What did I do wrong that caused me to lose bitcoin?
Clash Royale CLAN TAG#URR8PPP
I've been accumulating bitcoin into a paper wallet for a couple weeks. It's all been stolen. I'm trying to figure out what I did wrong:
https://www.blockchain.com/btc/address/193jdrxMKoUjWLyKm2UCGNXLGGvK1x3FDV
I've been very careful with this wallet. I purchased bitcoin on Bisq. Over time I was sending them to a paper wallet that I generated on bitcoinpaperwallet .com. I printed this paper wallet on a piece of paper hidden inside my house. I never saved the private key anywhere on my computer.
As I transferred funds into the wallet, I would verify they arrived by checking blockchain .com. They always did.
A week ago I transferred a lot more bitcoin to this same paper wallet. Today I checked and the wallet was completely drained, hours after the last transfer and soon after I verified they arrived (using blockchain .com). The bitcoins seem to have been instantly transferred to a bunch of wallets downstream and scrambled.
I'm completely baffled as to what I've done wrong. I searched my computer to make sure I didn't accidentally save the private key somewhere, it's nowhere to be found. But I knew that I didn't do this. I was very careful when generating the paper wallet. The only place the private key is on this piece of paper.
No one in my house knows anything about bitcoin, and anyway, this paper has been kept concealed.
What did I do wrong? Any clues?
P.S. Since I know someone will ask, the reason I didn't use a hardware wallet is that I was going to save this paper wallet on multiple encrypted USB sticks. I don't trust the hardware wallets to be secure and recoverable ~10 years from now when those companies may be gone and their software may be outdated.
paper-wallet wallet-security
add a comment |
I've been accumulating bitcoin into a paper wallet for a couple weeks. It's all been stolen. I'm trying to figure out what I did wrong:
https://www.blockchain.com/btc/address/193jdrxMKoUjWLyKm2UCGNXLGGvK1x3FDV
I've been very careful with this wallet. I purchased bitcoin on Bisq. Over time I was sending them to a paper wallet that I generated on bitcoinpaperwallet .com. I printed this paper wallet on a piece of paper hidden inside my house. I never saved the private key anywhere on my computer.
As I transferred funds into the wallet, I would verify they arrived by checking blockchain .com. They always did.
A week ago I transferred a lot more bitcoin to this same paper wallet. Today I checked and the wallet was completely drained, hours after the last transfer and soon after I verified they arrived (using blockchain .com). The bitcoins seem to have been instantly transferred to a bunch of wallets downstream and scrambled.
I'm completely baffled as to what I've done wrong. I searched my computer to make sure I didn't accidentally save the private key somewhere, it's nowhere to be found. But I knew that I didn't do this. I was very careful when generating the paper wallet. The only place the private key is on this piece of paper.
No one in my house knows anything about bitcoin, and anyway, this paper has been kept concealed.
What did I do wrong? Any clues?
P.S. Since I know someone will ask, the reason I didn't use a hardware wallet is that I was going to save this paper wallet on multiple encrypted USB sticks. I don't trust the hardware wallets to be secure and recoverable ~10 years from now when those companies may be gone and their software may be outdated.
paper-wallet wallet-security
1
Can you elaborate on how you generated the paper wallet? Did you do so in a web browser? Did you save the .html file and then run it while offline? Did the computer that generated the keys ever go online again later? What sort of printer did you use, is it connected to your network? Your answers to these questions may provide clues. Sorry you were robbed :(
– chytrik
Mar 4 at 0:42
I use Chrome as my daily browse so I bitcoinpaperwallet .com in Safari and printed out a few copies of the wallet on my printer. It is a network printer but it's just on my local wifi. I did leave Safari open on my Mac for a few days with the paper wallet still open in the tab, but minimized it in the background. I'm 99% certain no one saw it on my screen as Chrome is always in the foreground and my computer locks after a few minutes of inactivity. I didn't save the HTML file, my only guess is somehow leaving this open something scrapped it? But browser tabs are pretty well isolated processes.
– sucks1717171
Mar 4 at 6:23
I just read about CookieMiner and now I'm wondering if I possibly have malware on my computer. I'm very careful about things like this. However, I just tried one malware scanner just now and it found nothing. I'm not sure if CookieMiner is being picked up by current malware scanners.
– sucks1717171
Mar 4 at 6:40
add a comment |
I've been accumulating bitcoin into a paper wallet for a couple weeks. It's all been stolen. I'm trying to figure out what I did wrong:
https://www.blockchain.com/btc/address/193jdrxMKoUjWLyKm2UCGNXLGGvK1x3FDV
I've been very careful with this wallet. I purchased bitcoin on Bisq. Over time I was sending them to a paper wallet that I generated on bitcoinpaperwallet .com. I printed this paper wallet on a piece of paper hidden inside my house. I never saved the private key anywhere on my computer.
As I transferred funds into the wallet, I would verify they arrived by checking blockchain .com. They always did.
A week ago I transferred a lot more bitcoin to this same paper wallet. Today I checked and the wallet was completely drained, hours after the last transfer and soon after I verified they arrived (using blockchain .com). The bitcoins seem to have been instantly transferred to a bunch of wallets downstream and scrambled.
I'm completely baffled as to what I've done wrong. I searched my computer to make sure I didn't accidentally save the private key somewhere, it's nowhere to be found. But I knew that I didn't do this. I was very careful when generating the paper wallet. The only place the private key is on this piece of paper.
No one in my house knows anything about bitcoin, and anyway, this paper has been kept concealed.
What did I do wrong? Any clues?
P.S. Since I know someone will ask, the reason I didn't use a hardware wallet is that I was going to save this paper wallet on multiple encrypted USB sticks. I don't trust the hardware wallets to be secure and recoverable ~10 years from now when those companies may be gone and their software may be outdated.
paper-wallet wallet-security
I've been accumulating bitcoin into a paper wallet for a couple weeks. It's all been stolen. I'm trying to figure out what I did wrong:
https://www.blockchain.com/btc/address/193jdrxMKoUjWLyKm2UCGNXLGGvK1x3FDV
I've been very careful with this wallet. I purchased bitcoin on Bisq. Over time I was sending them to a paper wallet that I generated on bitcoinpaperwallet .com. I printed this paper wallet on a piece of paper hidden inside my house. I never saved the private key anywhere on my computer.
As I transferred funds into the wallet, I would verify they arrived by checking blockchain .com. They always did.
A week ago I transferred a lot more bitcoin to this same paper wallet. Today I checked and the wallet was completely drained, hours after the last transfer and soon after I verified they arrived (using blockchain .com). The bitcoins seem to have been instantly transferred to a bunch of wallets downstream and scrambled.
I'm completely baffled as to what I've done wrong. I searched my computer to make sure I didn't accidentally save the private key somewhere, it's nowhere to be found. But I knew that I didn't do this. I was very careful when generating the paper wallet. The only place the private key is on this piece of paper.
No one in my house knows anything about bitcoin, and anyway, this paper has been kept concealed.
What did I do wrong? Any clues?
P.S. Since I know someone will ask, the reason I didn't use a hardware wallet is that I was going to save this paper wallet on multiple encrypted USB sticks. I don't trust the hardware wallets to be secure and recoverable ~10 years from now when those companies may be gone and their software may be outdated.
paper-wallet wallet-security
paper-wallet wallet-security
asked Mar 3 at 20:05
sucks1717171sucks1717171
162
162
1
Can you elaborate on how you generated the paper wallet? Did you do so in a web browser? Did you save the .html file and then run it while offline? Did the computer that generated the keys ever go online again later? What sort of printer did you use, is it connected to your network? Your answers to these questions may provide clues. Sorry you were robbed :(
– chytrik
Mar 4 at 0:42
I use Chrome as my daily browse so I bitcoinpaperwallet .com in Safari and printed out a few copies of the wallet on my printer. It is a network printer but it's just on my local wifi. I did leave Safari open on my Mac for a few days with the paper wallet still open in the tab, but minimized it in the background. I'm 99% certain no one saw it on my screen as Chrome is always in the foreground and my computer locks after a few minutes of inactivity. I didn't save the HTML file, my only guess is somehow leaving this open something scrapped it? But browser tabs are pretty well isolated processes.
