my Ledger I choose my passphrase myself, it is not stored on the device, I only enter it in to the device and not a computer, and I don't use a second PIN code. I have multiple passphrases unlocking multiple wallets.

[TheBitfi]

We understand what you are saying. But we are not sure if you understand what we are trying to say. This sheds some light on the issues we have been discussing: https://ciphertrace.com/ledger-bitcoin-wallet-hacked/

[o_e_l_e_o]

We understand what you are saying. But we are not sure if you understand what we are trying to say. This sheds some light on the issues we have been discussing: https://ciphertrace.com/ledger-bitcoin-wallet-hacked/

This says nothing about the points you have been making, namely that Bitfi is immune to a $5 wrench attack and the only wallet that can store multiple wallets at once, neither of which are true.

That article simply documents a supply chain attack on Ledger. All wallets, yours included, are vulnerable to supply chain attacks. Ledger have long ago addressed this (https://www.ledger.com/2018/03/20/firmware-1-4-deep-dive-security-fixes/), showing that private keys were never at risk, and patching the exploit regardless.

[bob123]

o_e_l_e_o, please..  don't feed the troll.

The majority of this community knows what 'kind of wallet' the bitfi wallet is.
Only newbies without much information and people who want to find another vulnerabilities are going to buy a bitfi wallet.

Here is not the right place to inform newbies about why this wallet is one of the worst possible ideas to be used for crypto.


They are obviously not capable of understanding (or ignoring) each logic argument.
They will never admit that their wallet is broken by design (and additionally implemented badly). It is just a waste of time.

[o_e_l_e_o]

I know you are right, but I would hate for all their nonsense to go uncorrected and even one newbie lose their funds to this device. When they open the thread with phrases like "stealing from it [is] impossible" and it "surpasses all other hardware wallets", it is obvious they are targeting newbies who don't know any better. It is obviously false to the majority of the community, as you say, but the majority of the community is not their target audience.