Why has my newly created Bitcoin address already been used?

[nc50lc]

On the service https: // bitcoinpaperwall ... on the second attempt, the address 1MfPqSDiraPRBVyYASNkF8oc5Ja1ZkdsZn was "generated". I even made a screenshot for memory.

You're the third person that reported the same issue here so far, there's something really "fishy" on that site.
It's either the code is flawed or there's a number of pre-generated keys that's being monitored by the owner.

[HCP]

Not to mention the ones mentioned earlier on reddit and then this one on stackexchange:
https://bitcoin.stackexchange.com/questions/85038/what-did-i-do-wrong-that-caused-me-to-lose-bitcoin


It seems indeed that there have been some shenanigans of some sort, since the site was sold: https://www.reddit.com/r/btc/comments/942435/bitcoinpaperwalletcom_is_under_new_ownership/

Hopefully it's just a weak RNG... but you'd have thought that if that was the case, that more people would have been caught up in this. bitcoinpaperwallet was a VERY popular site...

I guess for now, the recommendation is: AVOID bitcoinpaperwallet.com!

[LoyceV]

It seems indeed that there have been some shenanigans of some sort, since the site was sold: https://www.reddit.com/r/btc/comments/942435/bitcoinpaperwalletcom_is_under_new_ownership/

I especially don't like the part on bitcoin paper wallet dot com where it says:

Why trust this site?
~snip~
We—started this service in 2013

They don't mention the fact that the current owner bought the site. I wonder why

[o_e_l_e_o]

-snip-

Ooft. Having a closer read of the text on their website, it is fully of shady implications like this.

This generator is based on BitAddress, the well established and most trustworthy open-source engine for generating addresses using your own browser's JavaScript engine.

This is utterly meaningless. "Based on a trusted open-source engine"? All the scam versions of Electrum which were downloaded were "based on a trusted open-source engine".

To be more secure, you should download this wallet generator from GitHub and run it offline

Can anyone find a GitHub repository? I can't find a single link anywhere on the site. The original is here: https://github.com/cantonbecker/bitcoinpaperwallet, but obviously hasn't been updated in 2 years.

Their "endorsement" by Andreas Antonopoulos was from before the site was sold.

Worth noting that the Bitcoin Wiki still says it is open-source and links to the now defunct GitHub. This needs updated. I'll make a post in the Wiki board.

[SimpleVv0]

It's obviously scam, person who bought walletgenerator, has also bitcoinpaperwallet.

After some research, please look at this:
https://medium.com/mycrypto/disclosure-key-generation-vulnerability-found-on-walletgenerator-net-potentially-malicious-3d8936485961

and then you can find directory listing is enabled:
https://bitcoinpaperwallet.com/bitcoinpaperwallet/

and finally this modified website:
https://bitcoinpaperwallet.com/bitcoinpaperwallet/generate-walletfe23t9u2fhjnj3f32.html

random generator is broken in same way as in the article:

Code:

        var coinImgUrl = "https://bitcoinpaperwallet.com/bitcoinpaperwallet/images/logo-" + whichDesign + ".png";
...
        var base64 = "data:image/png;base64," + btoa([].reduce.call(new Uint8Array(this.response),function(p,c){return p+String.fromCharCode(c)},''));
                for(var i = 0; i < base64.length; i++)
                {
                    if(i+3 < base64.length)
                    {
                        if(base64.charCodeAt(i) != 0 && base64.charCodeAt(i+1) != 0 && base64.charCodeAt(i+2) != 0 && base64.charCodeAt(i) != 1 && base64.charCodeAt(i+1) != 1 && base64.charCodeAt(i+2) != 1)
                        {
                            SecureRandom.seedInt((base64.charCodeAt(i) * base64.charCodeAt(i+1) * base64.charCodeAt(i+2))*(i+1));
                        }
                    }
                }
                SecureRandom.loaded = 1;
            };

So, beware of bitcoinpaperwallet.com and walletgenerator.net, they will steal your coins !!!

