CASASCIUS PHYSICAL BITCOIN - In Stock Now! (pic)

[vv01f]

For my contact with Mike I can only tell the best - he always is kind and replies very fast. Also he answers question with a great deal of patience.
There might be small things to adjust for making his service even better - and he tries to find out about these.

[1714190768]

1714190768

[casascius]

Just to set the record straight, I sent an e-mail to the MtGox leaked list a few hours ago warning about a phishing campaign.  Many have referred to this warning as spam, as it ostensibly serves as an "advertisement" for my site in their view.

Some people received the original phish, apparently some only received my warning, and many others received both.

I hate spam, sending out an e-mail was a judgment call that I felt was the right thing to do, and most seem to agree.  A few do not, and have reacted with harsh words, foul language, or...in one case, a 3-paragraph rant full of F-words and a picture of a penis.  I suppose this is a problem inherent in Bitcoin and is bound to grow with it - it motivates criminals to replicate websites and steal orders, something not typically a problem with Visa/Mastercard (or at least the problem is shouldered by them).

[molecular]

Dear casascius.

Today I found in my email a spam coming from your website and IP-address, advertising for your website casascius.com. Sending such unsollicited email to people in my country is a crime. In addition, because of costs of spam for me, I also charge per spam, feel free to pay the bill by sending 100 bitcoin to: 1DESYhdFBUdQyTWBpLif6BQdr3FRcKBHWL

The spam email you are referring to advertises casascius.NET, not .COM. You're billing the wrong person.

[Wody]

To show the criminal is indeed the person indicated, here is the proof of the crime:

x-store-info: 4r51+eLowCe79NzwdU2kR3P+ctWZsO+J
Authentication-Results: hotmail.com; sender-id=temperror (sender IP is 50.73.45.250) header.from=mcaldwell@swipeclock.com; dkim=none header.d=swipeclock.com; x-hmca=none
X-Message-Status: n:0:n
X-SID-PRA: Mike Caldwell <mcaldwell@swipeclock.com>
X-DKIM-Result: None
X-AUTH-Result: NONE
X-Message-Delivery: Vj0xLjE7dXM9MDtsPTA7YT0wO0Q9MjtHRD0yO1NDTD00
X-Message-Info: 2etWe3f/w1f/+Xc9HUsWtoIBpz8ycB9a0i3OlthWaSDx1+zjusIy+Ac0IEm9ygColX219cjubiYguKKVOsibiur3d6DOlwLJFaDf/0j9wJythBJA+Itz6+iTCK9F7cORSxqKPUbXox4=
Received: from 50-73-45-250-utah.hfc.comcastbusiness.net ([50.73.45.250]) by COL0-MC1-F30.Col0.hotmail.com with Microsoft SMTPSVC(6.0.3790.4900);
    Tue, 25 Oct 2011 10:27:37 -0700
Received: from sniff3c ([192.168.19.151]) by 50-73-45-250-utah.hfc.comcastbusiness.net with Microsoft SMTPSVC(7.5.7601.17514);
    Tue, 25 Oct 2011 11:27:29 -0600
MIME-Version: 1.0
From: "Mike Caldwell"
 <mcaldwell@swipeclock.com>
To: redacted
Date: 25 Oct 2011 11:27:31 -0600
Subject: Phishing warning: Casascius Physical Bitcoins
Content-Type: text/plain; charset=us-ascii
Content-Transfer-Encoding: quoted-printable
Return-Path: mcaldwell@swipeclock.com
Message-ID: <BTCSTOREuXNJCpM2M9C0000924c@50-73-45-250-utah.hfc.comcastbusiness.net>
X-OriginalArrivalTime: 25 Oct 2011 17:27:29.0796 (UTC) FILETIME=[5F4A4C40:01CC933B]
X-Agent-Received: from live (pop3.live.com); Tue, 25 Oct 2011 21:20:22 +0200
X-Agent-Train-Junk: 100
X-Agent-Junk-Probability: 99
X-Agent-Folder-Reason: Junk
X-Agent-Folder: 00000006

