Hi Random8543,
You don't seem to understand Bitfi's security model. Bitfi does not have any private keys. Therefore extraction is not possible. On the other hand all cold storage wallets make it very easy to extract all your money should they be physically seized, lost or stolen. Here the CTO of Ledger himself admits that it is trivial to extract all your private keys:
https://twitter.com/xtcc18/status/1109621986123284480We are extremely aware of all the wallets you mention. However, we believe that you haven't taken the time to understand how Bitfi works.
Thanks for the opportunity to respond.
Again, we repeat, Bitfi is the ONLY wallet that can give you protection from this kind of attack and neither Ledger nor Trezor allow you to have multiple wallets on one device.
I usually dont like jumping into discussions like this but I do want to provide my 2 cents on this message. This message does show that Bitfi (or atleast you) have not used ledger, trezor, keepkey, or similar devices that have a seed along with an additional passphrase, or probably have but just being plain ignorant. Using an additional passphrase will allow one to have multiple wallets all while still remaining protected. Such a thing is not stored on a device thus if someone were to extract the seed from any of those devices, as long as no coins are stored along with the seed itself, nothing is lost. If there is, you only lose whats there but nothing stored with an additional passphrase. Heck, I even use it to have different wallets for different things as if its multiple bank accounts for personal and business use and I trust that more than I would trust bitfi. Heck, I dont even like ledger after what they did with ledger blue but I would prefer that over bitfi honestly.
I would seriously suggest that Bitfi should take their heads out of whatever hole it is stuck in and start doing real research if you all expect to have a good reputation. The "unhackable" claim couldve lead to lawsuits for false advertisement (and honestly surprised there was no class action after the stunt that was pulled after being called out about the issues noted with the device). Speak and operate from a realistic point of view especially if you want the business to survive.
Hi Bob,
This is demonstrably wrong. Bitfi is the most secure wallet because it doesn't even have private keys. Please explain how something could be more secure than such a system where you don't even have anything to steal or extract?
First, we can prove every single one of the claims that we make.
Second, if you want to make an informed opinion rather than just a random angry post like "Bitfi sucks" please see our open source resources at
https://bitfi.dev this is a completely open and transparent system that allows all developers in the world to participate, view the code, and see how every feature works.
Try to keep an open mind rather than spreading misleading information.
Thank you,
Wow.
Not sure if this is a troll post or for real
To anyone reading this and wondering:
The bitfi wallet is probably the least secure wallet in history of BTC. Even android / iOS mobile wallets are more secure than this crap.Better invest your money into a real hardware wallet or buy more BTC and store them on your mobile. But never use a brainwallet (like bitfi is).
It has been repeatedly proven that this wallet is unsecure and not worth a single penny.
Don't listen to empty promises, do your own research.
Hi o_e_l_e_o,
You don't seem to understand some crucial differences. The cold storage hardware wallets store all of your private keys and therefore they are device dependent wallets. Bitfi is not device dependent, it has no private keys (its a private key generator) and therefore you can have an unlimited number of wallets with one device (you can have 1000 if you like) and even share one device among multiple users. So long as the users don't know each other's salt & phrase, no one can access anyone's wallet but their own with their salt & phrase.
You were talking about a torture situation. In this case the hidden account with the 25th word is not that much protection. An attacker who is knowledgable about cryptocurrency will surely demand the hidden account as it is a common feature and they will especially demand it if they know anything about you.
With Bitfi, it is literally impossible to know or suspect if any other wallets exist or have been created with the device. It is true plausible deniability. This is a crucial difference in this kind of situation.
Yesterday we spoke about open source and our open source system is now live and we invite you to come and use it, if you are interested in understanding Bitfi technology better:
https://bitfi.devAgain, you may decide that Bitfi is totally not for you. Thats fine. But at this moment, you do not know enough about this technology to make a truly informed decision.
Finally, yes, the Bitfi wallet does allow you to store millions of dollars, thousands of coins and tokens, and terabytes of data in your brain by knowing a single phrase. Walking around with that in your brain sounds almost like science fiction, except its real. But this is optional and you do not have to use Bitfi this way. It is not a brain wallet for many reasons, but it does give you the best of what a brain wallet can offer should you choose to use it that way.
Thanks,
Bitfi Team
This message does show that Bitfi (or atleast you) have not used ledger, trezor, keepkey, or similar devices that have a seed along with an additional passphrase, or probably have but just being plain ignorant.
This is exactly correct. To claim that Ledger doesn't allow multiple wallets on one device, when I have a Ledger Nano S sitting two feet away from me which has multiple wallets on it, is either a deliberate lie designed to fool potential buyers, or phenomenal ignorance of the basics of hardware wallets. Either way, I wouldn't trust someone who makes such a nonsense statement.
But never use a brainwallet (like bitfi is).
In before a reply saying that their brain wallet isn't a brain wallet because it isn't on a computer or some other nonsense reason.
There is not much more we can say. You are saying our device was hacked, and we are saying yet it was. No disagreement there.
But then you start saying that it was hacked in a way that entitles hackers to $250,000 and that the rules are not clear, please explain what is not clear in these rules:
https://bitfi.com/bountyJust because some hacker is complaining about the bounty rules (perhaps because they wish it was easier) does not mean the rules are not clear or should have been changed. We were clearly simulating a situation where a wallet is stolen from a user and then to test if its possible to steal the user's funds. In this bounty we were not testing to see if a device can be modified without your knowledge and then you use it next time and it gives your information to attacker, that was being tested in this bounty:
https://bitfi.com/bounty2Now you are saying again that passphrases can be extracted from device, even though we already told you nearly half a dozen times that they cannot. This is the equivalent of us taking this article from 2017:
https://medium.com/@Zero404Cool/trezor-security-glitches-reveal-your-private-keys-761eeab03ff8 and using it as proof that ST32F05 chip on Trezor is vulnerable to fault injection. But don't you think that maybe Trezor fixed this or did something about this since 2017?
The memory management and the forensic testing method was disclosed here:
https://twitter.com/TheBitfi/status/1054884530199449600Anyone with advanced tech knowledge can use the same or similar method to attempt extraction to see for themselves. The private key, salt, and phrase are all not detectable at all after a transaction. We have a lot more technical resources coming that scientifically prove all claims being made by Bitfi.
We are really not here to bicker with anyone but rather to collaborate. We probably won't be the only hardware wallet in the world and consumers will always have choices just as they do with smartphones. Some think the iPhone is best and others think that Samsung is best. This argument about which is best will likely never end.
All we want is collaboration and stimulating discussion. We are trying to contribute to the space and actively educate people on Bitcoin. The enemy is on the outside. We don't need to fight on the inside, which just causes the industry to self destruct. All we ask is that you keep an open mind. Scam accusations are very serious, especially when you consider the emotional impact on the developers who have been putting in blood, sweat, and tears into this project and other projects. We shared some thoughts on this here:
https://twitter.com/TheBitfi/status/1113634972840153088We are not asking you to buy our wallet. And we also don't claim to know everything. In fact there is not a single engineer who knows absolutely every single thing about Bitcoin (including Bitcoin developers themselves), there is always something new to learn and discover. These are very complex systems.
We apologize that the previously used word "unhackable" caused so much anger and frustration and we apologize to you personally. Please just give us an opportunity to collaborate with people in this community and provide them with information or data they may want. We are not trying to do anything else.
Thank you,
I'm getting really bored of going round in circles while you simply deny provable facts. For anyone else interested, just search Google, Reddit or Twitter for "bitfi bounty" or "bitfi hack", and read the screeds and screeds of articles and posts which confirm everything I say.
https://rya.nc/bitfi-wallet.htmlYou are completely ignoring the point where we explain that we were trying to describe Bitfi technology that does not store any private keys and therefore it is impossible to steal funds. In other words, if the device is hacked, there would be nothing to take.
This is, yet again, simply not true. I have posted proof above that passphrases can be extracted from the device. I have posted proof that root access can be obtained, allowing a keylogger or similar to be installed and steal the passphrase. Just because it doesn't store private keys doesn't mean the funds can't be extracted when it is this easy to extract the passphrase.
Again, we repeat, Bitfi is the ONLY wallet that can give you protection from this kind of attack and neither Ledger nor Trezor allow you to have multiple wallets on one device.
Both Ledger and Trezor allow you to have as many different wallets protected by as many different passphrases as you want on a single device at the same time. There are literally thousands of users using this set up right now. I've been using this set up since before your awful brain wallet even existed. To claim otherwise is just showing just how ignorant of good crypto security you are.
). So if a $100 consumer device makes extraction impossible why would someone go to such trouble and investment to build this bunker to store private keys? And let's say someone creates a $10,000 cold storage wallet with encryption so high that it indeed takes months for a cyber security firm to break into? Well, thats only valid today. Their technology and tools are rapidly evolving and so if its difficult for them now, they will crack it very quickly in a year or two. So if you bought this $10,000 marvel of technology and you some situation (these situations can and do happen) like a coma, or prison, or any other long absence while your device is out there, it will be just a matter of time before it is cracked just like a $100 device today. 
