15 Year Old Hacks "Unhackable" Cryptocurrency Wallet to Play Doom

cageymaru

Fully [H]
Joined
Apr 10, 2003
Messages
22,061
15 year old Saleem Rashid has hacked John McAfee's "unhackable" Bitfi wallet and used the compromised device to play Doom. There is a $250,000 bounty for anyone that can crack the device and steal the coins. Saleem Rashid didn't get the coins off the device as they are stored in the cloud, so the $250,000 bounty is still available. But he still has one of the coolest and most insecure portable Doom devices on the planet!

Video of the old-school first-person shooter has surfaced on Twitter. Self-described adversarial thinker Saleem Rashid is credited with hijacking it -- a hacking prodigy just 15-years old. Keep in mind, Bitfi's wallet is meant be the world's first 'unhackable' device, supposedly doubling as a secure cryptocurrency storage solution. But as we already know, this is hardly the case.
 
Hacking Mcafee's drunken stoned wasted wallet, probably not that impressive.
 
And the point of hacking a wallet is to get the coins, which did not happen. Pretty pointless exercise.
 
  • Like
Reactions: Rahh
like this
And the point of hacking a wallet is to get the coins, which did not happen. Pretty pointless exercise.
Can't get coins from a device with none on it.

"Whoa, how much money was in it, or what crypto was in it? @officialmcafee better pay that bounty up!"

"None - they have yet to ship any of us a bounty device. So we are utilizing available resources until one finally shows up."

They were getting a feel for the device.
 
considering the amount of b.s these days on the net, especially from the younger ones, i will wait for 3rd party verification.

seems like he just flashed the entire device
 
I bet that he didn't actually hack anything on kernel level, he just bypassed the motherboard hardware and runs the touch screen off an external device.
 
His future really depends on what he does with his talent. Living in Mom's basement and hacking video games is one sad possibility. :rolleyes:
 
I chose to publish this report in lieu of receiving a bounty from Ledger, mainly because Eric Larchevêque, Ledger’s CEO, made some comments on Reddit which were fraught with technical inaccuracy. As a result of this I became concerned that this vulnerability would not be properly explained to customers
Lol, owned.
 
This not a Hack more like upload and executed a custom firmware or rom directly in to device so who care as doom can be run a calculator
 
This not a Hack more like upload and executed a custom firmware or rom directly in to device so who care as doom can be run a calculator

BaghdadBob.jpg
 
Bitfi does have some accolades – well, one. It has just won this years “Lamest Vendor” Pwnie Award, presented to security researcher Ryan Castellucci on its behalf. The Pwnies are a showcase and celebration of the best and worst in information security.

Why? Seems to be working. Oh, right, McAfee...it's apparently OK to be assholes towards him...
 
McAfee: just one drug-fueled murder and everyone says he’s a bad guy... Can’t a guy catch a break?

/s
 
15 year old Saleem Rashid has hacked John McAfee's "unhackable" Bitfi wallet and used the compromised device to play Doom. There is a $250,000 bounty for anyone that can crack the device and steal the coins. Saleem Rashid didn't get the coins off the device as they are stored in the cloud, so the $250,000 bounty is still available. But he still has one of the coolest and most insecure portable Doom devices on the planet!

Video of the old-school first-person shooter has surfaced on Twitter. Self-described adversarial thinker Saleem Rashid is credited with hijacking it -- a hacking prodigy just 15-years old. Keep in mind, Bitfi's wallet is meant be the world's first 'unhackable' device, supposedly doubling as a secure cryptocurrency storage solution. But as we already know, this is hardly the case.
Did he 'hack' as in penetrate to the coin data or did he 'hack' as in re-purposed the device?

Seems like a bait and switch headline.
 
Did he 'hack' as in penetrate to the coin data or did he 'hack' as in re-purposed the device?

Seems like a bait and switch headline.

They already posted there was no key/coins on the device for him to hack.
 
They already posted there was no key/coins on the device for him to hack.
That's a little different. If there was meaningful data could he have gotten past the security? It's like if I found an encrypted drive, erased it and used it to store my vacation photos and then claimed I hacked an encrypted harddrive. No I hacked (barely) a harddrive and did not hack the encryption.
 
That's a little different. If there was meaningful data could he have gotten past the security?

From the sounds of it yes. The tech write up and tweets pretty much imply he got as far as he needed to prove the exploit is more than viable in a number of ways.

He essentially kicked down the door to your house to prove it wasnt secure and left. Getting a buddy to help lift your TV into his van was unnecessary unless he was actually robbing you.
 
There is no proof you robbed Fort Knox without bringing back the gold. Even 1 mBTC would be convincing. This is not.
 
From the sounds of it yes. The tech write up and tweets pretty much imply he got as far as he needed to prove the exploit is more than viable in a number of ways.

He essentially kicked down the door to your house to prove it wasnt secure and left. Getting a buddy to help lift your TV into his van was unnecessary unless he was actually robbing you.
From the article is sounds like broke into the house setup an xbox on the TV is eating their chips and drinking their beer, but the safe is still sitting in the corner untouched.
 
From the sounds of it yes. The tech write up and tweets pretty much imply he got as far as he needed to prove the exploit is more than viable in a number of ways.

He essentially kicked down the door to your house to prove it wasnt secure and left. Getting a buddy to help lift your TV into his van was unnecessary unless he was actually robbing you.

As someone already stated, he left the safe (the secure part) sitting in the corner untouched. He did not "hack" the device in the sense of what the reward was for.
 
From the article is sounds like broke into the house setup an xbox on the TV is eating their chips and drinking their beer, but the safe is still sitting in the corner untouched.

As someone already stated, he left the safe (the secure part) sitting in the corner untouched. He did not "hack" the device in the sense of what the reward was for.

There was no "safe" They have not been given the devices for the hack contest yet. They were simply getting a feel for the house while waiting for the safe to be delivered.
 
From the article is sounds like broke into the house setup an xbox on the TV is eating their chips and drinking their beer, but the safe is still sitting in the corner untouched.

Sorry, I didn't mean the article, I meant his tech write up that was posted earlier. https://saleemrashid.com/2018/03/20/breaking-ledger-security-model/

He outlines a few different options, IIRC one of which was using the MCU to just send the transactions wherever you want without the user noticing. In this case you don't actually need to crack the safe, The user does it for you.
 
There is no proof you robbed Fort Knox without bringing back the gold. Even 1 mBTC would be convincing. This is not.
The point is not what he did or didn't steal. There is much to be said for the kid's character if you go read his blog, nevertheless the thrust of the story is that a supposedly secure technology got handed its ass (and that of he CEO thereof) on a silver platter.

By a kid.

Who's probably smarter than you or I.
 
The point is not what he did or didn't steal. There is much to be said for the kid's character if you go read his blog, nevertheless the thrust of the story is that a supposedly secure technology got handed its ass (and that of he CEO thereof) on a silver platter.

By a kid.

Who's probably smarter than you or I.
No and Maybe. If you have hardware in hand, you can always compromise it to some degree. Since there was nothing there we really don't know if it was still accessible or damaged by the process. I could see a reason to not self-brick. If the device is damaged or even if it stolen, does making the money become inaccessible help you? The security is from it being in your possession.
 
The point is not what he did or didn't steal. There is much to be said for the kid's character if you go read his blog, nevertheless the thrust of the story is that a supposedly secure technology got handed its ass (and that of he CEO thereof) on a silver platter.

By a kid.

Who's probably smarter than you or I.

Teenager publicity stunt, good job for him.
 
No and Maybe. If you have hardware in hand, you can always compromise it to some degree. Since there was nothing there we really don't know if it was still accessible or damaged by the process. I could see a reason to not self-brick. If the device is damaged or even if it stolen, does making the money become inaccessible help you? The security is from it being in your possession.

Then we might as well go back to hiding bullion in the mattress.
 
Sorry, I didn't mean the article, I meant his tech write up that was posted earlier. https://saleemrashid.com/2018/03/20/breaking-ledger-security-model/

He outlines a few different options, IIRC one of which was using the MCU to just send the transactions wherever you want without the user noticing. In this case you don't actually need to crack the safe, The user does it for you.
I think that is a different product.

No and Maybe. If you have hardware in hand, you can always compromise it to some degree. Since there was nothing there we really don't know if it was still accessible or damaged by the process. I could see a reason to not self-brick. If the device is damaged or even if it stolen, does making the money become inaccessible help you? The security is from it being in your possession.
Look at the Ledger example above. Man in the middle attack is a huge issue with products like these.
 
Back
Top