-----BEGIN PGP SIGNED MESSAGE-----=0D=0AHash: SHA1=0D=0A=0D=0ASor=
ry to be sending e-mail to the Mt.Gox leak list.=0D=0A=0D=0APleas=
e be advised that a recent e-mail purporting to be from me regard=
ing Casascius Physical=0D=0ABitcoins is fake and leads to a phish=
ing site.  Don't give out your info unless you're sure you're=0D=0A=
at the right place.=0D=0A=0D=0AThe real Casascius Physical Bitcoi=
ns website is at https://www.casascius.com. =0D=0AIf you do not k=
now how to verify my PGP signature, consider looking me up on the=
 forums to make=0D=0Asure you have the right address and are not =
being phished.=0D=0A=0D=0ASorry for the hassle and the inconvenie=
nce, but I suppose this was going to happen sooner or later.=0D=0A=
=0D=0AMike Caldwell=0D=0A-----BEGIN PGP SIGNATURE-----=0D=0AVersi=
on: GnuPG v2.0.17 (MingW32)=0D=0A=0D=0AiQEcBAEBAgAGBQJOpu6ZAAoJEF=
ou6PHxF1ojWnIIAIMMZUh2zaFd528toyqGoAOW=0D=0ASNeui8P3avdCwKkDWlItM=
r18GBYyGXRy44lCEzAC+1OuvZVSteF34kEGsMZ7G+rv=0D=0AXM40x2JQusFuVX/V=
km27c086TQTO18IHMlxkNUMfL0uoxM/zZpy2I6/LnWdh1Kqm=0D=0AXffR2V/5bJf=
8fBorDRjWUTfFCgCfhkNVYcwHCfImqTgjjJno6O1zVVTVEYcQHMG/=0D=0AAu4ekv=
Ap5Jfc11MFCJ8VKQR/zZ120HudQ0wYhm0xyEI721dPBzB26JZXgaGkMRYp=0D=0AV=
1147axEFU6nB9gmlkIXVjQ4KuA/XGm4MTNeecKjKHKyBrzCtdO0PqUDU20zua0=3D=
=0D=0A=3D0WEj=0D=0A-----END PGP SIGNATURE-----=0D=0A

[Inaba]

I'm not sure I follow what you're saying, Wody?

[vv01f]

I think Wody is kidding us .

[casascius]

I indeed sent the message warning people about the fake website, just as I stated several posts ago.  And I PGP signed it (key=F1175A23).  I don't believe warning people about a phishing site is a crime.  If it is, I hope I don't go to jail for it.

This has been discussed at length in another thread: https://bitcointalk.org/index.php?topic=49826

[Wody]

I'm not sure I follow what you're saying, Wody?

I think he is kidding us .

I'm not kidding, since you wanted proof, I provided the actual spam-message. Also, I'm not kidding about it being a crime. Sending spam can get somebody fined up to 450.000 euro. About the spam, decoded, it comes from 50.73.45.250 which is the same IP-address as casascius.com, and it is an advertisement for that site. It can be verified with PGP, and so is no fake, or a phish for another site or something. The text decoded says:

Sorry to be sending e-mail to the Mt.Gox leak list.

Please be advised that a recent e-mail purporting to be from me regarding Casascius Physical
Bitcoins is fake and leads to a phishing site.  Don't give out your info unless you're sure you're
at the right place.

The real Casascius Physical Bitcoins website is at https://www.casascius.com.
If you do not know how to verify my PGP signature, consider looking me up on the forums to make
sure you have the right address and are not being phished.

Sorry for the hassle and the inconvenience, but I suppose this was going to happen sooner or later.

Mike Caldwell

[casascius]

Spamhaus.org doesn't seem to be concerned with my warning message, they're on my side, been in contact with me, and have listed the spammer and created an advisory of their own.  Notice they have blocked the phishing site, not me.

http://www.spamhaus.org/sbl/sbl.lasso?query=SBL119864

No one in their right mind is going to pursue me for 450,000 euros for sending a timely warning to potential victims of an active scam just because there were many of them.  If you want though, send me a self-addressed stamped envelope to my mailing address listed on my site and I'll send you a collectible physical bitcoin (no hologram or BTC value) for your trouble.

[molecular]

Casacius on cnet: http://news.cnet.com/8301-17938_105-20125470-1/are-physical-bitcoins-legal/

[MoonShadow]

Ironicly, I got the phishing email but not the warning.  Which I thought to be odd, since I've never given Casascius my address.  But the phishing site is very well done, and I would have been fooled if not for that detail, and the nagging desire to search this forum.  I must say, the physical bitcoins seem very well done, and I would consider buying some but for one nagging issue in the back of my mind.

What prevents a scammer from removing the hologram to get at the private key, glueing it back on, spending it and then nabbing the bitcoin value a month later?  Is the hologram obviously destroyed by the process?

EDIT:  I missed the part on the website about the hologram leaving behind a honeycomb pattern if peeled.  Does that mean that the peeled hologram is now honeycombed?

[MoonShadow]

Ironicly, I got the phishing email but not the warning.  Which I thought to be odd, since I've never given Casascius my address.  But the phishing site is very well done, and I would have been fooled if not for that detail, and the nagging desire to search this forum.  I must say, the physical bitcoins seem very well done, and I would consider buying some but for one nagging issue in the back of my mind.

What prevents a scammer from removing the hologram to get at the private key, glueing it back on, spending it and then nabbing the bitcoin value a month later?  Is the hologram obviously destroyed by the process?

EDIT:  I missed the part on the website about the hologram leaving behind a honeycomb pattern if peeled.  Does that mean that the peeled hologram is now honeycombed?

"Send it back in and have it reloaded and restickered as new - just 25.5 BTC plus return shipping."

Wait, what?  It can be 'restickered'?  There needs to be images on the website that show how the sticker should look if good, and how it might look if bad.  I assume that unauthorized reproductions of the hologram sticker is very hard to fake, but if I (as a general user) don't know how the hologram is supposed to look like, how hard would it be for someone to find a hologram sticker to defraud someone with?

[ErgoOne]

Well, the site it came from was in Russia and casascius.com is in Utah, so I can buy that explanation.  I withdraw my previous statement then... either you've hit upon a clever way to market or someone is being a total douche in Russia and I'm happy to give you the benefit of the doubt in this instance.

Not even necessarily in Russia.  The IP that was used to send the scam spams from "casascius.net" was in Russia.  I checked, and that IP is currently listed in the Spamhaus SBL.  Here's a link to the SBL listing page for the scam:

http://www.spamhaus.org/sbl/sbl.lasso?query=SBL119864

The IP appears to host an insecure PHP script (ajax.php), and that script was used to send the spam.  The spammer could have done this from anywhere; insecure scripts rarely log IPs that connect to them and never include those IPs in the headers of the email that they send. :/  The domain casascius.net is registered through a really scuzzy offshore registrar, and the ownership information for the domain is cloaked in Whois.  So I think that the scammer (whoever it is) actually does own that domain.

It is *theoretically* possible that Mike Caldwell (the real Casascius) could have done all this. If he did, he's got a genius IQ, a truly warped imagination, *and* no ethics.   People like that exist, but in my experience they are rare.  And he doesn't come across as one of them here on the board.

He did send one email to the whole Mt. Gox list.  That email warned them about the scam.  While *technically* it was unsolicited bulk email and therefore spam, I doubt that the most rabid antispammer would object to what he did.  Spamhaus did not, and they clearly must have gotten his email because email addresses on the Mt. Gox list either belonged to a Spamhaus person in the first place or were donated to them after the security breach so that they could monitor scams and phishing attacks aimed at those email addresses.

[BurtW]

I have purchased coins from Mike several times.  I have many of the 1 BTC coins and a couple of the 25 BTC coins, which are beautiful.

Just got my personal copy of the phishing email and went to the .NET web site.  It is still there and taking bogus orders as far as I can tell so beware.

