|
enmaku (OP)
|
 |
August 04, 2013, 06:06:55 PM |
|
I just happened to be at Defcon yesterday when Stits and Datagram managed to peel the holo foil off of a Casascius coin and replace it with basically no real damage. They think with a little refinement of technique they could pull it off with no visible damage at all. Caldwell is in talks with them trying to improve security, but for now you should all be weary of second-hand Casascius coins. http://codinginmysleep.com/casascius-physical-bitcoins-cracked-at-defcon/ |
|
|
|
|
Razick
Legendary
 Offline
Activity: 1330
Merit: 1003
|
|
August 04, 2013, 06:12:09 PM |
|
That's a shame, but I'm glad some white-hats found the vulnerability.
|
ACCOUNT RECOVERED 4/27/2020. Account was previously hacked sometime in 2017. Posts between 12/31/2016 and 4/27/2020 are NOT LEGITIMATE.
|
|
|
franky1
Legendary
Offline
Activity: 4410
Merit: 4761
|
|
August 04, 2013, 08:24:57 PM |
|
That's a shame, but I'm glad some white-hats found the vulnerability.
the vulnerability was always there, which is why those smart people were only buying them as a novelty piece for historic sake, not circulatory sake. everyone knows that it only takes a bit of water/ heat or a combination of both (steam) to mess around with the adhesive on a sticker.. |
I DO NOT TRADE OR ACT AS ESCROW ON THIS FORUM EVER.
Please do your own research & respect what is written here as both opinion & information gleaned from experience. many people replying with insults but no on-topic content substance, automatically are 'facepalmed' and yawned at
|
|
|
Elwar
Legendary
Offline
Activity: 3598
Merit: 2386
Viva Ut Vivas
|
|
August 04, 2013, 09:03:51 PM |
|
I believe there were several early highlights of vulnerabilities including some sort of x-ray or such imaging device. At the time it was just a cool thing to have and Bitcoin was worth about $10/BTC so such extreme attempts were dismissed.
I imagine I would likely only buy them for cold storage or as gifts. Not for actual trade.
|
First seastead company actually selling sea homes: Ocean Builders https://ocean.builders Of course we accept bitcoin. |
|
|
Melbustus
Legendary
Offline
Activity: 1722
Merit: 1004
|
|
August 04, 2013, 09:31:11 PM |
|
|
Bitcoin is the first monetary system to credibly offer perfect information to all economic participants.
|
|
|
NewLiberty
Legendary
Offline
Activity: 1204
Merit: 1002
Gresham's Lawyer
|
|
August 04, 2013, 09:41:22 PM |
|
There are some ways to defend against this. Nothing is perfect. |
|
|
|
john_nalpa
Member
Offline
Activity: 81
Merit: 10
|
|
August 04, 2013, 09:46:07 PM |
|
this topics title is misleading.
|
|
|
|
|
NewLiberty
Legendary
Offline
Activity: 1204
Merit: 1002
Gresham's Lawyer
|
|
August 04, 2013, 09:55:30 PM |
|
Agreed, how is this instead?
|
|
|
|
karlmarxxx
Newbie
Offline
Activity: 27
Merit: 0
|
|
August 05, 2013, 02:18:18 AM |
|
I'm guessing this wont work so well with paper notes, as the solvent would ruin the QR code readability. Since the cascoin is brass it would not get soggy and allow ink to run.
|
|
|
|
|
|
worldtreasurefinders
|
|
August 05, 2013, 02:20:55 PM |
|
From the OP: The truly unfortunate news is that all existing Casascius coins should now be considered compromised unless purchased directly from Casascius himself. Really? Can't anyone who bought coins from third parties simply verify their coins' balances on Block Explorer? And if you're buying one from a third party, verify the balance before you buy it. |
Architect, Anarchist, Numismatist, Crypto-Enthusiast.
|
|
|
01BTC10
VIP
Hero Member
Offline
Activity: 756
Merit: 503
|
|
August 05, 2013, 02:26:59 PM |
|
From the OP: The truly unfortunate news is that all existing Casascius coins should now be considered compromised unless purchased directly from Casascius himself. Really? Can't anyone who bought coins from third parties simply verify their coins' balances on Block Explorer? And if you're buying one from a third party, verify the balance before you buy it. Balance don't tell if the private key was compromised for later use. |
|
|
|
|
|
Pokerfan
|
|
August 05, 2013, 02:29:33 PM |
|
The idea was doomed from the start. While fun, physical bitcoin just cannot reliably work.
|
|
|
|
|
bg002h
Donator
Legendary
Offline
Activity: 1466
Merit: 1048
I outlived my lifetime membership:)
|
|
August 05, 2013, 02:39:42 PM |
|
I believe there were several early highlights of vulnerabilities including some sort of x-ray or such imaging device. At the time it was just a cool thing to have and Bitcoin was worth about $10/BTC so such extreme attempts were dismissed.
I imagine I would likely only buy them for cold storage or as gifts. Not for actual trade.
I took radiographs of the original BitBills cards. Notta chance of getting the private key with those using standard body radiography equipment. A Casascius coin would be much more difficult than a BitBill unless Mike is using some crazy ink with an absorption peak near the k edge of iodine. |
|
|
|
|
kik1977
|
|
August 05, 2013, 02:42:06 PM |
|
From the OP: The truly unfortunate news is that all existing Casascius coins should now be considered compromised unless purchased directly from Casascius himself. Really? Can't anyone who bought coins from third parties simply verify their coins' balances on Block Explorer? And if you're buying one from a third party, verify the balance before you buy it. Nope, one can compromise the coin by copying the private key and sell it to someone else. Only at a later stage (1 hour, 1 day, 1 week, whenever) the value will be moved to another address. Or at least it might be.. Ps. I agree the title is misleading.. |
We are like butterflies who flutter for a day and think it is forever
|
|
|
MysteryMiner
Legendary
Offline
Activity: 1512
Merit: 1049
Death to enemies!
|
|
August 05, 2013, 02:45:14 PM |
|
The adhesive used in these tamper resistant holograms can be softened using hair dryer or hot air soldering iron. While heated with steady hands they can be peeled off and replaced without damaging the hologram or requiring additional application of adhesive afterwards. I think the same applies to Casascius coins but I never attempted to do it on them.
|
bc1q59y5jp2rrwgxuekc8kjk6s8k2es73uawprre4j
|
|
|
|