– sucks1717171
Mar 4 at 6:23
I just read about CookieMiner and now I'm wondering if I possibly have malware on my computer. I'm very careful about things like this. However, I just tried one malware scanner just now and it found nothing. I'm not sure if CookieMiner is being picked up by current malware scanners.
– sucks1717171
Mar 4 at 6:40
add a comment |
1
Can you elaborate on how you generated the paper wallet? Did you do so in a web browser? Did you save the .html file and then run it while offline? Did the computer that generated the keys ever go online again later? What sort of printer did you use, is it connected to your network? Your answers to these questions may provide clues. Sorry you were robbed :(
– chytrik
Mar 4 at 0:42
I use Chrome as my daily browse so I bitcoinpaperwallet .com in Safari and printed out a few copies of the wallet on my printer. It is a network printer but it's just on my local wifi. I did leave Safari open on my Mac for a few days with the paper wallet still open in the tab, but minimized it in the background. I'm 99% certain no one saw it on my screen as Chrome is always in the foreground and my computer locks after a few minutes of inactivity. I didn't save the HTML file, my only guess is somehow leaving this open something scrapped it? But browser tabs are pretty well isolated processes.
– sucks1717171
Mar 4 at 6:23
I just read about CookieMiner and now I'm wondering if I possibly have malware on my computer. I'm very careful about things like this. However, I just tried one malware scanner just now and it found nothing. I'm not sure if CookieMiner is being picked up by current malware scanners.
– sucks1717171
Mar 4 at 6:40
1
1
Can you elaborate on how you generated the paper wallet? Did you do so in a web browser? Did you save the .html file and then run it while offline? Did the computer that generated the keys ever go online again later? What sort of printer did you use, is it connected to your network? Your answers to these questions may provide clues. Sorry you were robbed :(
– chytrik
Mar 4 at 0:42
Can you elaborate on how you generated the paper wallet? Did you do so in a web browser? Did you save the .html file and then run it while offline? Did the computer that generated the keys ever go online again later? What sort of printer did you use, is it connected to your network? Your answers to these questions may provide clues. Sorry you were robbed :(
– chytrik
Mar 4 at 0:42
I use Chrome as my daily browse so I bitcoinpaperwallet .com in Safari and printed out a few copies of the wallet on my printer. It is a network printer but it's just on my local wifi. I did leave Safari open on my Mac for a few days with the paper wallet still open in the tab, but minimized it in the background. I'm 99% certain no one saw it on my screen as Chrome is always in the foreground and my computer locks after a few minutes of inactivity. I didn't save the HTML file, my only guess is somehow leaving this open something scrapped it? But browser tabs are pretty well isolated processes.
– sucks1717171
Mar 4 at 6:23
I use Chrome as my daily browse so I bitcoinpaperwallet .com in Safari and printed out a few copies of the wallet on my printer. It is a network printer but it's just on my local wifi. I did leave Safari open on my Mac for a few days with the paper wallet still open in the tab, but minimized it in the background. I'm 99% certain no one saw it on my screen as Chrome is always in the foreground and my computer locks after a few minutes of inactivity. I didn't save the HTML file, my only guess is somehow leaving this open something scrapped it? But browser tabs are pretty well isolated processes.
– sucks1717171
Mar 4 at 6:23
I just read about CookieMiner and now I'm wondering if I possibly have malware on my computer. I'm very careful about things like this. However, I just tried one malware scanner just now and it found nothing. I'm not sure if CookieMiner is being picked up by current malware scanners.
– sucks1717171
Mar 4 at 6:40
I just read about CookieMiner and now I'm wondering if I possibly have malware on my computer. I'm very careful about things like this. However, I just tried one malware scanner just now and it found nothing. I'm not sure if CookieMiner is being picked up by current malware scanners.
– sucks1717171
Mar 4 at 6:40
add a comment |
1 Answer
1
active
oldest
votes
1) If you generate your paper wallet on your computer, you have to fully trust your computer
2) If you use a website for generating your paper wallet, a) you need to trust that website (hopefully its local javascript) b) your browser and its random number generator and c) eventually your network provider(s) (depending on the transport layer security)
3) If you generate your paper wallet on your computer and it was compromised, the generated paper wallet was accessible at least during the time of your generation.
My recommendation
1. Never ever use a online paperwallet generator
2. Hardware wallets are eventually not super secure, but they offer great security, maybe use them instead of a paperwallet
3. The BIP39 24 word seed can be restored even if the vendor of your HWW disappears
Conclusion:
Use an old offline computer with Bitcoin Core or any other semi-trusted software to generate your private keys or seeds, keep it offline all the time!
Or... use multiple hardware wallets from different vendors in a multisig setup if you want maximal security (but comes with minimal user experience)
I said "old" computer because we can assume that older computer have less risks of included hardware based backdoors (like the intel management engine, etc.)
– Jonas Schnelli
Mar 3 at 22:21
1
Another possible attack vector is the printer, especially if it is a network printer.
– Nate Eldredge
Mar 3 at 23:19
Also your printer may store a lot of info in it's memory. Including the private key :(
– Josh
Mar 6 at 5:58
add a comment |
StackExchange.ready(function()
var channelOptions =
tags: "".split(" "),
id: "308"
;
initTagRenderer("".split(" "), "".split(" "), channelOptions);
StackExchange.using("externalEditor", function()
// Have to fire editor after snippets, if snippets enabled
if (StackExchange.settings.snippets.snippetsEnabled)
StackExchange.using("snippets", function()
createEditor();
);
else
createEditor();
);
function createEditor()
StackExchange.prepareEditor(
heartbeatType: 'answer',
autoActivateHeartbeat: false,
convertImagesToLinks: false,
noModals: true,
showLowRepImageUploadWarning: true,
reputationToPostImages: null,
bindNavPrevention: true,
postfix: "",
imageUploader:
brandingHtml: "Powered by u003ca class="icon-imgur-white" href="https://imgur.com/"u003eu003c/au003e",
contentPolicyHtml: "User contributions licensed under u003ca href="https://creativecommons.org/licenses/by-sa/3.0/"u003ecc by-sa 3.0 with attribution requiredu003c/au003e u003ca href="https://stackoverflow.com/legal/content-policy"u003e(content policy)u003c/au003e",
allowUrls: true
,
noCode: true, onDemand: true,
discardSelector: ".discard-answer"
,immediatelyShowMarkdownHelp:true
);
);
Sign up or log in
StackExchange.ready(function ()
StackExchange.helpers.onClickDraftSave('#login-link');
);
Sign up using Google
Sign up using Facebook
Sign up using Email and Password
Post as a guest
Required, but never shown
StackExchange.ready(
function ()
StackExchange.openid.initPostLogin('.new-post-login', 'https%3a%2f%2fbitcoin.stackexchange.com%2fquestions%2f85038%2fwhat-did-i-do-wrong-that-caused-me-to-lose-bitcoin%23new-answer', 'question_page');
);
Post as a guest
Required, but never shown
1 Answer
1
active
oldest
votes
1 Answer
1
active
oldest
votes
active
oldest
votes
active
oldest
votes
1) If you generate your paper wallet on your computer, you have to fully trust your computer
2) If you use a website for generating your paper wallet, a) you need to trust that website (hopefully its local javascript) b) your browser and its random number generator and c) eventually your network provider(s) (depending on the transport layer security)
3) If you generate your paper wallet on your computer and it was compromised, the generated paper wallet was accessible at least during the time of your generation.
My recommendation
1. Never ever use a online paperwallet generator
2. Hardware wallets are eventually not super secure, but they offer great security, maybe use them instead of a paperwallet
3. The BIP39 24 word seed can be restored even if the vendor of your HWW disappears
Conclusion:
Use an old offline computer with Bitcoin Core or any other semi-trusted software to generate your private keys or seeds, keep it offline all the time!
