BTC
$106,080.87
+
0.96%
ETH
$2,520.49
+
3.80%
USDT
$1.0001
+
0.00%
XRP
$2.3954
+
0.00%
BNB
$651.39
+
1.18%
SOL
$168.13
+
0.10%
USDC
$0.9993
-
0.04%
DOGE
$0.2257
+
0.32%
ADA
$0.7457
+
0.18%
TRX
$0.2668
+
1.42%
SUI
$3.8670
+
1.34%
LINK
$15.80
+
2.38%
AVAX
$22.24
-
0.61%
XLM
$0.2871
-
0.28%
HYPE
$26.53
+
0.09%
SHIB
$0.0₄1461
-
0.01%
HBAR
$0.1947
+
0.18%
LEO
$8.5959
-
1.52%
BCH
$394.96
-
1.18%
TON
$3.0234
-
1.81%
Logo
  • News
  • Prices
  • Data
  • Indices
  • Research
  • Events
  • Sponsored
  • Sign In
  • Sign Up
Markets
Share this article
X iconX (Twitter)LinkedInFacebookEmail

Defcon hackers crack physical bitcoin Casascius coins

The Casascius coin was shown to be vulnerable to physical attack at this year's Defcon conference.

By David Gilson
Updated Sep 10, 2021, 11:28 a.m. Published Aug 13, 2013, 10:53 a.m.
Casascius coin cracked

The Casascius coin was shown to be vulnerable to physical attack at this year's Defcon conference, one of the world's largest hacker conventions. Casascius coins are one form of physical bitcoin, being supplied in denominations of 0.5, 1 and 25 BTC. The coins each have a private key printed on them, concealed by a holographic sticker. The Defcon hackers were able to reveal the key and replace the stick with virtually no sign of tampering.

The private key on each Casascius coin relates to the bitcoin address that holds the value of the coin. The implication of having access to this coin is that the balance of the coin's address could be altered. This could either be to increase the value so as to smuggle money – or more likely to remove the BTC value from the coin before passing the coin along to anyone who accepts it as currency.

STORY CONTINUES BELOW
Don't miss another story.Subscribe to the Crypto Daybook Americas Newsletter today. See all newsletters
By signing up, you will receive emails about CoinDesk products and you agree to our terms of use and privacy policy.

According to the Coding in my Sleep blog, the "physical attack" was performed by using a hypodermic needle to inject what was described as a "non-polar solvent" between the coin's holographic sticker and brass surface. The solvent had the effect of neutralising the adhesive, thus allowing the sticker to be non-destructively removed.

The private key could then be easily read, and the sticker replaced with new adhesive. The only sign of tampering was a small deformation where the needle had stretched the sticker during insertion – a mark which could be mistaken for normal wearing.

Information security expert Vladimir Marchenko, told us: "From the very beginning, when Casascius coins were announced I was rather skeptical about this project due to information security concerns. It was clear that if one hides a private key in a physical object there might be a cost-effective non-destructive method to discover the key or otherwise 'counterfeit' the coin.

"Moreover, there is no secret service to go after 'attackers' unlike a case with floating rate notes. With only purely technical measures there will always be a shield-and-sword kind of antagonism, but in this case even temporary advantage of attackers is unacceptable. Today it is chemicals, tomorrow it might be some kind of X-ray analysis detecting traces of metals in the ink used etc. There will inevitably be more and more successful attacks on physical representations of bitcoin that hide the private key inside some physical medium."

Marchenko went on to outline general concerns with physical representations of digital currencies: "What is even more worrying with such types of 'physical bitcoins' is the unknown 'chain of custody' of a private key before it gets embedded in the coin. We might as well all assume that the manufacturer of the coin is an upstanding gentleman with no intent to keep a database of private keys, but there are no guarantees. The first rule of information security is to not take unknown risks. These coins definitely have lots of novelty value and might be an interesting artefact and have some numismatic value. However, I would strongly advise against using such physical coins as a long term storage medium of any non-trivial amount of bitcoins."

Marchenko made the case to us that bitcoin should not be made into physical representations as doing so removes many of the benefits of a digital currency. "Bitcoin is designed as an electronic currency and the safest way to use it is to use it electronically and keep bitcoin transactions on the block chain. Private keys are meant to remain private and never be revealed to any third parties. The moment one starts trading private keys, one is voluntarily forfeiting most of the benefits modern cryptography like bitcoin provides. Those Defcon hackers have clearly demonstrated this concept by picking easy targets, like removing a sticker from a piece of plastic. I would be much more impressed if they had successfully attacked SHA256, RIPEMD or ECDSA."

Image credit: Coding In My Sleep

CrimeCasascius CoinsDefconPhysical BitcoinsTechnologyNewsTechnology News
David Gilson

Tech journalist, Windows 8 user, quantum physics and Linux enthusiast.

Picture of CoinDesk author David Gilson

Only 2 articles remaining this month.

Sign up for free

About

  • About Us
  • Masthead
  • Careers
  • CoinDesk News
  • Crypto API Documentation

Contact

  • Contact Us
  • Accessibility
  • Advertise
  • Sitemap
  • System Status
DISCLOSURE & POLICES
CoinDesk is an award-winning media outlet that covers the cryptocurrency industry. Its journalists abide by a strict set of editorial policies. CoinDesk has adopted a set of principles aimed at ensuring the integrity, editorial independence and freedom from bias of its publications. CoinDesk is part of the Bullish group, which owns and invests in digital asset businesses and digital assets. CoinDesk employees, including journalists, may receive Bullish group equity-based compensation. Bullish was incubated by technology investor Block.one.
EthicsPrivacyTerms of UseCookie SettingsDo Not Sell My Info

© 2025 CoinDesk, Inc.
X icon
Sign Up
  • News
    Back to menu
    News
    • Markets
    • Finance
    • Tech
    • Policy
    • Focus
  • Prices
    Back to menu
    Prices
    • Data
      Back to menu
      Data
      • Trade Data
      • Derivatives
      • Order Book Data
      • On-Chain Data
      • API
      • Research & Insights
      • Data Catalogue
      • AI & Machine Learning
    • Indices
      Back to menu
      Indices
      • Multi-Asset Indices
      • Reference Rates
      • Strategies and Services
      • API
      • Insights & Announcements
      • Documentation & Governance
    • Research
      Back to menu
      Research
      • Events
        Back to menu
        Events
        • Consensus 2025
        • Consensus 2025 Coverage
      • Sponsored
        Back to menu
        Sponsored
        • Thought Leadership
        • Press Releases
        • CoinW
        • MEXC
        • Phemex
        • Advertise
      • Videos
        Back to menu
        Videos
        • CoinDesk Daily
        • Shorts
        • Editor's Picks
      • Podcasts
        Back to menu
        Podcasts
        • CoinDesk Podcast Network
        • Markets Daily
        • Gen C
        • Unchained with Laura Shin
        • The Mining Pod
      • Newsletters
        Back to menu
        Newsletters
        • The Node
        • Crypto Daybook Americas
        • State of Crypto
        • Crypto Long & Short
        • Crypto for Advisors
      • Webinars & Events
        Back to menu
        Webinars & Events
        • Consensus 2025
        • Policy & Regulation Conference
      Select Language
      English enEspañol esFilipino filFrançais frItaliano itPortuguês pt-brРусский ruУкраїнська uk