Casascius Physical Bitcoins Cracked at Defcon

20130803_135959

Every year a number of reportedly secure systems fall to the skilled hands of security researchers at Defcon. This year, Casascius’ Physical Bitcioins were on that unfortunate list. Defcon researchers Stits and Datagram tried their hand at the physical Bitcoin on Saturday afternoon and it took them roughly 10 minutes to recover the private key and the researchers say that with practice it could probably be breeched in 1 to 2 minutes.

I’d never touched one before and the first chemical I picked worked.
-Datagram

The methodology consisted of using a hypodermic needle to carefully inject tiny quantities of what the researchers will only refer to as a “non-polar solvent” between the holographic security sticker and the brass coin itself. After the solvent weakened or entirely dissolved the adhesive they were able to peel back the holographic foil and access the private key beneath. The sticker was then trivially replaced, though Stits felt that using a secondary adhesive might be necessary since little of the original adhesive was left.

The re-assembled coin bore only a tiny mark at the edge of the foil where the needle was first inserted, a mark which could be easily mistaken for slight wear and tear, perhaps from being carried in a pocket with other coins. Stits indicated that with practice even this small mark could be avoided and suggested that next time he’d like to try submerging or fuming the coin in the solvent and simply allowing the foil to fall off without a scratch.

As for improving the security of new coins, a number of suggestions were tossed about. Within minutes of defeating the coin, their creator was on the phone with the tampering team discussing ways to mitigate the threat. Multiple layers of holo foil, scoring the sticker and even melting the edges of the plastic and brass together were discussed. At this time it is unknown what steps will actually be taken, but certainly something must be done.

While the “non-polar solvent” used was not specified, there are only a dozen or so known non-polar solvents and such solvents are rather common and easily obtained – toluene, for example, is commonly sold as paint thinner and hexane is an extremely common solvent often used in the food manufacture industry. Stits and Datagram have indicated that they’d love to try their hands at the more expensive silver rounds and that they expect the softer, less reactive noble metal to be even easier to work with than the cheaper brass.

I’d love to suggest something that holders of these popular physical Bitcoins could do to ensure the safety of the digital side of their physical assets, but sadly there isn’t much advice to offer. Anyone can do this with a few dollars and a trip to home depot and even checking the balance at the time of purchase offers little to no added security since an attacker could merely sweep the private key moments after selling off exploited coins.

In all fairness to Caldwell/Casascius, we are talking about people who have been breaking tamper-evident seals for years. Unfortunately we’re also talking about a Smart Cow Problem and the gate has officially been opened.

The truly unfortunate news is that all existing Casascius coins should now be considered compromised unless purchased directly from Casascius himself. Of course the good news is that a re-design seems inevitable and holders of the current coins should at least see an increase in their numismatic value, regardless of the compromised Bitcoin value.

5 tips so far
0.06777 BTC
(avg tip 0.013554 BTC)

Tip With Bitcoin

1MtScZM1hh5xyCSb6P2tUkE4VVH2k9wFWj

Each post gets its own unique Bitcoin address so by tipping you're not only making my continued efforts possible but telling me what you liked. Vote with your (Bitcoin) wallet!

Comments

  1. while yes, it makes it more inconvenient to trade physical bitcoins, the front address can still be checked before purchase by a buyer.

    • Dude – the intention would be to grab the balance AFTER selling on the compromised coin, not before…

      • Exactly, once you have the privkey you can sweep the balance at any time, so you sell the coin to some unwitting dupe who checks the balance and goes on his happy way, then you sweep the balance. Who knows how long it will be before that person checks the balance again?

  2. There's a Klean-Strip container in picture 5. That color container is most often used for acetone, but it is also used for automotive paint thinner which is a mixture containing mostly toluene (a non-polar solvent as mentioned in the article). I'm not sure why they don't want to share which solvent they are using but if that's the case maybe they shouldn't take pictures of it, lol.

    • Not sure if that's what they were using – just outside of frame are huge containers of acetone and tons of bottles of other things. This whole area is set up for dissolving glues, melting plastics, shimming zip ties and all sorts of tampering, so it's hard to say what was actually used and what was just laying around. That said, toluene is on the list of "non-polar solvents" so it's at least plausible.

      • In that case it is probably the more prolific jug of acetone. I was assuming they were only working with what was on the desk and no more additional supplies were present.

Trackbacks

  1. [...] http://codinginmysleep.com/casascius-physical-bitcoins-cracked-at-defcon/ [...]

  2. […] to the Coding in my Sleep blog, the “physical attack” was performed by using a hypodermic needle to inject what […]

  3. […] to the Coding in my Sleep blog, the “physical attack” was performed by using a hypodermic needle to inject what was […]

  4. […] can purchase physical bitcoin, or an intermediary, if you wish to, although physical Bitcoins may already be valueless at purchase). Because of this reality, many skeptics prematurely worry that they would not have […]

  5. Bitcoin says:

    […] of the coins and reveal the hidden redemption code underneath.  You can read about their methods HERE.  In summary, they succeeded at obtaining the redemption codes and replacing the sticker with […]

  6. […] sahip olanlar veya satın almak isteyenler için önemli olabilecek bir haber. Haber Kaynağı: Araştırmacının blogu Bitcoin Casascius güvenlik 2013-12-16 Coin […]

Leave a Reply

%d bloggers like this: