After claims of being 'unhackable' bitcoin wallet Bitfi has now surrendered the claim. In a tweet Bitfi it will no longer use the 'unhackable' claim in promotional material.
The turnaround for Bitfi appears to be aimed at salvaging their reputation amid the controversy. Bitfi has not indicated whether or not security researchers and others who managed to hack the Bitfi wallet would be awarded the $250,000 bounty. Interestingly, the bounty program has also been discontinued.
Bitfi has announced intention to begin a new bounty program through HackerOne.
Security researchers using the name ‘THCMKACGASSCO' were able to break into the hardware wallet. Security researchers Ryan Castelluci and Saleem Rashid were able to extract two unique values needed to steal funds from the wallet. The researchers determined that the values were left in the devices memory longer than the manufacturer claimed exposing the vulnerability.
Bitfi has announced that they will be hiring an experienced security manager to verify the claims of security researchers. Though Twitter commentors were quick to say this move was lacking and that a recall of the hardware is required. As of now, Bitfi has no intention of issuing a recall but rather attempting to fix vulnerabilities via software updates.