Topic: Casascius' Physical Bitcoins Cracked at Defcon (Read 2499 times)
The adhesive used in these tamper resistant holograms can be softened using hair dryer or hot air soldering iron. While heated with steady hands they can be peeled off and replaced without damaging the hologram or requiring additional application of adhesive afterwards. I think the same applies to Casascius coins but I never attempted to do it on them.
From the OP:
Really? Can't anyone who bought coins from third parties simply verify their coins' balances on Block Explorer? And if you're buying one from a third party, verify the balance before you buy it.
Quote
The truly unfortunate news is that all existing Casascius coins should now be considered compromised unless purchased directly from Casascius himself.
Really? Can't anyone who bought coins from third parties simply verify their coins' balances on Block Explorer? And if you're buying one from a third party, verify the balance before you buy it.
Nope, one can compromise the coin by copying the private key and sell it to someone else. Only at a later stage (1 hour, 1 day, 1 week, whenever) the value will be moved to another address. Or at least it might be..
Ps. I agree the title is misleading..
I believe there were several early highlights of vulnerabilities including some sort of x-ray or such imaging device. At the time it was just a cool thing to have and Bitcoin was worth about $10/BTC so such extreme attempts were dismissed.
I imagine I would likely only buy them for cold storage or as gifts. Not for actual trade.
I imagine I would likely only buy them for cold storage or as gifts. Not for actual trade.
I took radiographs of the original BitBills cards. Notta chance of getting the private key with those using standard body radiography equipment. A Casascius coin would be much more difficult than a BitBill unless Mike is using some crazy ink with an absorption peak near the k edge of iodine.
The idea was doomed from the start. While fun, physical bitcoin just cannot reliably work.
From the OP:
Really? Can't anyone who bought coins from third parties simply verify their coins' balances on Block Explorer? And if you're buying one from a third party, verify the balance before you buy it.
Balance don't tell if the private key was compromised for later use. Quote
The truly unfortunate news is that all existing Casascius coins should now be considered compromised unless purchased directly from Casascius himself.
Really? Can't anyone who bought coins from third parties simply verify their coins' balances on Block Explorer? And if you're buying one from a third party, verify the balance before you buy it.
From the OP:
Really? Can't anyone who bought coins from third parties simply verify their coins' balances on Block Explorer? And if you're buying one from a third party, verify the balance before you buy it.
Quote
The truly unfortunate news is that all existing Casascius coins should now be considered compromised unless purchased directly from Casascius himself.
Really? Can't anyone who bought coins from third parties simply verify their coins' balances on Block Explorer? And if you're buying one from a third party, verify the balance before you buy it.
I'm guessing this wont work so well with paper notes, as the solvent would ruin the QR code readability. Since the cascoin is brass it would not get soggy and allow ink to run.
Agreed, how is this instead?
this topics title is misleading.
Mike has a reasonably-detailed post about this up on his blog: http://casascius.wordpress.com/2013/08/04/defcon-21-successful-compromise-of-the-hologram-reported/
There are some ways to defend against this. Nothing is perfect.
Mike has a reasonably-detailed post about this up on his blog: http://casascius.wordpress.com/2013/08/04/defcon-21-successful-compromise-of-the-hologram-reported/
I believe there were several early highlights of vulnerabilities including some sort of x-ray or such imaging device. At the time it was just a cool thing to have and Bitcoin was worth about $10/BTC so such extreme attempts were dismissed.
I imagine I would likely only buy them for cold storage or as gifts. Not for actual trade.
I imagine I would likely only buy them for cold storage or as gifts. Not for actual trade.
That's a shame, but I'm glad some white-hats found the vulnerability.
the vulnerability was always there, which is why those smart people were only buying them as a novelty piece for historic sake, not circulatory sake.
everyone knows that it only takes a bit of water/ heat or a combination of both (steam) to mess around with the adhesive on a sticker..
That's a shame, but I'm glad some white-hats found the vulnerability.
I just happened to be at Defcon yesterday when Stits and Datagram managed to peel the holo foil off of a Casascius coin and replace it with basically no real damage. They think with a little refinement of technique they could pull it off with no visible damage at all. Caldwell is in talks with them trying to improve security, but for now you should all be weary of second-hand Casascius coins.
http://codinginmysleep.com/casascius-physical-bitcoins-cracked-at-defcon/
http://codinginmysleep.com/casascius-physical-bitcoins-cracked-at-defcon/
Jump to: