Topic: Why has my newly created Bitcoin address already been used? - page 3. (Read 1359 times)

You need to weigh the risk with the cost of mitigating the risk. Creating a 7 of 7 multi-sig private key should be less risky than creating a private key that requires one signature to spend coin (assuming you can easily replicate the procedure to keep each private key secure). At a minimum, this would increase the time it takes you to sign transactions and would increase the cost you pay to get each transaction confirmed. You could further reduce your risk by storing each of the 7 private keys in different countries, each located in a different continent; assuming you are acting as an individual, it would cost you thousands of dollars each time you want to spend coin because you would have to travel to 7 different countries to do so.

This is not entirely true, see this thread. In addition to leaking your private key, it could leak additional information.

In a simplistic example, the k value could be 20 digits, the malicious software could always have a value of xxxxxxxxxxxxxx[13 digits that is known to the author of the malicious software]yy[the index of a list]zzzzz[the actual message]. The x values would be one of a set of known values allowing the attacker to easily filter possible k values. The y values would be the index in a list, with the entire list being the entire message, such as your seed.

I just generated a seed: [concert, eyebrow, peasant, exile, fold, gather, sense, drastic, twice, clip, orchard, defy]

The y and z values could be 02peasa to correspond to the 2 index of the above list and the first 5 digits of the seed word. After this happens many times, the attacker would have enough information to easily brute force your entire seed.

Or malicious software could simply use a k value known to the attacker, the attacker could check all unconfirmed transactions for that k value, and create a double-spend transaction with a high transaction fee before your transaction is confirmed.

Risk and trust can never be zero, but it is all about reducing your risk to a minimum. If I want to spend from my paper wallet, then I will be importing my seed to my permanently airgapped computer, using it to sign a transaction, and then moving my signed transaction to an internet connected computer to broadcast it. Even if I have the most malicious software wallet in existence on my airgapped computer, there is nothing it can do to steal my coins. If it signs a transaction to the wrong address, for example, I can easily pick that up before moving the transaction to my live computer to be broadcast.

I don't disagree with you here, and as I said above I wouldn't recommend this technique to new users by any means. But if someone knows what they are doing, and double checks everything, then it's a more secure method to generate entropy than relying on third party code which you almost certainly haven't audited.

You have to trust software to spend your coin when you spend it. When you sign a message or transaction, you combine what should be a random value with your private key to generate the signature. If you know one, it is trivial to calculate the other with a given signature. Malicious software could possibly leak information via this random value.

Creating a kay "by hand" also has a greater potential to make mistakes.

The scope of possible attacks is also greater when using a paper wallet than using an encrypted wallet.

It depends on the anti-virus software you use. I use Malwarebytes Premium and it doesn't block the website.

It is even not possible to enter this page if you use Antivirus! Bitdefender blocks it

Because there is far less trust involved in performing a single SHA256 hash than there is generating your entire 256 bits of entropy from a piece of software, unless you've written the software yourself or read the entire code, but 99.99% of people can't or won't do that.

As Loyce says, provided I am using a fair coin (or even better, a variety of coins), there is essentially zero chance that my output isn't truly random.

That's why i said the following:

Trust required towards the software is true. But i'd say you can pretty much trust an officially signed open source linux distribution and openssl (or electrum).
Because that's basically all you need (or even less when generating it with coinflips). And that's what i was talking about.

But i was curious regarding the coinflips from o_e_l_e_o, and why he chose to use them instead of the other possibilities (openssl / electrum / core) on an airgapped computer (which has to be used anyway).

You need to trust the software you're using. It's a lot more difficult to compromise a coin flip than it is to compromise a recently sold paper wallet website.

If you are calculating the checksum on an airgapped computer and generating the address on it, why not simply create the seed/private key on it as well ?
That would be my approach.

I'd rather spend 2 minutes typing commands than 15 minutes flipping coins  

Is there a specific reason to not gather the entropy from an electronic device? Or do you just like generating it from scratch ?

As others have said, there are multiple scam reports against bitcoinpaperwallet.com since the site was sold.
https://www.reddit.com/r/btc/comments/ea6bxg/warning_bitcoinpaperwalletcom_is_compromised/
https://www.reddit.com/r/CryptoCurrency/comments/cyd6uj/bitcoinpaperwalletcom_scam_or_not_4_btc_stolen/
https://np.reddit.com/r/Bitcoin/comments/cs68ri/my_paper_wallet_generated_on/

---

Am I the only one who generates my paper wallets manually?