Or... use multiple hardware wallets from different vendors in a multisig setup if you want maximal security (but comes with minimal user experience)
I said "old" computer because we can assume that older computer have less risks of included hardware based backdoors (like the intel management engine, etc.)
– Jonas Schnelli
Mar 3 at 22:21
1
Another possible attack vector is the printer, especially if it is a network printer.
– Nate Eldredge
Mar 3 at 23:19
Also your printer may store a lot of info in it's memory. Including the private key :(
– Josh
Mar 6 at 5:58
add a comment |
1) If you generate your paper wallet on your computer, you have to fully trust your computer
2) If you use a website for generating your paper wallet, a) you need to trust that website (hopefully its local javascript) b) your browser and its random number generator and c) eventually your network provider(s) (depending on the transport layer security)
3) If you generate your paper wallet on your computer and it was compromised, the generated paper wallet was accessible at least during the time of your generation.
My recommendation
1. Never ever use a online paperwallet generator
2. Hardware wallets are eventually not super secure, but they offer great security, maybe use them instead of a paperwallet
3. The BIP39 24 word seed can be restored even if the vendor of your HWW disappears
Conclusion:
Use an old offline computer with Bitcoin Core or any other semi-trusted software to generate your private keys or seeds, keep it offline all the time!
Or... use multiple hardware wallets from different vendors in a multisig setup if you want maximal security (but comes with minimal user experience)
I said "old" computer because we can assume that older computer have less risks of included hardware based backdoors (like the intel management engine, etc.)
– Jonas Schnelli
Mar 3 at 22:21
1
Another possible attack vector is the printer, especially if it is a network printer.
– Nate Eldredge
Mar 3 at 23:19
Also your printer may store a lot of info in it's memory. Including the private key :(
– Josh
Mar 6 at 5:58
add a comment |
1) If you generate your paper wallet on your computer, you have to fully trust your computer
2) If you use a website for generating your paper wallet, a) you need to trust that website (hopefully its local javascript) b) your browser and its random number generator and c) eventually your network provider(s) (depending on the transport layer security)
3) If you generate your paper wallet on your computer and it was compromised, the generated paper wallet was accessible at least during the time of your generation.
My recommendation
1. Never ever use a online paperwallet generator
2. Hardware wallets are eventually not super secure, but they offer great security, maybe use them instead of a paperwallet
3. The BIP39 24 word seed can be restored even if the vendor of your HWW disappears
Conclusion:
Use an old offline computer with Bitcoin Core or any other semi-trusted software to generate your private keys or seeds, keep it offline all the time!
Or... use multiple hardware wallets from different vendors in a multisig setup if you want maximal security (but comes with minimal user experience)
1) If you generate your paper wallet on your computer, you have to fully trust your computer
2) If you use a website for generating your paper wallet, a) you need to trust that website (hopefully its local javascript) b) your browser and its random number generator and c) eventually your network provider(s) (depending on the transport layer security)
3) If you generate your paper wallet on your computer and it was compromised, the generated paper wallet was accessible at least during the time of your generation.
My recommendation
1. Never ever use a online paperwallet generator
2. Hardware wallets are eventually not super secure, but they offer great security, maybe use them instead of a paperwallet
3. The BIP39 24 word seed can be restored even if the vendor of your HWW disappears
Conclusion:
Use an old offline computer with Bitcoin Core or any other semi-trusted software to generate your private keys or seeds, keep it offline all the time!
Or... use multiple hardware wallets from different vendors in a multisig setup if you want maximal security (but comes with minimal user experience)
answered Mar 3 at 22:19
Jonas SchnelliJonas Schnelli
5,3201228
5,3201228
I said "old" computer because we can assume that older computer have less risks of included hardware based backdoors (like the intel management engine, etc.)
– Jonas Schnelli
Mar 3 at 22:21
1
Another possible attack vector is the printer, especially if it is a network printer.
– Nate Eldredge
Mar 3 at 23:19
Also your printer may store a lot of info in it's memory. Including the private key :(
– Josh
Mar 6 at 5:58
add a comment |
I said "old" computer because we can assume that older computer have less risks of included hardware based backdoors (like the intel management engine, etc.)