I have personally removed stickers and tried to place them back on the coins and found it to be impossible.  It is very obvious that the sticker has been taken off.

If you want to know what the holograms look like before being taken off there are plenty of high resolution pictures at https://casascius.com/

And now there are copies of all the same pictures at the bogus http://casascius.net/ site as well

Mike has been and still is one of the hardest working members of the Bitcoin community and I for one appreciate his efforts.

Some of you question the warning email he sent out but ask yourself this:  what would you do if someone copied your web site and was attemping to rip off your customers and the Bitcoin community?  I think he did the right thing.

I just "ordered" 7743.74 BTC worth of stuff from the .NET site got the address 1GHRsryckBsSfKgv6zbun5egbxq8GCT8f1.  I looked it up and it appears to me that they may have ripped off people for 53.84 BTC so far.  I am not that familiar with the way things work so someone else would need to verify.  Here is what I see:

http://blockexplorer.com/address/1GHRsryckBsSfKgv6zbun5egbxq8GCT8f1

[casascius]

UPDATE: MemoryDealers.com is now selling Casascius Physical Bitcoins for those who do not have Bitcoins and are interested in paying USD.

http://www.memorydealers.com/one-physical-bitcoin.html

http://www.memorydealers.com/25-casascius-bitcoins.html

Everything on one page here:
http://www.memorydealers.com/bieq.html

[molecular]

Ironicly, I got the phishing email but not the warning.  Which I thought to be odd, since I've never given Casascius my address.  But the phishing site is very well done, and I would have been fooled if not for that detail, and the nagging desire to search this forum.  I must say, the physical bitcoins seem very well done, and I would consider buying some but for one nagging issue in the back of my mind.

What prevents a scammer from removing the hologram to get at the private key, glueing it back on, spending it and then nabbing the bitcoin value a month later?  Is the hologram obviously destroyed by the process?

EDIT:  I missed the part on the website about the hologram leaving behind a honeycomb pattern if peeled.  Does that mean that the peeled hologram is now honeycombed?

"Send it back in and have it reloaded and restickered as new - just 25.5 BTC plus return shipping."

Wait, what?  It can be 'restickered'?  There needs to be images on the website that show how the sticker should look if good, and how it might look if bad.  I assume that unauthorized reproductions of the hologram sticker is very hard to fake, but if I (as a general user) don't know how the hologram is supposed to look like, how hard would it be for someone to find a hologram sticker to defraud someone with?

I obviously need a new camera, but the difference should be apparent.

[molecular]

It is *theoretically* possible that Mike Caldwell (the real Casascius) could have done all this. If he did, he's got a genius IQ, a truly warped imagination, *and* no ethics.

He'd have some other, much more evil options.

[cbeast]

Casacius on cnet: http://news.cnet.com/8301-17938_105-20125470-1/are-physical-bitcoins-legal/

Another FUD hit-piece. They are so dumb if they think stories like this will kill bitcoin. Don't they know that even bad publicity is good for bitcoin? Maybe their plan is to keep it low while they are buying slowly and steadily while keeping speculators at bay.

[molecular]

Casacius on cnet: http://news.cnet.com/8301-17938_105-20125470-1/are-physical-bitcoins-legal/

Another FUD hit-piece. They are so dumb if they think stories like this will kill bitcoin. Don't they know that even bad publicity is good for bitcoin? Maybe their plan is to keep it low while they are buying slowly and steadily while keeping speculators at bay.

Journalists stumbles upon casascius. Feels need to write some shit-piece about it. News at 11.

[MoonShadow]

I obviously need a new camera, but the difference should be apparent.

Yes, but I'm talking about an organized criminal with the same tooling available to himself as Casascius passing off spent coins as unspent by putting a new hologram sticker on them.  Don't get me wrong, I'm not trying to belittle his acheivement.  I'm just concerned that there will eventually be a determined criminal element that will undermine the trust in bitcoin in general if they can create distrust in physical bitcoins.  It's not like doing so would actually be illegal in most places, since bitcoin isn't an official currency anywhere.