Author

Topic: Did I compromise my paper wallet? Help and opinions appreciated (Read 374 times)

legendary
Activity: 3416
Merit: 1912
The Concierge of Crypto
I already run a bitcoin core full node. I just might run either my own personal Electrum server or maybe even open it up to a few others (or if I have the bandwidth, make it public too.)
legendary
Activity: 3038
Merit: 4418
Crypto Swap Exchange
You don't really need additional software for this, though. You could simply just keep a copy of the address, and search it up on a block explorer.
It's a lot more convenient to keep a copy of Electrum running. Assuming that you're not going to use the wallet that much, you can just create it on an offline computer, get the master public key and keep the seeds safe. By importing it onto the Electrum wallet, you'll be able to obtain the address that could be generated from the seeds and it's balances. It would act just like any other Electrum wallet, less the ability to spend its coins straight.
staff
Activity: 3304
Merit: 4115
A relatively simple method would be to put Tails OS onto an USB stick, unplug internet and boot from the stick.
Tails already have Electrum on it, so you create a new wallet (it will not be persistent!), write down the words and save onto another stick a couple of addresses.
Done.
If anyone takes this route make sure to verify that you have the tails downloaded from a legitimate source by verifying the signature via PGP. Should probably do this for all media that you download, but people get lazy, and tend to forget.

you can run a watch-only Electrum wallet on an online computer, or even your mobile phone.
You don't really need additional software for this, though. You could simply just keep a copy of the address, and search it up on a block explorer.
legendary
Activity: 3276
Merit: 2442
A paper wallet basically is your private&public key printed on a paper. You can do the same thing with the "bitcoin core" software or electrum. Download either of these, off your internet connection, export your private keys and print them. (then don't forget to secure your physical copy well) It is the same thing and a lot safer than what you did.
legendary
Activity: 3416
Merit: 1912
The Concierge of Crypto
I would trust Electrum instead of dice.

Tails already have Electrum on it,
I'd word it a bit differently (as I can't trust anything else higher than properly rolled dice), but Electrum from Tails (latest version of Tails has latest version of Electrum too) should work for most people. I'd also either save a bunch of addresses, or the extended public key, you can run a watch-only Electrum wallet on an online computer, or even your mobile phone.
legendary
Activity: 1624
Merit: 2481
The computer i generated the wallet on hasn't got malware, I'm sure of it, its only ever used for media creation a (adobe suite) and that's it.

That's the wrong point of view.
You can never be sure that your computer is 100% clear from any kind of malware.

Being compromised also doesn't mean that you need to intentionally download and install malware.
Depending on your current version of windows there might (most probably) be quite a lot of dangerous vulnerabilities which allow to perform a remote code execution or manipulate your system in other ways.
This is 'enough' to be able to compromise a paper wallet.

If you want to create a paper wallet, boot an offline linux distro and either use some good(!) paper wallet creator or (the better way) use a good wallet (e.g. electrum) or simply the linux command line to create a private key.
If you need to print it out, make sure you are aware of all risks included using a network connected printer (e.g. buffer storing last X printed pages).

But since you own a ledger nano, just create a new 'account' for your donation wallet and use those addresses.
You might as well use your main 'account'. But this could result in accidentally spending those UTXO's when creating a transaction. An seperated account is the easiest way to not accidentally touch them.
And it is probably the safest and most secured way for you.
legendary
Activity: 3668
Merit: 6382
Looking for campaign manager? Contact icopress!
Nuke your computer.. [~]

There are many other methods to generate paper wallets offline.

I would trust Electrum instead of dice.

A relatively simple method would be to put Tails OS onto an USB stick, unplug internet and boot from the stick.
Tails already have Electrum on it, so you create a new wallet (it will not be persistent!), write down the words and save onto another stick a couple of addresses.
Done.


Edit: in the light of my latest test, Electrum seed may not work with anything else than Electrum, so an offline copy of https://iancoleman.io/bip39/ may do a better job.
legendary
Activity: 3416
Merit: 1912
The Concierge of Crypto
Nuke your computer.. By that, I mean erase, securely, by doing at least one pass zero or random wipe of the HDD. If you are using SSD, I believe a simple repartition and reformat should securely erase it as well.

There are many other methods to generate paper wallets offline. Can use dice, flip coins, shuffle cards... Dice is fun and not too difficult.

You could, for example, use diceware, generate 8 word phrase, write down that phrase, and use that phrase to type into Warp Wallet (offline downloaded copy of course), grab the resulting private key, put that into bitaddress site (again, offline downloaded copy) to get the raw 256 bit private key in hex format, use that hex key and put that into a (offline downloaded copy) of iancolemen to generate a master extended private key so you can now generate hundreds of addresses, all in native segwit format.

