What did I do wrong that caused me to lose bitcoin?
I've been accumulating bitcoin into a paper wallet for a couple weeks. It's all been stolen. I'm trying to figure out what I did wrong:
https://www.blockchain.com/btc/address/193jdrxMKoUjWLyKm2UCGNXLGGvK1x3FDV
I've been very careful with this wallet. I purchased bitcoin on Bisq. Over time I was sending them to a paper wallet that I generated on bitcoinpaperwallet .com. I printed this paper wallet on a piece of paper hidden inside my house. I never saved the private key anywhere on my computer.
As I transferred funds into the wallet, I would verify they arrived by checking blockchain .com. They always did.
A week ago I transferred a lot more bitcoin to this same paper wallet. Today I checked and the wallet was completely drained, hours after the last transfer and soon after I verified they arrived (using blockchain .com). The bitcoins seem to have been instantly transferred to a bunch of wallets downstream and scrambled.
I'm completely baffled as to what I've done wrong. I searched my computer to make sure I didn't accidentally save the private key somewhere, it's nowhere to be found. But I knew that I didn't do this. I was very careful when generating the paper wallet. The only place the private key is on this piece of paper.
No one in my house knows anything about bitcoin, and anyway, this paper has been kept concealed.
What did I do wrong? Any clues?
P.S. Since I know someone will ask, the reason I didn't use a hardware wallet is that I was going to save this paper wallet on multiple encrypted USB sticks. I don't trust the hardware wallets to be secure and recoverable ~10 years from now when those companies may be gone and their software may be outdated.
paper-wallet wallet-security
New contributor
add a comment |
I've been accumulating bitcoin into a paper wallet for a couple weeks. It's all been stolen. I'm trying to figure out what I did wrong:
https://www.blockchain.com/btc/address/193jdrxMKoUjWLyKm2UCGNXLGGvK1x3FDV
I've been very careful with this wallet. I purchased bitcoin on Bisq. Over time I was sending them to a paper wallet that I generated on bitcoinpaperwallet .com. I printed this paper wallet on a piece of paper hidden inside my house. I never saved the private key anywhere on my computer.
As I transferred funds into the wallet, I would verify they arrived by checking blockchain .com. They always did.
A week ago I transferred a lot more bitcoin to this same paper wallet. Today I checked and the wallet was completely drained, hours after the last transfer and soon after I verified they arrived (using blockchain .com). The bitcoins seem to have been instantly transferred to a bunch of wallets downstream and scrambled.
I'm completely baffled as to what I've done wrong. I searched my computer to make sure I didn't accidentally save the private key somewhere, it's nowhere to be found. But I knew that I didn't do this. I was very careful when generating the paper wallet. The only place the private key is on this piece of paper.
No one in my house knows anything about bitcoin, and anyway, this paper has been kept concealed.
What did I do wrong? Any clues?
P.S. Since I know someone will ask, the reason I didn't use a hardware wallet is that I was going to save this paper wallet on multiple encrypted USB sticks. I don't trust the hardware wallets to be secure and recoverable ~10 years from now when those companies may be gone and their software may be outdated.
paper-wallet wallet-security
New contributor
Can you elaborate on how you generated the paper wallet? Did you do so in a web browser? Did you save the .html file and then run it while offline? Did the computer that generated the keys ever go online again later? What sort of printer did you use, is it connected to your network? Your answers to these questions may provide clues. Sorry you were robbed :(
– chytrik
1 hour ago
add a comment |
I've been accumulating bitcoin into a paper wallet for a couple weeks. It's all been stolen. I'm trying to figure out what I did wrong:
https://www.blockchain.com/btc/address/193jdrxMKoUjWLyKm2UCGNXLGGvK1x3FDV
I've been very careful with this wallet. I purchased bitcoin on Bisq. Over time I was sending them to a paper wallet that I generated on bitcoinpaperwallet .com. I printed this paper wallet on a piece of paper hidden inside my house. I never saved the private key anywhere on my computer.
As I transferred funds into the wallet, I would verify they arrived by checking blockchain .com. They always did.
A week ago I transferred a lot more bitcoin to this same paper wallet. Today I checked and the wallet was completely drained, hours after the last transfer and soon after I verified they arrived (using blockchain .com). The bitcoins seem to have been instantly transferred to a bunch of wallets downstream and scrambled.
I'm completely baffled as to what I've done wrong. I searched my computer to make sure I didn't accidentally save the private key somewhere, it's nowhere to be found. But I knew that I didn't do this. I was very careful when generating the paper wallet. The only place the private key is on this piece of paper.
No one in my house knows anything about bitcoin, and anyway, this paper has been kept concealed.
What did I do wrong? Any clues?
