bitcoinermatt (OP)
Member
 Offline
Activity: 120
Merit: 63
|
I generated a Paper wallet a few minutes ago and the website mentioned that if I was to spend with the paper wallet, I needed to spend everything at once or my funds would almost surely be lost forever. Why? I mean, is it just because the address touched the Internet or is it another reason? I don't see why I would lose all my funds. Thanks
|
|
|
|
|
jackg
Copper Member
Legendary
Offline
Activity: 2856
Merit: 3071
https://bit.ly/387FXHi lightning theory
|
 |
December 14, 2020, 06:39:41 PM |
|
Yeah. Under the assumption every device is compromised or compromisable. The risky part of paper wallets is importing/sweeping the private key. So it's desirable to spend all the funds and get rid of that paper (you can spend some funds to another unused paper though).
|
|
|
|
|
bitcoinermatt (OP)
Member
Offline
Activity: 120
Merit: 63
|
|
December 14, 2020, 06:47:07 PM |
|
Yeah. Under the assumption every device is compromised or compromisable. The risky part of paper wallets is importing/sweeping the private key. So it's desirable to spend all the funds and get rid of that paper (you can spend some funds to another unused paper though).
So the problem here is when I scan the private key? It would mean that the people who provide these QR Code scanners have malicious intentions and claim my Private Key if they log data? I'm not sure why these scanner services are all malicious, considering that blockchain.com is the platform I use to redeem Paper Wallets. Or is the danger that someone could take a picture of the QR code when I scan it? |
|
|
|
|
hosseinimr93
Legendary
 Online
Activity: 2436
Merit: 5401
|
|
December 14, 2020, 06:57:47 PM
Last edit: December 14, 2020, 10:06:43 PM by hosseinimr93 Merited by o_e_l_e_o (2), ranochigo (1) |
|
For two reasons, it is not recommended to reuse a paper wallet.
1. Losing the remaining balance (if you don't specify a change address.)
2. Touching the internet by your private key.
There are solutions for both of problems above.
1. You can use the sending address as your change address (Off course it can damage your privacy)
For example, if you create a wallet in Electrum using a single private key, Electrum will send the remaining balance to the sending address.
2. You can import your private key into an offline computer, sign the transaction and broadcast it using an online computer.
Anyway, although a paper wallet can be safe and even reused (off-course not recommended if your privacy matters to you), I recommend you to not use a paper wallet (I mean a wallet with a single address + a single private key) and use HD wallets instead. In a HD wallet, only things you need to keep is a list of words (seed phrase or mnemonic phrase) for accessing your fund (in an offline computer) and a master public key for generating new addresses.
|
|
|
|
Charles-Tim
Legendary
Offline
Activity: 1582
Merit: 4962
Leading Crypto Sports Betting & Casino Platform
|
|
December 14, 2020, 07:08:28 PM |
|
You should not reuse a paper wallet because your coin can be lost, because it is not safe to reuse a paper wallet. Paper wallet is meant for holding. It has one address which makes it totally unfit for reuse not to comment of its complications.
If you want an offline wallet that you can use for making transactions instead, why not try hardware wallet, but using electrum on two devices. One as watch-only wallet and the other as the main cold wallet, the cold wallet will have your private key offline and will be used to sign transactions which you generate on the watch-only electrum wallet.
Never try the idea of reusing paper wallet.
|
| ..Stake.com.. | | | ▄████████████████████████████████████▄
██ ▄▄▄▄▄▄▄▄▄▄ ▄▄▄▄▄▄▄▄▄▄ ██ ▄████▄
██ ▀▀▀▀▀▀▀▀▀▀ ██████████ ▀▀▀▀▀▀▀▀▀▀ ██ ██████
██ ██████████ ██ ██ ██████████ ██ ▀██▀
██ ██ ██ ██████ ██ ██ ██ ██ ██
██ ██████ ██ █████ ███ ██████ ██ ████▄ ██
██ █████ ███ ████ ████ █████ ███ ████████
██ ████ ████ ██████████ ████ ████ ████▀
██ ██████████ ▄▄▄▄▄▄▄▄▄▄ ██████████ ██
██ ▀▀▀▀▀▀▀▀▀▀ ██
▀█████████▀ ▄████████████▄ ▀█████████▀
▄▄▄▄▄▄▄▄▄▄▄▄███ ██ ██ ███▄▄▄▄▄▄▄▄▄▄▄▄
██████████████████████████████████████████ | | | | | | ▄▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▄
█ ▄▀▄ █▀▀█▀▄▄
█ █▀█ █ ▐ ▐▌
█ ▄██▄ █ ▌ █
█ ▄██████▄ █ ▌ ▐▌
█ ██████████ █ ▐ █
█ ▐██████████▌ █ ▐ ▐▌
█ ▀▀██████▀▀ █ ▌ █
█ ▄▄▄██▄▄▄ █ ▌▐▌
█ █▐ █
█ █▐▐▌
█ █▐█
▀▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▀█ | | | | | | ▄▄█████████▄▄
▄██▀▀▀▀█████▀▀▀▀██▄
▄█▀ ▐█▌ ▀█▄
██ ▐█▌ ██
████▄ ▄█████▄ ▄████
████████▄███████████▄████████
███▀ █████████████ ▀███
██ ███████████ ██
▀█▄ █████████ ▄█▀
▀█▄ ▄██▀▀▀▀▀▀▀██▄ ▄▄▄█▀
▀███████ ███████▀
▀█████▄ ▄█████▀
▀▀▀███▄▄▄███▀▀▀ | | | ..PLAY NOW.. |
|
|
|
jackg
Copper Member
Legendary
Offline
Activity: 2856
Merit: 3071
https://bit.ly/387FXHi lightning theory
|
|
December 14, 2020, 07:25:58 PM |
|
So the problem here is when I scan the private key? It would mean that the people who provide these QR Code scanners have malicious intentions and claim my Private Key if they log data? I'm not sure why these scanner services are all malicious, considering that blockchain.com is the platform I use to redeem Paper Wallets. Or is the danger that someone could take a picture of the QR code when I scan it?
The riskiest part in security with most things is tasks that are being handled in memory. If another rogram is sniffing your ram drives for certain packets of information or triggers as a certain process is run. Some wallets are more secure than others. Blockchain.com could be hacked or something or information anywhere could be breached. To avoid a breach you'd have to be pretty certain your machine hasn't been hacked and the qr code scanner you're using hasn't turned malicious. It's safer just to not risk it and make a new wallet. |
|
|
|
|
o_e_l_e_o
In memoriam
Legendary
Offline
Activity: 2268
Merit: 18588
|
|
December 14, 2020, 08:24:23 PM |
|
Paper wallets should be imported to airgapped computers. An online computer can be used to create the transaction and to broadcast it, but the signing by the private key should be done on an airgapped computer. The main concern is with the change address. A classic paper wallet is a single private key. Depending on the software you use to import your private key, different things can happen. The one that is most concerning, and has resulted in people losing money in the past, is when the wallet generates a new change address for you. So you import your private key, create a transaction to spend part of your funds, the wallet software sends the rest of your funds back to a brand new change address, you don't realize this has happened, delete the software, and with it delete the private key to your change address. All you still have is the private key to your now empty paper wallet, and no way of recovering the money sent to the change address. Some software will send any change back to the same address, and while this means you won't lose any funds it is terrible for both privacy and security and so should also be avoided. So, the options around this are either: - When you spend from your paper wallet, redirect any change to a brand new paper wallet.
- Instead of making a classic paper wallet consisting of just a single private key, instead use an entire seed phrase so the paper wallet can be reused multiple times without having to worry about losing change addresses.
|
|
|
|
|
|
LoyceMobile
|
|
December 14, 2020, 08:50:03 PM
Last edit: December 15, 2020, 06:45:39 PM by LoyceMobile |
|
I generated a Paper wallet a few minutes ago and the website mentioned that if I was to spend with the paper wallet, I needed to spend everything at once or my funds would almost surely be lost forever. Which website did you use? I know one that makes this statement, and it's scamming after it was sold. If you use it, you put for funds at risk! |
|
|
|
Little Mouse
Legendary
Offline
Activity: 2086
Merit: 2040
Marketing Campaign Manager |Telegram ID- @LT_Mouse
|
|
December 15, 2020, 11:42:14 AM |
|
OP, it’s too risky to use online method to generate private key for paper wallet as it can be stolen through some spy in the website. You should generate private key through offline method only. and it's scanning after it was sold. If you use it, you put for funds at risk!
Did you mean scamming? |
| .SHUFFLE.COM.. | ███████████████████████
███████████████████████
███████████████████████
███████████████████████
███████████████████████
███████████████████████
███████████████████████
███████████████████████
███████████████████████
███████████████████████
███████████████████████
███████████████████████
███████████████████████ | ███████████████████████
███████████████████████
███████████████████████
███████████████████████
███████████████████████
███████████████████████
███████████████████████
███████████████████████
███████████████████████
███████████████████████
███████████████████████
███████████████████████
███████████████████████ | .
...Next Generation Crypto Casino... |
|
|
|
hatshepsut93
Legendary
Offline
Activity: 3010
Merit: 2148
|
|
December 15, 2020, 07:44:48 PM |
|
OP, it’s too risky to use online method to generate private key for paper wallet as it can be stolen through some spy in the website. You should generate private key through offline method only.
Simply being offline does not solve all security problems. If you just turn off your Internet connection, that's nearly useless, because keyloggers would report back to their servers as soon as they will get a chance. And even airgaps don't protect you from malicious wallets. You need to understand that you're putting your trust in whatever method you choose to generate your private keys, and the best way to put your trust is to use open-source projects with decent community, because you're not just trusting developers, you're also trusting hundreds if not thousands of users who verified the codebase, so the chance of malicious code is very low. |
|
|
|
|
bitcoinermatt (OP)
Member
Offline
Activity: 120
Merit: 63
|
|
December 17, 2020, 01:26:39 AM |
|
I generated a Paper wallet a few minutes ago and the website mentioned that if I was to spend with the paper wallet, I needed to spend everything at once or my funds would almost surely be lost forever. Which website did you use? I know one that makes this statement, and it's scamming after it was sold. If you use it, you put for funds at risk! I used bitcoinpaperwallet.com |
|
|
|
|
hosseinimr93
Legendary
Online
Activity: 2436
Merit: 5401
|
|
December 17, 2020, 01:48:51 AM |
|
|
|
|
|
|
thecodebear
|
|
December 17, 2020, 03:17:36 AM |
|
Bitcoin addresses are meant to be single use for sending transactions, whether or not you use a paper wallet. The idea is that once you send a transaction that means you entered your private key into a computer and so there is a non-zero chance that it could be stolen. The individual likelihood of your funds getting stolen of course is very low, but it will and has happened to some people. There are an unthinkable number of bitcoin addresses so it is perfectly fine that every transaction involves essentially burning an address (forgetting that key/address), every person on the planet alive for the next thousand years could use a billion keys/addresses each and we'd still have barely scratched the surface of the address space of bitcoin.
|
|
|
|
|
o_e_l_e_o
In memoriam
Legendary
Offline
Activity: 2268
Merit: 18588
|
|
December 17, 2020, 12:39:42 PM |
|
The idea is that once you send a transaction that means you entered your private key into a computer and so there is a non-zero chance that it could be stolen. Although there are some theoretical security risks with reusing address, such as with reused R values or quantum computers, that's not really the reason why addresses should be single use. It's more from a privacy point of view. If you are using an online wallet or a software wallet on an internet connected device, then every private key in that wallet is already exposed and there is a non-zero chance of theft, regardless of whether or not you have used the associated addresses yet. Similarly, I can sign transactions on a hardware wallet or airgapped computer which keep private keys isolated from the internet, but that still doesn't mean I should start reusing addresses. When you reuse an address, you compromise your privacy. You give away details of other transactions you have sent or received, other coins you hold, other payments you have made, other addresses you own. If you reuse the same handful of addresses repeatedly, then your entire financial history becomes public knowledge. |
|
|
|
|
LoyceV
Legendary
Offline
Activity: 3346
Merit: 16904
Thick-Skinned Gang Leader and Golden Feather 2021
|
|
December 19, 2020, 11:29:20 AM |
|
I generated a Paper wallet a few minutes ago and the website mentioned that if I was to spend with the paper wallet, I needed to spend everything at once or my funds would almost surely be lost forever. Which website did you use? I know one that makes this statement, and it's scamming after it was sold. If you use it, you put for funds at risk! I used scamsite.bitcoinpaperwallet.com That is the one I meant (but didn't want to mention it). It's compromised and scamming since it was sold! I've edited your quote to make it more obvious  |
|
|
|
|
manfredmann
|
|
December 19, 2020, 11:38:33 AM |
|
Well, that is not really an issue in my case if I had to spend it then why not? Anyway, if you have change then I will going to create another bitcoin paper wallet and send the change to the new bitcoin paper wallet created. It should not get into more complicated process. However, the more convenient way of storing bitcoin are those bitcoin wallets specifically hardware bitcoin wallets that has cold storage and wallet for bitcoin wallet ready to spend.
|
|
|
|
|
|