Just never forget your 8 word passphrase, and save all those files; in case they disappear from where ever they are. I'd also probably save a copy of the actual extended private key.


If you just want an easier time, use electrum and create a brand new wallet and write down the 12 words it spits out, export the extended public key, and you now have a few hundred addresses you can also use. The 12 words are your paper wallet.

Again, all done from an offline computer, and if you ever intend to re-use that, erase the hard drive. DBAN is free and will erase all drives connected to the computer that boots it.
legendary
Activity: 3472
Merit: 4801
The computer i generated the wallet on hasn't got malware, I'm sure of it, its only ever used for media creation a (adobe suite) and that's it.

Take a look at all the processes that are running in the background on that computer.  Stuff that was installed by the operating system, stuff that was installed by your browsers, stuff that was installed by Adobe, other stuff that you either knowingly or unknowingly installed, etc.

Now, knowing that the creators of all that software are thousands of tech savy computer programmers, how sure are you that NONE of them (not a single developer of a single process) thought to include some hidden code designed to quietly capture and transmit bitcoin private keys as they are generated?

The very act of generating a private key on an internet connected computer opens up the possibility that some developer somewhere might have managed to get some small bit of code running quietly on your computer that can capture that private key and share it to them.  Failing to wipe a computer after generating bitcoin keys, and before reconnecting to the internet, opens up the possibility that some developer somewhere might have managed to get some small bit of code running quietly on your computer that can capture that private key and wait for reconnection to share it to them.

They can then just sit on all the captured private keys and do NOTHING with them for a decade if they want while they wait for people to slowly fill up thousands of addresses with bits of bitcoin.  Then someday, down the road, when nobody expects it, and they have access to enough funds.... Poof bitcoins everywhere go missing and nobody knows why.  The code responsible may be long gone and not used for many years.

Are you really so confident that there is nothing stealing private keys on your computer, that you are willing to risk all the future value of bitcoins that you might choose to store on a paper wallet?
legendary
Activity: 2730
Merit: 7065
Yeah, just open up your Ledger Live software, click on Receive, select Bitcoin, find the correct wallet (if you have more of them) and generate a new address. You can reuse this address how many times you want. Addresses shouldn't re reused for privacy reasons but if you are not worried about that sort of thing you can. As soon as your newly generated address gets credited with some bitcoin you can generate a new one the same way or just use the same one over and over again.

Make sure you compare the address on the screen of your Nano S with what is displayed in Ledger Live and especially to the address you copy/paste. 3-4 characters at the beginning and end and a few random ones in the middle if you don't want to check the whole address. 
newbie
Activity: 18
Merit: 17

hmm, i do have a hardware wallet but I wanted a unique new address for a donation tip jar, hence why i was going with the paper wallet .

Did you know you can create unlimited "unique" addresses with your hardware Wallet, right?you don't need to create a paper wallet and be exposed to all those risks just to make a new address

For donations, many people use a vanity generator. Like 3savekids3jKhs..

ahh k, i've got the ledger nano s. wasn't aware of that! i'll explore that
legendary
Activity: 2352
Merit: 6089
bitcoindata.science

hmm, i do have a hardware wallet but I wanted a unique new address for a donation tip jar, hence why i was going with the paper wallet .

Did you know you can create unlimited "unique" addresses with your hardware Wallet, right?you don't need to create a paper wallet and be exposed to all those risks just to make a new address

For donations, many people use a vanity generator. Like 3savekids3jKhs..
newbie
Activity: 18
Merit: 17

There are many risks, many weak points when considering making a paper wallet.

My suggestion is that you make one only for educational purposes. Buy a hardware wallet, trezor or ledger. Those are the safer, they are cheap (about $ 80) and you probably never lose your money.

hmm, i do have a hardware wallet but I wanted a unique new address for a donation tip jar, hence why i was going with the paper wallet .

Thanks for the info guys, a few links I can explore to better generate wallets in the future.

The computer i generated the wallet on hasn't got malware, I'm sure of it, its only ever used for media creation a (adobe suite) and that's it.
legendary
Activity: 2394
Merit: 2223
Signature space for rent
No, systems are safe. Especially if you are connected with internet then we don't know if your devices compromised or not. Also you can't give hundred percent guaranty about that. So better avoid create paper wallet while you are connected with internet. Here is how you could create paper wallet offline. But personally I didn't bother to create paper wallet and I will not encourage to do anyone else. If you are wondering to hold fund for long time then just buy hardware wallet instead. It's not much costly, you will not to be maintain so many formalities.
legendary
Activity: 3038
Merit: 4418
Crypto Swap Exchange
You've mistaken this one while generating your paper wallet you should unplug your internet access to avoid any malware interference because this is a mechanism of storing your bitcoin in the paper wallet nor it will compromise.
Malware can still function without an internet connection and the information can still transmitted the next time the computer is connected to the internet. It would be better to get a cleanly wiped computer and generate a paper wallet on it instead.