P.S. Since I know someone will ask, the reason I didn't use a hardware wallet is that I was going to save this paper wallet on multiple encrypted USB sticks. I don't trust the hardware wallets to be secure and recoverable ~10 years from now when those companies may be gone and their software may be outdated.
paper-wallet wallet-security
New contributor
I've been accumulating bitcoin into a paper wallet for a couple weeks. It's all been stolen. I'm trying to figure out what I did wrong:
https://www.blockchain.com/btc/address/193jdrxMKoUjWLyKm2UCGNXLGGvK1x3FDV
I've been very careful with this wallet. I purchased bitcoin on Bisq. Over time I was sending them to a paper wallet that I generated on bitcoinpaperwallet .com. I printed this paper wallet on a piece of paper hidden inside my house. I never saved the private key anywhere on my computer.
As I transferred funds into the wallet, I would verify they arrived by checking blockchain .com. They always did.
A week ago I transferred a lot more bitcoin to this same paper wallet. Today I checked and the wallet was completely drained, hours after the last transfer and soon after I verified they arrived (using blockchain .com). The bitcoins seem to have been instantly transferred to a bunch of wallets downstream and scrambled.
I'm completely baffled as to what I've done wrong. I searched my computer to make sure I didn't accidentally save the private key somewhere, it's nowhere to be found. But I knew that I didn't do this. I was very careful when generating the paper wallet. The only place the private key is on this piece of paper.
No one in my house knows anything about bitcoin, and anyway, this paper has been kept concealed.
What did I do wrong? Any clues?
P.S. Since I know someone will ask, the reason I didn't use a hardware wallet is that I was going to save this paper wallet on multiple encrypted USB sticks. I don't trust the hardware wallets to be secure and recoverable ~10 years from now when those companies may be gone and their software may be outdated.
paper-wallet wallet-security
paper-wallet wallet-security
New contributor
New contributor
New contributor
asked 5 hours ago
sucks1717171sucks1717171
62
62
New contributor
New contributor
Can you elaborate on how you generated the paper wallet? Did you do so in a web browser? Did you save the .html file and then run it while offline? Did the computer that generated the keys ever go online again later? What sort of printer did you use, is it connected to your network? Your answers to these questions may provide clues. Sorry you were robbed :(
– chytrik
1 hour ago
add a comment |
Can you elaborate on how you generated the paper wallet? Did you do so in a web browser? Did you save the .html file and then run it while offline? Did the computer that generated the keys ever go online again later? What sort of printer did you use, is it connected to your network? Your answers to these questions may provide clues. Sorry you were robbed :(
– chytrik
1 hour ago
Can you elaborate on how you generated the paper wallet? Did you do so in a web browser? Did you save the .html file and then run it while offline? Did the computer that generated the keys ever go online again later? What sort of printer did you use, is it connected to your network? Your answers to these questions may provide clues. Sorry you were robbed :(
– chytrik
1 hour ago
Can you elaborate on how you generated the paper wallet? Did you do so in a web browser? Did you save the .html file and then run it while offline? Did the computer that generated the keys ever go online again later? What sort of printer did you use, is it connected to your network? Your answers to these questions may provide clues. Sorry you were robbed :(
– chytrik
1 hour ago
add a comment |
1 Answer
1
active
oldest
votes
1) If you generate your paper wallet on your computer, you have to fully trust your computer
2) If you use a website for generating your paper wallet, a) you need to trust that website (hopefully its local javascript) b) your browser and its random number generator and c) eventually your network provider(s) (depending on the transport layer security)
3) If you generate your paper wallet on your computer and it was compromised, the generated paper wallet was accessible at least during the time of your generation.
My recommendation
1. Never ever use a online paperwallet generator
2. Hardware wallets are eventually not super secure, but they offer great security, maybe use them instead of a paperwallet
3. The BIP39 24 word seed can be restored even if the vendor of your HWW disappears
Conclusion:
Use an old offline computer with Bitcoin Core or any other semi-trusted software to generate your private keys or seeds, keep it offline all the time!
Or... use multiple hardware wallets from different vendors in a multisig setup if you want maximal security (but comes with minimal user experience)
I said "old" computer because we can assume that older computer have less risks of included hardware based backdoors (like the intel management engine, etc.)
– Jonas Schnelli
3 hours ago
Another possible attack vector is the printer, especially if it is a network printer.
