Every year a number of reportedly secure systems fall to the skilled hands of security researchers at Defcon. This year, Casascius’ Physical Bitcioins were on that unfortunate list. Defcon researchers Stits and Datagram tried their hand at the physical Bitcoin on Saturday afternoon and it took them roughly 10 minutes to recover the private key and the researchers say that with practice it could probably be breeched in 1 to 2 minutes.
I’d never touched one before and the first chemical I picked worked.
The methodology consisted of using a hypodermic needle to carefully inject tiny quantities of what the researchers will only refer to as a “non-polar solvent” between the holographic security sticker and the brass coin itself. After the solvent weakened or entirely dissolved the adhesive they were able to peel back the holographic foil and access the private key beneath. The sticker was then trivially replaced, though Stits felt that using a secondary adhesive might be necessary since little of the original adhesive was left.
The re-assembled coin bore only a tiny mark at the edge of the foil where the needle was first inserted, a mark which could be easily mistaken for slight wear and tear, perhaps from being carried in a pocket with other coins. Stits indicated that with practice even this small mark could be avoided and suggested that next time he’d like to try submerging or fuming the coin in the solvent and simply allowing the foil to fall off without a scratch.
As for improving the security of new coins, a number of suggestions were tossed about. Within minutes of defeating the coin, their creator was on the phone with the tampering team discussing ways to mitigate the threat. Multiple layers of holo foil, scoring the sticker and even melting the edges of the plastic and brass together were discussed. At this time it is unknown what steps will actually be taken, but certainly something must be done.
While the “non-polar solvent” used was not specified, there are only a dozen or so known non-polar solvents and such solvents are rather common and easily obtained – toluene, for example, is commonly sold as paint thinner and hexane is an extremely common solvent often used in the food manufacture industry. Stits and Datagram have indicated that they’d love to try their hands at the more expensive silver rounds and that they expect the softer, less reactive noble metal to be even easier to work with than the cheaper brass.
I’d love to suggest something that holders of these popular physical Bitcoins could do to ensure the safety of the digital side of their physical assets, but sadly there isn’t much advice to offer. Anyone can do this with a few dollars and a trip to home depot and even checking the balance at the time of purchase offers little to no added security since an attacker could merely sweep the private key moments after selling off exploited coins.
In all fairness to Caldwell/Casascius, we are talking about people who have been breaking tamper-evident seals for years. Unfortunately we’re also talking about a Smart Cow Problem and the gate has officially been opened.
The truly unfortunate news is that all existing Casascius coins should now be considered compromised unless purchased directly from Casascius himself. Of course the good news is that a re-design seems inevitable and holders of the current coins should at least see an increase in their numismatic value, regardless of the compromised Bitcoin value.
Tip With Bitcoin
Each post gets its own unique Bitcoin address so by tipping you're not only making my continued efforts possible but telling me what you liked. Vote with your (Bitcoin) wallet!