Flip a coin 11 times, turn the resulting number in to a BIP39 word from the word list. Repeat 22 more times.
Flip a coin 3 times, calculate the checksum using a permanently airgapped computer, pick the last word.
Write down on paper, import in to a wallet or iancoleman on your permanently airgapped computer to generate a receiving address (Optional: add in a passphrase and write that down on a separate piece of paper).
Whole thing can be done in 15-20 minutes.

If your are using paper wallets for long term storage of the majority of your funds, then why not take the time to remove the trust for a third party generating your seed/keys entirely?

I do accept that this is outwith the scope of casual users, but if you have the knowledge to do it safely this way, then why rely on someone else's code?

This is the way to go.


Don't ever use websites to create a paper wallet (neither online nor offline).

The most secure way to generate a paper wallet is to use a live linux distribution on an offline computer.
Either use electrum or any other reputable open source software (signature verified) to generate a private key / mnemonic code or just use openssl from the command line. Both works.

Just don't ever use a website. The risk is way higher and not worth it.

+1. I never felt secure when using paper wallets generated by a website.

If you are not new to PCs and like trying out new stuff, there is one more thing you can do: securely flash Tails (a Linux distro) on a 8GB+ USB stick and use Electrum over there offline (or online, your choice).

Plug out your Ethernet cable, optional step: physically disconnect all hard drives from your PC, insert the bootable USB, boot Tails from it and there you have an offline, airgapped PC to safely use Electrum with (Electrum is preinstalled on this distro). And as far as I know, you could use Tails even online with Electrum safely - as long as you've verified the flashed ISO signatures correctly, risks should be minimum.

Just make sure you store the seed correctly when generating the wallet and you should be good to go. Once you shut down or reboot your PC, everything on the stick will be reset and any new change/file will be deleted.

The advantage of this is that afterwards you can just shut down your PC, plug out the USB stick and use it again whenever you like. Moreover, your bootable Tails will run on Tor all the time.

here is a better thought: instead of using websites or even their source code you can use a popular wallet to create a paper wallet. wallets such as bitcoin core or electrum.
just download them, verify their signature and then go offline on an airgapped machine. run the wallet and create a new key or better yet create a mnemonic with an HD wallet such as electrum. then write that down on a piece of paper as your paper wallet.
if you like the design that those sites offer you can always find their source code (or even through the HTML in the site that is open) and save the picture which is usually a jpg file and print your key on that.

I've used that site several times, but never since it changed ownership. I still have it's source from years ago, and that's what I use. I do the same with bitaddress.org: I don't trust newer versions, even though I have no reason not to trust them, there's also no need to "upgrade".
If bitcoinpaperwallet.com really turned into a scam, it would be very nice if someone can find hard evidence in the (open) source.


It's even better not to trust any site's random generator. You can for instance create a private key throwing a dice (read up how to properly do this!), or combine 2 random generators by creating a split key vanity address on a different system, then combining it with the original. This is a lot more work and prone to failure if you're not sure what you're doing.
Another option would be to get a private key from Bitcoin Core and use that as a paper wallet.

One last suggestion: test your paper wallet (again: on an offline system) before funding it. Make sure you have the correct private key to access the address.

there have been scam accusations against that site on this forum as well. it's definitely a scam operation.

Hi nc50lc, thank you for clarifying this points for me.

There are couple of off-site scam accusations for that paper wallet generator after the change of ownership, but nothing in this forum.
Just do not use that site (or any online address generator in general);
if you really want to, use bitaddress's source offline instead since bitcoinpaperwallet claims to be a fork of bitaddress.

---

And there's this guy with the same issue:

Hello o_e_l_e_o, thanks for answering.

Excuse me I did not generate the key on Bitaddress.org, but on https://bitcoinpaperwallet.com/bitcoinpaperwallet/generate-wallet.html#, and I did not download it, I ran it directly on the web.

It's the same address in "cash address" format, every BCH sent to the '1' address will also reflect to the 'q' address, they are interchangeable for compatibility reasons.

The main issue is: you might have clicked a fake bitaddress URL just like o_e_l_e_o said.

If the address you have generated has previous outgoing transactions visible on a blockchain explorer, then yes, someone else has access to one of the private keys that controls that address.

The chance that you have completely randomly generated the same address as someone else is astronomically small. Far more likely is that you have used a malicious version of bitaddress which is generating pre-defined addresses, or you have clipboard malware which has changed your generated address to something different, or potentially an error on your part.

Can you confirm the URL of the Bitaddress site you used. Did you download the site and run it offline?