– Nate Eldredge
2 hours ago
add a comment |
Your Answer
StackExchange.ready(function() {
var channelOptions = {
tags: "".split(" "),
id: "308"
};
initTagRenderer("".split(" "), "".split(" "), channelOptions);
StackExchange.using("externalEditor", function() {
// Have to fire editor after snippets, if snippets enabled
if (StackExchange.settings.snippets.snippetsEnabled) {
StackExchange.using("snippets", function() {
createEditor();
});
}
else {
createEditor();
}
});
function createEditor() {
StackExchange.prepareEditor({
heartbeatType: 'answer',
autoActivateHeartbeat: false,
convertImagesToLinks: false,
noModals: true,
showLowRepImageUploadWarning: true,
reputationToPostImages: null,
bindNavPrevention: true,
postfix: "",
imageUploader: {
brandingHtml: "Powered by u003ca class="icon-imgur-white" href="https://imgur.com/"u003eu003c/au003e",
contentPolicyHtml: "User contributions licensed under u003ca href="https://creativecommons.org/licenses/by-sa/3.0/"u003ecc by-sa 3.0 with attribution requiredu003c/au003e u003ca href="https://stackoverflow.com/legal/content-policy"u003e(content policy)u003c/au003e",
allowUrls: true
},
noCode: true, onDemand: true,
discardSelector: ".discard-answer"
,immediatelyShowMarkdownHelp:true
});
}
});
sucks1717171 is a new contributor. Be nice, and check out our Code of Conduct.
Sign up or log in
StackExchange.ready(function () {
StackExchange.helpers.onClickDraftSave('#login-link');
});
Sign up using Google
Sign up using Facebook
Sign up using Email and Password
Post as a guest
Required, but never shown
StackExchange.ready(
function () {
StackExchange.openid.initPostLogin('.new-post-login', 'https%3a%2f%2fbitcoin.stackexchange.com%2fquestions%2f85038%2fwhat-did-i-do-wrong-that-caused-me-to-lose-bitcoin%23new-answer', 'question_page');
}
);
Post as a guest
Required, but never shown
1 Answer
1
active
oldest
votes
1 Answer
1
active
oldest
votes
active
oldest
votes
active
oldest
votes
1) If you generate your paper wallet on your computer, you have to fully trust your computer
2) If you use a website for generating your paper wallet, a) you need to trust that website (hopefully its local javascript) b) your browser and its random number generator and c) eventually your network provider(s) (depending on the transport layer security)
3) If you generate your paper wallet on your computer and it was compromised, the generated paper wallet was accessible at least during the time of your generation.
My recommendation
1. Never ever use a online paperwallet generator
2. Hardware wallets are eventually not super secure, but they offer great security, maybe use them instead of a paperwallet
3. The BIP39 24 word seed can be restored even if the vendor of your HWW disappears
Conclusion:
Use an old offline computer with Bitcoin Core or any other semi-trusted software to generate your private keys or seeds, keep it offline all the time!
Or... use multiple hardware wallets from different vendors in a multisig setup if you want maximal security (but comes with minimal user experience)
I said "old" computer because we can assume that older computer have less risks of included hardware based backdoors (like the intel management engine, etc.)
– Jonas Schnelli
3 hours ago
Another possible attack vector is the printer, especially if it is a network printer.
– Nate Eldredge
2 hours ago
add a comment |
1) If you generate your paper wallet on your computer, you have to fully trust your computer
2) If you use a website for generating your paper wallet, a) you need to trust that website (hopefully its local javascript) b) your browser and its random number generator and c) eventually your network provider(s) (depending on the transport layer security)
3) If you generate your paper wallet on your computer and it was compromised, the generated paper wallet was accessible at least during the time of your generation.
My recommendation
1. Never ever use a online paperwallet generator
2. Hardware wallets are eventually not super secure, but they offer great security, maybe use them instead of a paperwallet
3. The BIP39 24 word seed can be restored even if the vendor of your HWW disappears
Conclusion:
Use an old offline computer with Bitcoin Core or any other semi-trusted software to generate your private keys or seeds, keep it offline all the time!
Or... use multiple hardware wallets from different vendors in a multisig setup if you want maximal security (but comes with minimal user experience)
I said "old" computer because we can assume that older computer have less risks of included hardware based backdoors (like the intel management engine, etc.)
– Jonas Schnelli
3 hours ago
Another possible attack vector is the printer, especially if it is a network printer.
– Nate Eldredge
2 hours ago
add a comment |
1) If you generate your paper wallet on your computer, you have to fully trust your computer
2) If you use a website for generating your paper wallet, a) you need to trust that website (hopefully its local javascript) b) your browser and its random number generator and c) eventually your network provider(s) (depending on the transport layer security)
3) If you generate your paper wallet on your computer and it was compromised, the generated paper wallet was accessible at least during the time of your generation.
My recommendation
1. Never ever use a online paperwallet generator
2. Hardware wallets are eventually not super secure, but they offer great security, maybe use them instead of a paperwallet
3. The BIP39 24 word seed can be restored even if the vendor of your HWW disappears
Conclusion:
Use an old offline computer with Bitcoin Core or any other semi-trusted software to generate your private keys or seeds, keep it offline all the time!
Or... use multiple hardware wallets from different vendors in a multisig setup if you want maximal security (but comes with minimal user experience)
1) If you generate your paper wallet on your computer, you have to fully trust your computer
2) If you use a website for generating your paper wallet, a) you need to trust that website (hopefully its local javascript) b) your browser and its random number generator and c) eventually your network provider(s) (depending on the transport layer security)
3) If you generate your paper wallet on your computer and it was compromised, the generated paper wallet was accessible at least during the time of your generation.
My recommendation
1. Never ever use a online paperwallet generator
2. Hardware wallets are eventually not super secure, but they offer great security, maybe use them instead of a paperwallet
3. The BIP39 24 word seed can be restored even if the vendor of your HWW disappears
Conclusion:
Use an old offline computer with Bitcoin Core or any other semi-trusted software to generate your private keys or seeds, keep it offline all the time!
Or... use multiple hardware wallets from different vendors in a multisig setup if you want maximal security (but comes with minimal user experience)
answered 3 hours ago
Jonas SchnelliJonas Schnelli
5,1851026
5,1851026
I said "old" computer because we can assume that older computer have less risks of included hardware based backdoors (like the intel management engine, etc.)
– Jonas Schnelli
3 hours ago
Another possible attack vector is the printer, especially if it is a network printer.
– Nate Eldredge
2 hours ago
add a comment |
I said "old" computer because we can assume that older computer have less risks of included hardware based backdoors (like the intel management engine, etc.)
– Jonas Schnelli
3 hours ago
Another possible attack vector is the printer, especially if it is a network printer.
– Nate Eldredge
2 hours ago
I said "old" computer because we can assume that older computer have less risks of included hardware based backdoors (like the intel management engine, etc.)
– Jonas Schnelli
3 hours ago
I said "old" computer because we can assume that older computer have less risks of included hardware based backdoors (like the intel management engine, etc.)
– Jonas Schnelli
3 hours ago
Another possible attack vector is the printer, especially if it is a network printer.
– Nate Eldredge
2 hours ago
Another possible attack vector is the printer, especially if it is a network printer.
– Nate Eldredge
2 hours ago
add a comment |
sucks1717171 is a new contributor. Be nice, and check out our Code of Conduct.
sucks1717171 is a new contributor. Be nice, and check out our Code of Conduct.
sucks1717171 is a new contributor. Be nice, and check out our Code of Conduct.
sucks1717171 is a new contributor. Be nice, and check out our Code of Conduct.
Thanks for contributing an answer to Bitcoin Stack Exchange!
- Please be sure to answer the question. Provide details and share your research!
But avoid …
- Asking for help, clarification, or responding to other answers.
- Making statements based on opinion; back them up with references or personal experience.
To learn more, see our tips on writing great answers.
Sign up or log in
StackExchange.ready(function () {
StackExchange.helpers.onClickDraftSave('#login-link');
});
Sign up using Google
Sign up using Facebook
Sign up using Email and Password
Post as a guest
Required, but never shown
StackExchange.ready(
function () {
StackExchange.openid.initPostLogin('.new-post-login', 'https%3a%2f%2fbitcoin.stackexchange.com%2fquestions%2f85038%2fwhat-did-i-do-wrong-that-caused-me-to-lose-bitcoin%23new-answer', 'question_page');
}
);
Post as a guest
Required, but never shown
Sign up or log in
StackExchange.ready(function () {
StackExchange.helpers.onClickDraftSave('#login-link');
});
Sign up using Google
Sign up using Facebook
Sign up using Email and Password
Post as a guest
Required, but never shown
Sign up or log in
StackExchange.ready(function () {
StackExchange.helpers.onClickDraftSave('#login-link');
});
Sign up using Google
Sign up using Facebook
Sign up using Email and Password
Post as a guest
Required, but never shown
Sign up or log in
StackExchange.ready(function () {
StackExchange.helpers.onClickDraftSave('#login-link');
});
Sign up using Google
Sign up using Facebook
Sign up using Email and Password
Sign up using Google
Sign up using Facebook
Sign up using Email and Password
Post as a guest
Required, but never shown
Required, but never shown
Required, but never shown
Required, but never shown
Required, but never shown
Required, but never shown
Required, but never shown
Required, but never shown
Required, but never shown
Can you elaborate on how you generated the paper wallet? Did you do so in a web browser? Did you save the .html file and then run it while offline? Did the computer that generated the keys ever go online again later? What sort of printer did you use, is it connected to your network? Your answers to these questions may provide clues. Sorry you were robbed :(
– chytrik
1 hour ago