Defcon hackers crack physical bitcoin Casascius coins

Casascius-coin-cracked
13 August 2013

The Casascius coin was shown to be vulnerable to physical attack at this year’s Defcon conference, one of the world’s largest hacker conventions. Casascius coins are one form of physical bitcoin, being supplied in denominations of 0.5, 1 and 25 BTC. The coins each have a private key printed on them, concealed by a holographic sticker. The Defcon hackers were able to reveal the key and replace the stick with virtually no sign of tampering.

The private key on each Casascius coin relates to the bitcoin address that holds the value of the coin. The implication of having access to this coin is that the balance of the coin’s address could be altered. This could either be to increase the value so as to smuggle money – or more likely to remove the BTC value from the coin before passing the coin along to anyone who accepts it as currency.

According to the Coding in my Sleep blog, the “physical attack” was performed by using a hypodermic needle to inject what was described as a “non-polar solvent” between the coin’s holographic sticker and brass surface. The solvent had the effect of neutralising the adhesive, thus allowing the sticker to be non-destructively removed.

The private key could then be easily read, and the sticker replaced with new adhesive. The only sign of tampering was a small deformation where the needle had stretched the sticker during insertion – a mark which could be mistaken for normal wearing.

Information security expert Vladimir Marchenko, told us: “From the very beginning, when Casascius coins were announced I was rather skeptical about this project due to information security concerns. It was clear that if one hides a private key in a physical object there might be a cost-effective non-destructive method to discover the key or otherwise ‘counterfeit’ the coin.

“Moreover, there is no secret service to go after ‘attackers’ unlike a case with floating rate notes. With only purely technical measures there will always be a shield-and-sword kind of antagonism, but in this case even temporary advantage of attackers is unacceptable. Today it is chemicals, tomorrow it might be some kind of X-ray analysis detecting traces of metals in the ink used etc. There will inevitably be more and more successful attacks on physical representations of bitcoin that hide the private key inside some physical medium.”

Marchenko went on to outline general concerns with physical representations of digital currencies: “What is even more worrying with such types of ‘physical bitcoins’ is the unknown ‘chain of custody’ of a private key before it gets embedded in the coin. We might as well all assume that the manufacturer of the coin is an upstanding gentleman with no intent to keep a database of private keys, but there are no guarantees. The first rule of information security is to not take unknown risks. These coins definitely have lots of novelty value and might be an interesting artefact and have some numismatic value. However, I would strongly advise against using such physical coins as a long term storage medium of any non-trivial amount of bitcoins.”

Marchenko made the case to us that bitcoin should not be made into physical representations as doing so removes many of the benefits of a digital currency. “Bitcoin is designed as an electronic currency and the safest way to use it is to use it electronically and keep bitcoin transactions on the block chain. Private keys are meant to remain private and never be revealed to any third parties. The moment one starts trading private keys, one is voluntarily forfeiting most of the benefits modern cryptography like bitcoin provides. Those Defcon hackers have clearly demonstrated this concept by picking easy targets, like removing a sticker from a piece of plastic. I would be much more impressed if they had successfully attacked SHA256, RIPEMD or ECDSA.”

Image credit: Coding In My Sleep