We can't look past this any further.
Austria Post Crypto Stamp 1 (CS1)
Austria Post Crypto Stamp 2 (CS2)
These both should be considered "Breached" straight from the manufacturer. After market sales depend solely on the integrity and honor of the seller. If you do not care about the Non-Fungible Token(NFT) or online portion of collecting these stamps then you are fine.
CS1 was found(allegedly) to have been gamed by insiders/post office workers due to the ability to scan the forward facing and uncovered QR code to determine rarity. Anyone that had an inkling about rarities and cryptocurrency hype could have easily pocketed Blues/Yellows/Reds and sent out the more common Blacks/Greens to consumers. Hard to have concrete physical proof of this happening but the upgraded security to the CS2 (inside packaging with a tamper proof sticker) proves that this was recognized as a security flaw.
The attempt to fix this issue with the release of CS2 has still proven insufficient and can be bypassed by anybody with just one hand and a light squeeze. The tamper proof sticker does nothing to stop this from happening. I was able to squeeze the packaging and carefully remove the card from its slotted position inside. I was then able to retrieve the seed phrase and once again squeeze the package open and slide the card back into the slot. Little to no damage done to the packaging or stamp itself.. nothing a few hours in between two heavy books wouldn't fix.
Now lets get to the major breach of not just CS2, but also CS1.
Both intact, I tried to show the serial to maintain authenticity through this story of pictures.
I took the previous two pictures inside but have moved into a pitch dark storage room for the next few. This is NOT needed for the effect shown on the CS2 stamp, moreso the CS1 stamp proves superior here but is still vulnerable to a flashlight and dark room. (This took me around five minutes, if I were a more nefarious actor I could have done a much cleaner job.)
CS1
CS2
As you can see in a dark room with a flashlight the seed words and QR codes are visible. With a better flashlight and some contrast adjustments(Photoshop) these could be a lot more crisp and legible. CS1 proves superior with the scratch n' sniff label over it but still doesn't hold up to a dark room and a flashlight.
I am unsure who created the actual physical portion of CS1 for Austria Post - will edit if/when I find this information.
The physical CS2 were made by a company named
Variuscard and commissioned of course by Austria Post. Security testing appears to have been non existent.
Advice - If you ever want to avoid problems like this and work with the community,
read THIS thread and you'll see how it should be done. (There is a lot of talent you would not expect in the Bitcointalk Collectibles community.)
As this post is about the physical portion of the cards being breachable by anyone that has ever come into possession of them I won't get into the OnChain Shop mess going on right now as that would be labelled as a fail rather than a breach. Special nod to
Capacity Blockchain Solution GmbH and the
Ethereum Network for that.
To sum up. Any and all CS1 and CS2 out there should be considered breached. If you bought straight from Austria Post then you're probably(maybe) alright. The sales that take place on eBay and in the Collectibles board here should be scrutinized and the character of the seller should be taken into account. If you only care about having the card in your possession and don't want to play with MetaMask/Ethereum/High Gas Fees then there is nothing to worry about. Both CS1 and CS2 are absolutely beautiful pieces to have in your physical collection.
Note: If you can do anything with the QR/Seed Phrase pieces I've used in this post, go ahead as they're now part of my compromised collection.
)