|
Title: Casascius' Physical Bitcoins Cracked at Defcon Post by: enmaku on August 04, 2013, 06:06:55 PM I just happened to be at Defcon yesterday when Stits and Datagram managed to peel the holo foil off of a Casascius coin and replace it with basically no real damage. They think with a little refinement of technique they could pull it off with no visible damage at all. Caldwell is in talks with them trying to improve security, but for now you should all be weary of second-hand Casascius coins.
http://codinginmysleep.com/casascius-physical-bitcoins-cracked-at-defcon/ Title: Re: Casascius' Physical Bitcoins Cracked at Defcon Post by: Razick on August 04, 2013, 06:12:09 PM That's a shame, but I'm glad some white-hats found the vulnerability.
Title: Re: Casascius' Physical Bitcoins Cracked at Defcon Post by: franky1 on August 04, 2013, 08:24:57 PM That's a shame, but I'm glad some white-hats found the vulnerability. the vulnerability was always there, which is why those smart people were only buying them as a novelty piece for historic sake, not circulatory sake. everyone knows that it only takes a bit of water/ heat or a combination of both (steam) to mess around with the adhesive on a sticker.. Title: Re: Casascius' Physical Bitcoins Cracked at Defcon Post by: Elwar on August 04, 2013, 09:03:51 PM I believe there were several early highlights of vulnerabilities including some sort of x-ray or such imaging device. At the time it was just a cool thing to have and Bitcoin was worth about $10/BTC so such extreme attempts were dismissed.
I imagine I would likely only buy them for cold storage or as gifts. Not for actual trade. Title: Re: Casascius' Physical Bitcoins Cracked at Defcon Post by: Melbustus on August 04, 2013, 09:31:11 PM Mike has a reasonably-detailed post about this up on his blog: http://casascius.wordpress.com/2013/08/04/defcon-21-successful-compromise-of-the-hologram-reported/
Title: Re: Casascius' Physical Bitcoins Cracked at Defcon Post by: NewLiberty on August 04, 2013, 09:41:22 PM Mike has a reasonably-detailed post about this up on his blog: http://casascius.wordpress.com/2013/08/04/defcon-21-successful-compromise-of-the-hologram-reported/ There are some ways to defend against this. Nothing is perfect. Title: Re: Casascius' Physical Bitcoins Cracked at Defcon Post by: john_nalpa on August 04, 2013, 09:46:07 PM this topics title is misleading.
Title: Re: Casascius' Physical Bitcoins tested at Defcon20 Post by: NewLiberty on August 04, 2013, 09:55:30 PM Agreed, how is this instead?
Title: Re: Casascius' Physical Bitcoins Cracked at Defcon Post by: karlmarxxx on August 05, 2013, 02:18:18 AM I'm guessing this wont work so well with paper notes, as the solvent would ruin the QR code readability. Since the cascoin is brass it would not get soggy and allow ink to run.
Title: Re: Casascius' Physical Bitcoins Cracked at Defcon Post by: worldtreasurefinders on August 05, 2013, 02:20:55 PM From the OP:
Quote The truly unfortunate news is that all existing Casascius coins should now be considered compromised unless purchased directly from Casascius himself. Really? Can't anyone who bought coins from third parties simply verify their coins' balances on Block Explorer? And if you're buying one from a third party, verify the balance before you buy it. Title: Re: Casascius' Physical Bitcoins Cracked at Defcon Post by: 01BTC10 on August 05, 2013, 02:26:59 PM From the OP: Balance don't tell if the private key was compromised for later use.Quote The truly unfortunate news is that all existing Casascius coins should now be considered compromised unless purchased directly from Casascius himself. Really? Can't anyone who bought coins from third parties simply verify their coins' balances on Block Explorer? And if you're buying one from a third party, verify the balance before you buy it. Title: Re: Casascius' Physical Bitcoins Cracked at Defcon Post by: Pokerfan on August 05, 2013, 02:29:33 PM The idea was doomed from the start. While fun, physical bitcoin just cannot reliably work.
Title: Re: Casascius' Physical Bitcoins Cracked at Defcon Post by: bg002h on August 05, 2013, 02:39:42 PM I believe there were several early highlights of vulnerabilities including some sort of x-ray or such imaging device. At the time it was just a cool thing to have and Bitcoin was worth about $10/BTC so such extreme attempts were dismissed. I imagine I would likely only buy them for cold storage or as gifts. Not for actual trade. I took radiographs of the original BitBills cards. Notta chance of getting the private key with those using standard body radiography equipment. A Casascius coin would be much more difficult than a BitBill unless Mike is using some crazy ink with an absorption peak near the k edge of iodine. Title: Re: Casascius' Physical Bitcoins Cracked at Defcon Post by: kik1977 on August 05, 2013, 02:42:06 PM From the OP: Quote The truly unfortunate news is that all existing Casascius coins should now be considered compromised unless purchased directly from Casascius himself. Really? Can't anyone who bought coins from third parties simply verify their coins' balances on Block Explorer? And if you're buying one from a third party, verify the balance before you buy it. Nope, one can compromise the coin by copying the private key and sell it to someone else. Only at a later stage (1 hour, 1 day, 1 week, whenever) the value will be moved to another address. Or at least it might be.. Ps. I agree the title is misleading.. Title: Re: Casascius' Physical Bitcoins Cracked at Defcon Post by: MysteryMiner on August 05, 2013, 02:45:14 PM The adhesive used in these tamper resistant holograms can be softened using hair dryer or hot air soldering iron. While heated with steady hands they can be peeled off and replaced without damaging the hologram or requiring additional application of adhesive afterwards. I think the same applies to Casascius coins but I never attempted to do it on them.
|