Topic: Tamper proof hologram security issue? (Read 337 times)

That's what I thought would happen, but it didn't. The ink was definitely degraded but legible. This was a 1 BTC brass Casascius.


I think this is the most obvious and likely exploit.

      Place two QR codes at 90 degrees to each other to obfuscate each other so if there is any penetration from xray or deep radar it will not be possible to scan.

      Also placing 4 small drops of superglue at the four opposite sides of the holo will create a challenge in peeling the holo without any damage for sure.

      And I also would say, if anyone immersed the coin ane let it sit inside the solution, it would smear the ink as well on the private key.

      And if anyone REALLY wanted to get to a Cas private key, why not make the same Hologram and find a blank Cas and use the new hologram?

      Nothing is 100% safe...I mean they have fooled experts in the artworld when it comes to making fakes of the masterpieces from the Masters themselves.

      I think the key to it all is also provenance....but even then that is not 100% safe.

      
    

This is definitely an issue but I wonder how the average coin would fare against X-ray or even deep radar.   I think a test is in order.

There's some more information here: https://www.reddit.com/r/Bitcoin/comments/1jouqt/casascius_physical_bitcoins_cracked_at_defcon/. Note the top comment and the statement that the ring didn't affect the exploit.

I tried this around that time with dielectric solvent rather than non-polar solvent and it worked okay. I set the coin in a bath of solvent instead of using a needle. The sticker had a lot of residue that would have needed to be cleaned up if I wanted to reuse it, while it looks like the non-polar solvent left the adhesive useable. I didn't have the patience to try to clean the sticker and reapply it, but I think it could have been done.

If this was happening, I think we probably would see some indication in the near decade since the exploit was publicly demonstrated. Still, good to be cautious.

Correct, the melt ring on later Casascius cons were to prevent this type of attack.

You can see a very nice example of the melt ring here:

"Talking about eBay’s stance on emerging technology such as blockchain and cryptocurrencies, Iannone pointed toward the growing popularity of nonfungible tokens trading on its platform without making any official announcement regarding the same.

Iannone said that the company changed its policies last year to make the e-commerce platform a place to buy and sell anything, be it a physical or digital commodity. eBay didn’t respond to Cointelegraph’s request for comments at publishing time"

https://cointelegraph.com/news/ebay-to-add-crypto-payment-options-soon-says-ceo





I’m almost positive that Casascius changed his holograms after this happened to a different type where this would not work. I’m not sure which version of coin was tested on at DEFCON , but I’m pretty sure it was an older one.

Anyone want to sacrifice a cas or a lealana? Test out how good these holograms actually are.

Yikes thats kind of scary. But I would imagine that on the coins (especially the Precious metal coins) It would be pretty hard to hide the evidence. This make me want to definitely inspect things better. I really thought the Holograms would be better quality so you couldnt but Crooks always seem to find a way.

Technically yes, but search 1hodlclub on ebay and you'll see that this policy isn't exactly enforced all the time

I am skeptical that this can be done with leaving no trace. In some coins where the holo is completely flat and key printed on back of holo it would be near impossible to get liquid behind it without leaving a mark. The hodlclub coins have a folded paper behind the holo. liquid would warp and distort the paper. I say you would never be able to get it back as tight as they come. The best shot at this would be the coins with the cut out in the coin. You could inject into the space and possibly get it to lift. However alcohol and adhesives' don't mix well. Id guess that the reapplication wouldn't be as strong as normal. might see some lifting on the edges. I always inspect the holograms when i purchase. I will look for pin pricks from now on. I would say never buy anything loaded that you can not inspect first, but thats not usually possible. Definitely anything loaded with substantial BTC. Its pretty uncommon to hear about a swiped coin with holo still intact. Usually its from manufacturers error or someone related to the coin maker that perpetrates the fraud. I know lesbian cow had an issue with a swiped intact holo sol noctis bull, but overall this hasn't been an issue yet. When I buy expensive coins i always try and collect as much info as I can. Where did it come from, how long have you had it, what's the history of this coin. Hopefully I can head off a problem before it happens.

Didn't ebay recently stop allowing sales of loaded coins/items? 🤔

Would seem like alot of work for most of the newer production with small load values of .0005 - .0025.  But this does make Ebay a terrible place to buy items from. You have to know and trust your seller - that's for sure

We inadvertently did iinternal testing on this issue back in 2019.

Our findings were that alcohol creates visible tampering due to damaged ink on notes made on the STC substrate.

 We cannot comment on metals since no testing was done on that front.

well that puts pretty much every loaded coin at risk of having been tampered with - right?

It has been done.

https://www.coindesk.com/markets/2013/08/13/defcon-hackers-crack-physical-bitcoin-casascius-coins/

"According to the Coding in my Sleep blog, the "physical attack" was performed by using a hypodermic needle to inject what was described as a "non-polar solvent" between the coin's holographic sticker and brass surface. The solvent had the effect of neutralising the adhesive, thus allowing the sticker to be non-destructively removed."

I would hope the holograms are better quality and this wouldn't work on it, but gonna admit, I'm intrigued. I have a 1hodlclub copper round that has a wrinkle on the hologram that drives me nuts.... might be a worthy donor for a trial.

I ran into THIS VIDEO where LockPickingLawyer uses denatured alcohol to remove a tamper proof hologram from a padlock. After the denatured alcohol evaporates he puts the tamper proof hologram back on, which fully functions after he peels it.

Has anyone tried something similar with a coin, to see if the private key could be imported and placing it back under the hologram? I plan on doing it myself but I wanted to check here first before I destroy a coin .