Topic: Thoughts on the compromise of Casascius coin holograms - page 2. (Read 6193 times)

True, although there's much less motivation to poison food as there is to get free money.


Personally, if I was buying a coin from a reseller, I'd rather buy an unfunded silver round for 1.5 BTC than a possibly funded one for 2.5 BTC, but you may be correct in believing me to be in the minority. To make such a drastic move would require complete consensus, which I don't think would be possible to achieve.


I fully agree, and I think the PGP-signed messages are a good idea. Would many graders have the know-how to verify such a message, I wonder? I can see many balking at the idea.

Just to be clear, I'm still very pleased with my purchase. This being my first silver buy, I was shocked at the size and heft of the 1oz rounds!

Am I missing something?   Why would grading them stop the exploiting?  If you exploited them they would still look the same.   The chemicals they use do not change the grade or look of the metal.

I have much more faith in humanity than to consider my product broken.  Sure, the world is full of bad guys, but the idea of trust going out of style I think is a bit overrated.  Someone saying "all Casascius coins should be considered compromised" should also never shop in a grocery store or eat in a restaurant, as there's a similar possibility that someone poisoned all the food.

My product is primarily an educational tool, a proof of concept.  The possibility of it being physically compromised has always been assumed to be present, just look at the terms and conditions I have you agree to when you order.  Casascius Coins weren't created to be tamper-proof money - if that's what you need, the best physical bitcoin you can get for the purpose is the paper wallet you print offline by yourself.  What a Casascius Coin is, I trust that most people still understand it is what it is.  Further, there is no such thing as a truly physically secure tamper evident product, period.  The laser rim on the silver coin that was undefeated at DefCon will be defeated if the dude who did it has unlimited more chances to try and refine his attack.  Proper perspective is key.

A lot of people who have bought my coins have taken me up on my offer to PGP-sign a statement acknowledging that they are the original purchaser of their coins.  This way they can convey to a secondary buyer that they are the only people who have handled the coins.  (I say taken me up, while acknowledging I haven't delivered more than a few by hand, due to how many I'd need to produce; I'm thinking of producing these PGP-signed acknowledgments in a sort of automated batch with a script, and then manually taking care of those who believe my automated acknowledgment doesn't meet their needs).

With respect to the idea of me refunding 1BTC instead of funding the coins... I don't believe that's what the buyers want.  They want the intact coin with the bitcoin loaded as promised when they bought it.  If they want the bitcoin off of it with the coin intact, they can try and "compromise" it themselves... if they can.

Regarding grading... there's a subjective nature to it.  A person submitting a coin for grading who also happens to be in possession of a PGP-signed message from me confirming they were the original buyer is going to pass outside analysis better than joe blow.  Or on the other hand, the graders may throw up their hands and say we're not messing with this, making those graded ones that much more unique.

Emphasis mine. I think you mean "before this exploit was published".

Who's to say that you didn't discover a similar exploit, weeks or months before you got your coins graded and hard-cased? 

I am suddenly soooooooo thankful I got mine graded and hard-cased (ANACS) months before this exploit was discovered.
It seems to me that we've just further split the already-rare, collectible Casascius coins into two camps - potentially compromised and almost-certainly-uncompromised.

Short of the already-graded coins (alongside documentation of date-of-grading, preceding this exploit)...I cannot think of any outstanding coins whose legitimacy would not rely in part on the trust of the integrity of the seller.

I was holding onto these tight before this news broke. Now...the phrase cold, dead hands springs to mind :-P

It definitely makes it tough to resell the coin without subtracting the face value from the price -- once you start having to trust two people (casascius as well as the reseller), there's no way of knowing which party to blame if a coin gets defunded. The trust problem also grows each time the coin changes hands.

It's too bad the coins couldn't remain unfunded and have the face value returned to the purchaser; the problem with this scenario is that you'd then have a bunch of unfunded coins floating around alongside the funded ones, which makes all of them fall under suspicion.

EDIT: I just realized that NONE of the 2013 silver rounds are funded yet -- or at least, I don't think so. If all of the silver rounds remained unfunded, the original purchasers could receive a refund for the face value of the coins. Word would spread quickly that all of the 2013 silvers are unfunded, and any future buyers would be aware of this when the coins are resold in the future.

Seems like a win-win situation...?

As reported by Mike Caldwell (http://casascius.wordpress.com/2013/08/04/defcon-21-successful-compromise-of-the-hologram-reported/), the hologram on Casascius physical bitcoins was compromised a few days ago by security researchers at DefCon 21.

While I've seen many people react to this news with dismay that their coins have lost all resale value, I'd like to offer a differing opinion, in the hopes of getting a discussion going.

Let's use the 1oz / 1 BTC silver round as an example.

Currently, this coin can be bought directly from Casascius for BTC2.5. Since the face value is BTC1, one could make the assumption that the rest of the coin (the silver round itself, plus the intact hologram) has a nominal value of BTC1.5.

Redeeming the face value of the coin by removing the hologram would destroy the BTC1.5 nominal value of the coin, as collectors don't want to purchase coins that are no longer in mint condition. It's not hard to imagine that the removal of (or visible tampering with) the hologram would cause a steep decrease in the nominal value of the coin: say, from BTC1.5 to BTC0.5 (essentially, spot price of silver plus a premium for the scarcity of the rounds).

I can think of only three reasons for removal or tampering of the hologram:

(1) curiosity (some people want to know what it looks like underneath),
(2) honest redemption (some people may wish to spend the BTC contained within), and
(3) fraud (some people may wish to redeem the BTC and then resell the coin as if it were intact).

For the purposes of the argument, we're really only interested in (3). Situations (1) and (2) would result in a visibly tampered (most likely fully removed) hologram.

Situation (3) is a more interesting situation, in that it's impossible to know when purchasing a coin from a third party whether or not they possess the private key -- that is, until you check the balance and find that it's been transferred to another address.

Now, a coin which has been successfully tampered with (i.e. no evidence of tampering is present) still retains a nominal value of BTC1.5, even without the added BTC1 face value.

Given that the holograms will likely be given an upgrade in the near future, the value of existing coins as collectibles will likely increase; but by how much?

For numismatic purposes, a successful, no-evidence tamper would not result in any decrease in value from a non-tampered, unredeemed coin; or would it?

I'm much less worried about this situation than I originally was, but I'd still love to get the opinions of other people on the subject.

Thoughts?