The very first Bitcoin wallets weren’t particularly concerned with security. They were written to be run on internet-connected computers, and the first wallet, Bitcoin core, didn’t even give its users the option of protecting their wallet with a password.
That’s because in early 2010, Bitcoin had almost no value – and it was much more important to introduce people to Bitcoin than to secure it.
However, by 2011, Bitcoin thefts were beginning to be reported. One early reaction to the risk of remote Bitcoin thefts was paper wallets. Paper wallets were an early form of “cold” wallet, and they essentially stored the private key of a wallet on paper. The paper could then be put in a safe location, far from the prying digital hands of a remote hacker. Depending on which sources you read, paper wallets were popular from roughly 2010 - 2016.
Before we cover the topic of paper wallets, we have to talk a bit about what Bitcoin is, and what actually gets stored in a Bitcoin wallet.
A Bitcoin is simply a string of numbers and letters stored in a log of transactions called the Bitcoin blockchain. “Owning” a Bitcoin means that you have the tool that lets you transfer or spend it. This tool is called a “private key”, and it’s actually just a very, very large number. This private key can sign transactions and broadcast them to the network. In a practical sense, your private key is a sort of combination of a username and a password.
A Bitcoin wallet is a secure way to store your private key, and it typically provides functionality to make it easier to send and receive Bitcoin.
The simplest version of a paper wallet is to write your private key on paper, delete any online versions, and then simply store that piece of paper somewhere safe. No remote hacker can access the private key, because it isn’t available anywhere online.
(A simple analogy in the fiat world would be to store your money as cash in your mattress. No one can steal your funds by stealing the login to your bank account, because your money is stored offline.)
Editor’s note: In a sense, writing your 12- or 24-word seed phrase on a piece of paper is also creating a paper wallet. However, this is not what people mean when they talk about paper wallets.
However, generating a private key by hand is complicated and if you incorrectly write down even a single letter, you risk losing any funds controlled by that private key for all time.
As a result, in 2011, several online tools were created to make it easier (and more secure) to randomly generate a private key, and print it on paper – so that there was no risk of writing the key incorrectly. These tools are called paper wallet generators.
One example is BitAddress.org. It was created in such a way that users could load the wallet creation page, then disconnect their computers from the internet, generate a paper wallet, and then print it out before reconnecting to the internet.
But, simple paper wallets left some security issues – for example, what if someone found your paper wallet? They could simply import the private key into a new wallet and steal your funds.
So, why not assign a password to your paper wallet?
Beginning in 2013, the BIP38 protocol offered a way to add an additional layer of security to a paper wallet by encrypting the private key with a password.
To create a BIP38 encrypted paper wallet, a user would first generate a new set of public and private keys using a software program or online service. Once the keys were generated, the private key was encrypted using the password chosen by the user. This encrypted private key was then printed on the paper wallet, along with the public key and the address to which the funds could be sent.
To access the funds stored on a BIP38 encrypted paper wallet, the user would enter the password to decrypt the private key and then import that key into a digital wallet.
Paper wallets mitigate the primary risk of an online or “hot” wallet – that a hacker can remotely steal your private key, and thereby all of your funds.
But, paper wallets share some of the same risks as hot wallets:
And, paper wallets have one risk that hot wallets don’t share: ink fades over the course of a few years, and paper wallets can become unreadable.
Probably the single biggest risk of paper wallets, though, is that people have often used widely available tools to create them – but some of these tools have come under scrutiny for having backdoors that make them insecure.
Here are two examples:
In many cases, the answer is “Yes”, these paper wallets can be recovered. But, it depends on how and why they were lost.
Here are some examples of “recoverable” lost paper wallets:
Crypto Asset Recovery may be able to help you recover your paper wallet in many of these scenarios – please contact us for more information.
BIP38 encrypted private keys always begin with the string “6P”, and it will be 58 characters long. For example, here’s a BIP38 encrypted private key: 6PYKNsNn1Fq1QrAG581zP1t1KdmPDoncTeeXnHvugPdFvxvkJWjH1DRNX1
Unencrypted private keys will never start with the number “6”.
Unencrypted private keys will start with 5, K or L.
Private keys are typically printed in Base58.
Base58 is an “alphabet” that has 58 characters:
It’s very easy to confuse “0” and “O”, and it’s easy to confuse “I” and “l” – so Base58 simply skips them.
To say that differently, if you’re confused by the letters in your private key, you can be confident that there are no zeros, uppercase “o”, uppercase “i” or lowercase “L”.
No, we’re not aware of any paper wallets that generate private keys from 12- or 24-word recovery seeds.
This means that you can’t recover your paper wallet with a 12 word recovery phrase – because the private key stored in that paper wallet never had a recovery seed.
The “backup” method of a paper wallet was essentially to make copies of the wallet.
Essentially, you need to try many variations of your private key, until you find one that opens your wallet.
Let’s say that you have your entire private key printed out, but you can’t quite read your handwriting, and you aren’t sure if one of the characters is a “4” or a “9”.
You could download a wallet like Electrum, open a new wallet, type in all the characters (assuming that the confusing character is a “4”), and then see if Electrum opens your wallet. If it does, you’ve recovered your wallet, and you can send the funds to another wallet.
If that doesn’t open your wallet, then you can try the same thing again, this time substituting a “9” for the confusing character.
However, what happens if you hand-wrote the characters in your private key, and you discover that you only wrote 51 of its 52 characters? You accidentally skipped a character when writing your private key? Now, you have to try 58 different possible characters in 52 possible places. And you have to open the wallet each time at the end, to see if you found the right combination.
That’s hard to do on your own – but, we can do it with software. Contact us for more information.
The answer really depends on what you know about the password. If you believe that the password was a long (10+ character), randomly generated string, then your only real strategy is to find a backup for that password. Perhaps you wrote it in an email, or a notebook, stored it in a password manager, etc. If you can’t find it, store the encrypted private key and your notes about the password safely, in the hopes that in the future it might be able to be recovered.
However, if you aren’t sure what the password is, you can try passwords that you commonly used in the past, in the hopes that you used one of those passwords for this wallet. In addition, Crypto Asset Recovery can turn those commonly used passwords into millions, billions or more password variations, and test them against you private key until we find the correct password. Contact us for more information.
One strategy people have tried to improve the security of their private keys is to divide the key into several pieces, and store them in different locations.
Imagine you had the following private key:
KywKMv5eCKwPWTbdmLLKx6eqvJvw5fmSCHStv1RoV4RHKyDmb2jk
Now, imagine you wrote the first 26 characters on one piece of paper, and the second 26 characters on another:
Anyone that found one of the pieces of paper would be out of luck – they would need both to take funds.
It’s true that this strategy is quite secure against theft – the problem is that you have doubled your chances of losing access to your funds – because if either half is lost, it’s currently impossible to recover the 2nd half.
(It’s probably practical to recover 5 missing digits, but not 26)
So, if this is your situation, my only advice is to safeguard the half that you still have – perhaps there will be a revolutionary computing advance at some point that would allow you to brute force the remainder.
Yes, StrongCoin.com, a online, browser-based self-custody wallet, provided a paper wallet as a backup. That wallet included an encrypted version of the user’s private key – although it did not use the encryption scheme documented in BIP38.