Defcon Hacking Conference: Casascius physical Bitcoins get cracked

Ten minutes. That’s how much time it took for the Defcon researchers Stits and Datagram to break the system of a Casascius Bitcoin for the first time. However, at the conference, the experts said that with a little practice they could recover the private key of a Casascius unit in just one or two minutes.

For the people that still don’t know what the Casascius are, these physical Bitcoins have a little card embedded inside, which contains a digital currency wallet linked to an account with the same value as the one engraved in the coin. The devices are protected by a layer of holograms and an 8-digit code and it was supposed to be very difficult to tamper with one of these, but this year’s Defcon conference showed the contrary.

Want to know how Stits and Datagram did it? Take a look.

Step 1

20130803_135932

First, they used a hypodermic needle to inject tiny amounts of a “non-polar solvent” (the name the researchers gave to the substance used without disclosing its real name) between the holographic security sticker and the coin itself.

Step 2

20130803_135941

After the solvent almost dissolved the adhesive, they peeled back the holographic foil and gained easy access to the private key beneath it.

Step 3

20130803_140138

Then, they quickly replaced the sticker and a new adhesive was placed. In the end, the “new” coin only had an almost invisible mark where the needle was initially inserted.

After the demonstration, the researchers suggested some safety improvements that could benefit the Casascius coins: multiple layers of holo foil, scored stickers or even melting the edges of the plastic and brass together were some of the advices Stits and Datagram gave to the Casascius’ team.

Next challenge for the researchers? Try the same in the more expensive coins.

Via codinginmysleep.com

Bitcoin Video Crash Course 

Join over 94,000 students and know all you need to know about Bitcoin. One email a day for 7 days, short and educational, guaranteed.

We hate spam as much as you do. You can unsubscribe with one click.

4
Leave a Reply

avatar
 
0 Comment threads
0 Thread replies
0 Followers
 
Most reacted comment
Hottest comment thread
0 Comment authors
Recent comment authors
  Subscribe  
newest oldest most voted
Notify of