That being said, I'm not a huge fan of paper wallets either. It is too much of a hassle and you'll have to find a way to clear the cache off your printer if you want to be completely secure. Using an airgapped and clean computer, get Electrum and generate a wallet. You can simply write down and remember the seeds and addresses. The next time you want to spend it, just boot up a livecd and install Electrum on it. It'll eliminate the need for printers and you'll be able to store a lot more addresses on a single piece of paper.
legendary
Activity: 2492
Merit: 1232
yes, while i was connected to the internet. Sad
You've mistaken this one while generating your paper wallet you should unplug your internet access to avoid any malware interference because this is a mechanism of storing your bitcoin in the paper wallet nor it will compromise.

snip-
Buy a hardware wallet, trezor or ledger. Those are the safer, they are cheap (about $ 80) and you probably never lose your money.
This is good advice, spending a little amount of your money on the safest wallet is worth it. You can also download Electrum and Mycelium wallet for free, so far that is a free wallet but safer than using a web wallet.

Anyway, I found this on Reddit how to make properly a paper wallet. Just follow the steps. https://www.reddit.com/r/Bitcoin/comments/670zhy/summary_pitfalls_of_paper_wallets/
legendary
Activity: 2352
Merit: 6089
bitcoindata.science
Paper wallets should absolutely be generated "offline". There are some good tips relating to creating Bitcoin Paper Wallets here: https://bitcoinpaperwallet.com/#security

NOTE: this is not a recommendation for using their system/software, but the information and tips they have on the site are pretty solid.

There are many risks, many weak points when considering making a paper wallet.

My suggestion is taht you make one only for educational purposes. Buy a hardware wallet, trezor or ledger. Those are the safer, they are cheap (about $ 80) and you probably never lose your money.
HCP
legendary
Activity: 2086
Merit: 4361
or are you saying in general that when generating paper wallets online regardless of how you save them is risky?
This.

Paper wallets should absolutely be generated "offline". There are some good tips relating to creating Bitcoin Paper Wallets here: https://bitcoinpaperwallet.com/#security

NOTE: this is not a recommendation for using their system/software, but the information and tips they have on the site are pretty solid.
legendary
Activity: 3500
Merit: 6320
Crypto Swap Exchange
yes, while i was connected to the internet. Sad

how is it that been connected to the net whilst "printing to PDF" locally would leave me part fucked?

or are you saying in general that when generating paper wallets online regardless of how you save them is risky?

If you do it online you are compromised.
OK, you might not be but you don't know.

Offline air gapped PC only.

See here: https://bitcointalksearch.org/topic/generating-a-paper-wallet-securely-5198310

-Dave
newbie
Activity: 18
Merit: 17
yes, while i was connected to the internet. Sad

how is it that been connected to the net whilst "printing to PDF" locally would leave me part fucked?

or are you saying in general that when generating paper wallets online regardless of how you save them is risky?
HCP
legendary
Activity: 2086
Merit: 4361
Then I also, and this is where I might've fucked up,  I also right clicked and selected 'Print to PDF' to save a PDF of the webpage too.
Did you use a downloaded "offline" copy of segwitaddress.org? Or did you do all of this while connected to the internet?

If you did all this while connected to the internet (or on a PC that was subsequently reconnected to the internet), then "the part you fucked up" was doing this online! Shocked Shocked Shocked You should consider that paper wallet compromised and you should not use it. Great care needs to be taken when generating paper wallets to avoid any possibility of the private key(s) being compromised.

Creating/storing "digital" copies of your key(s) using the "snipping" tool is also a very bad idea.

At the very least, the generating code should be run on an "offline" PC... preferably one that will never be connected to a network again.
newbie
Activity: 18
Merit: 17
So I was on a PC the other day and made a new paper wallet over https://segwitaddress.org/

I saved a copy of it using snipping tool on windows to save a screencap of the public key and private keys and saved it onto my secure crypto usb.

Then I also, and this is where I might've fucked up,  I also right clicked and selected 'Print to PDF' to save a PDF of the webpage too.

My question is: Does the PC (Windows 10) store the printed file anywhere? I've removed it entirely off the pc and onto my usb too however i'm worried that there is a cashe of the file stored somewhere on the PC or in the browser (google chrome).?

I'm thinking it may be a file or a piece of data that an average user man not stumble upon however a hacker could uncover...

If there is a file somewhere on the PC how do i remove and completely clear the data? or am i overly cautious and should not worry.

Thoughts?



Jump to: