U.S.-based tech company Bitfi witnessed scrutiny following the launch of its hardware wallet and bounty program. After being implicated in a dispute on social media where several hackers and security professionals claimed they hacked the Bitfi wallet, the company has shed light into the event and has released a new model DMA-2.
These security professionals discovered a vulnerability wherein the private key remained in memory for some time which was not ideal, according to Bitfi. The company has since made updates to clear memory instantaneously to meet the advertised claim that private keys do not exist on the device.
In an official statement, Bitfi officials mentioned:
“Unlike other wallets that store all private keys permanently, one of the core innovations of the Bitfi wallet is that it does not store private keys and instead calculates them at the time of transaction thereby dramatically enhancing security…With the latest update (V97) all Bitfi wallets do not keep a private key in memory at all upon completion of a transaction. In fact, no information exists in memory long enough to even be measured with forensic tools.”
Whilst there were numerous attacks on the Bitfi wallet hardware, no one has ever succeeded in getting any funds. To demonstrate this security model the company opened up its bounty to allow hackers to attack its entire infrastructure. In an official statement, the company indicated that they “expressly include permission to use ANY attack vector to hack into the Bitfi wallet, including any of our servers, nodes, & infrastructure”. This statement combined with the $250,000 bounty resulted in the best and the brightest security researchers around the world working to find weaknesses in the wallet. The reason that no one succeeded in extracting funds lies in the underlying technology which is a completely new innovation.
A Hardware Wallet for Crypto 2.0: Going Beyond Cold Storage
Prior to the introduction of Bitfi and the subsequent Bitfi DMA-2, there were only two methods to store digital assets. One is the use of hot wallets which work on devices connected to the internet and are considered unsafe for large holdings. The second method is cold storage which can be achieved with the use of a paper wallet, hardware wallet, or dedicated computer that is never connected to the internet. Cold storage is a method of storing private keys in a secure offline environment where hackers cannot get them. However, even cold storage has numerous limitations and weaknesses. Even though an online attack is not possible, someone who gains physical access to these devices either through theft, loss, or seizure can obtain all of the private keys through various forensic techniques.
In the case of cold storage the user also becomes device dependent; since all private keys are on the device itself the loss of this device could mean a total loss of funds and the only failsafe is wallet recovery with the 24-word mnemonic seed. It is unrealistic that wallet users can memorize 24 random words and so when unexpected events occur such as a fire, flood, robbery, earthquake, war, etc. your crypto holdings are wiped out. There are other scenarios wherein someone traveling with their wallet could have it seized or stolen and then all private keys are quickly extracted, especially if it is a government seizure.
In addition to these security concerns, users of hardware wallets are required to continuously install firmware updates which require complicated steps which make the wallet prone to user error. If numerous firmware updates are skipped the device will either malfunction or become a brick and require a full restore. This creates anxiety and frustration. There is a general feeling when using traditional hardware wallets that a more definitive solution is needed to give cryptocurrency investors complete peace of mind and total protection that does not change with time or weakens as hacking technologies evolve.
To address these shortcomings Bitfi has developed a new technology that is a new milestone in security and now offers the blockchain community a third option. It is neither a hot wallet or cold storage. Rather, Bitfi does not store anything at all. This wallet offers the most elegant and timeless solution yet for the safekeeping of digital assets. Instead of storing all your private keys on a device, Bitfi uses a deterministic algorithm to calculate the private key from the user’s secret phrase. Effectively this means that the private key (anyone in possession of the private key controls the funds) only comes into existence for a split second to sign the transaction and then instantly disappears. This is clearly not only unique but there is no way to think of any feasible way to steal private keys that don’t exist in the first place. It is a logical fallacy to think that something that doesn’t exist can be stolen.
This approach to security challenges the holy grail standard set by cold storage and is something that cryptocurrency investors should consider. The moment funds are transferred to a Bitfi, the device itself is no longer a wallet since it contains no data. Having the device lost, seized, or stolen becomes all but irrelevant and has not bearing on the safety of funds. If the user chooses to memorize the secret phrase, it can be said that all of the storage of funds occurs in the brain since there is no other trace of the private key or any other data anywhere. This also means that as time passes and technology evolves and new hacking methods are developed, at any time in the future we can conclude with certainty that it will always be impossible to steal private keys that don’t exist.
The Bitfi also has a unique advantage in that it does not require the user to ever download or install anything at all. The device updates itself whenever new features or support for new currencies are added the wallet. This eliminates the typical anxiety that users experience with hardware wallets and allows them to interact with the blockchain in an intuitive manner via Bitfi’s user-friendly interface.
The last few generations of hardware wallets have added some things to their mix of features. While there are incremental improvements, ordinary hardware wallets are permanently locked into the ecosystem that requires physical storage of private keys. With Bitfi cryptocurrency and blockchain investors have a new tool to secure their assets and interact with the blockchain that is a significant leap to any other existing methods. This is good for the adoption of blockchain and the entire community.