– Jonas Schnelli
Mar 3 at 22:21
1
Another possible attack vector is the printer, especially if it is a network printer.
– Nate Eldredge
Mar 3 at 23:19
Also your printer may store a lot of info in it's memory. Including the private key :(
– Josh
Mar 6 at 5:58
I said "old" computer because we can assume that older computer have less risks of included hardware based backdoors (like the intel management engine, etc.)
– Jonas Schnelli
Mar 3 at 22:21
I said "old" computer because we can assume that older computer have less risks of included hardware based backdoors (like the intel management engine, etc.)
– Jonas Schnelli
Mar 3 at 22:21
1
1
Another possible attack vector is the printer, especially if it is a network printer.
– Nate Eldredge
Mar 3 at 23:19
Another possible attack vector is the printer, especially if it is a network printer.
– Nate Eldredge
Mar 3 at 23:19
Also your printer may store a lot of info in it's memory. Including the private key :(
– Josh
Mar 6 at 5:58
Also your printer may store a lot of info in it's memory. Including the private key :(
– Josh
Mar 6 at 5:58
add a comment |
Thanks for contributing an answer to Bitcoin Stack Exchange!
- Please be sure to answer the question. Provide details and share your research!
But avoid …
- Asking for help, clarification, or responding to other answers.
- Making statements based on opinion; back them up with references or personal experience.
To learn more, see our tips on writing great answers.
Sign up or log in
StackExchange.ready(function ()
StackExchange.helpers.onClickDraftSave('#login-link');
);
Sign up using Google
Sign up using Facebook
Sign up using Email and Password
Post as a guest
Required, but never shown
StackExchange.ready(
function ()
StackExchange.openid.initPostLogin('.new-post-login', 'https%3a%2f%2fbitcoin.stackexchange.com%2fquestions%2f85038%2fwhat-did-i-do-wrong-that-caused-me-to-lose-bitcoin%23new-answer', 'question_page');
);
Post as a guest
Required, but never shown
Sign up or log in
StackExchange.ready(function ()
StackExchange.helpers.onClickDraftSave('#login-link');
);
Sign up using Google
Sign up using Facebook
Sign up using Email and Password
Post as a guest
Required, but never shown
Sign up or log in
StackExchange.ready(function ()
StackExchange.helpers.onClickDraftSave('#login-link');
);
Sign up using Google
Sign up using Facebook
Sign up using Email and Password
Post as a guest
Required, but never shown
Sign up or log in
StackExchange.ready(function ()
StackExchange.helpers.onClickDraftSave('#login-link');
);
Sign up using Google
Sign up using Facebook
Sign up using Email and Password
Sign up using Google
Sign up using Facebook
Sign up using Email and Password
Post as a guest
Required, but never shown
Required, but never shown
Required, but never shown
Required, but never shown
Required, but never shown
Required, but never shown
Required, but never shown
Required, but never shown
Required, but never shown
1
Can you elaborate on how you generated the paper wallet? Did you do so in a web browser? Did you save the .html file and then run it while offline? Did the computer that generated the keys ever go online again later? What sort of printer did you use, is it connected to your network? Your answers to these questions may provide clues. Sorry you were robbed :(
– chytrik
Mar 4 at 0:42
I use Chrome as my daily browse so I bitcoinpaperwallet .com in Safari and printed out a few copies of the wallet on my printer. It is a network printer but it's just on my local wifi. I did leave Safari open on my Mac for a few days with the paper wallet still open in the tab, but minimized it in the background. I'm 99% certain no one saw it on my screen as Chrome is always in the foreground and my computer locks after a few minutes of inactivity. I didn't save the HTML file, my only guess is somehow leaving this open something scrapped it? But browser tabs are pretty well isolated processes.
– sucks1717171
Mar 4 at 6:23
I just read about CookieMiner and now I'm wondering if I possibly have malware on my computer. I'm very careful about things like this. However, I just tried one malware scanner just now and it found nothing. I'm not sure if CookieMiner is being picked up by current malware scanners.
– sucks1717171
Mar 4 at 6:40