[oriolpont]

Be cautious with services generating your addresses, you should look into bitcore.io it's easy to use


Here is how you can install it and run it
https://github.com/bitpay/bitcore#bitcore

Please, don't. Bitcore wallet / Copay is unmaintained, at least on the Bitcoin side (they focused mostly on Bcash).

Electrum has easy multisig and it is also cross-platform.

[TacoDog]

It's obviously scam, person who bought walletgenerator, has also bitcoinpaperwallet.

After some research, please look at this:
https://medium.com/mycrypto/disclosure-key-generation-vulnerability-found-on-walletgenerator-net-potentially-malicious-3d8936485961

and then you can find directory listing is enabled:
https://bitcoinpaperwallet.com/bitcoinpaperwallet/

and finally this modified website:
https://bitcoinpaperwallet.com/bitcoinpaperwallet/generate-walletfe23t9u2fhjnj3f32.html

random generator is broken in same way as in the article:

Code:

        var coinImgUrl = "https://bitcoinpaperwallet.com/bitcoinpaperwallet/images/logo-" + whichDesign + ".png";
...
        var base64 = "data:image/png;base64," + btoa([].reduce.call(new Uint8Array(this.response),function(p,c){return p+String.fromCharCode(c)},''));
                for(var i = 0; i < base64.length; i++)
                {
                    if(i+3 < base64.length)
                    {
                        if(base64.charCodeAt(i) != 0 && base64.charCodeAt(i+1) != 0 && base64.charCodeAt(i+2) != 0 && base64.charCodeAt(i) != 1 && base64.charCodeAt(i+1) != 1 && base64.charCodeAt(i+2) != 1)
                        {
                            SecureRandom.seedInt((base64.charCodeAt(i) * base64.charCodeAt(i+1) * base64.charCodeAt(i+2))*(i+1));
                        }
                    }
                }
                SecureRandom.loaded = 1;
            };

So, beware of bitcoinpaperwallet.com and walletgenerator.net, they will steal your coins !!!

Question Good Sirs!

Downloading those sites, running them offline, and only using the "Wallet Details" to enter your dice made HEX PrivKey to get your address, should be ok, right?

Or what would be the best option to get an address from an HEX PrivKey?

Awesome work discovering this! much thanks!

[o_e_l_e_o]

Downloading those sites, running them offline, and only using the "Wallet Details" to enter your dice made HEX PrivKey to get your address, should be ok, right?

Not necessarily. A site could quite easily just show you a pre-generated address from a list of pre-generated addresses which all belong to a malicious attacker, regardless of what private key you enter. Downloading the site and running it offline won't protect against that at all.

If you are going to go down that route, then you should use multiple sources to make sure that they generate the same address, and the sources you use should be open source. If you are unable to audit the code yourself, then find someone trusted to do it for you, or look for community consensus that the site or service is trusted. Ideally, the computer you enter your private key to should be permanently airgapped rather than just temporarily offline. If you don't have an airgapped computer, then a run a live OS from a USB stick. You could download and verify Electrum from electrum.org, as well as an open source site such as bitaddress.org from their GitHub, and ensure the address generated by each service matches.

[bedla]

I have done simple script to generate 100 addresses bitcoinpaperwallet.com. From these 100 addresses were 24 already used (tx count > 0)

Code:

1KGNd5VeZtuznXkNykoJMF3x17LjNQDq3D
13uH54xDLpGFq4uFbAb6tJpG2ReSxpuza3
18AHh2tPonmQSrHPzAJ6RD2KMSG2WRt4in
19VYwcfjpmbN7NoYDJjRhCziK6pRMhhSb
19xbLFGJU8QkXvxzW2bbs8ANABNBfLkZPm
1BZHQanTxNyfbPnxHec72dG3mPvgDHKhRg
1529n4injHqVQLeC9gjtaG5xMmrJKYiFcn
16oLbqAuKCE6GpD1sB5pJ6VwxNh1Pa1YhK
17XJvVkQJ9TL9WRXk8g2tb3APS6vyXJJV6
18kQ7b8cvfvDaioFnncTffPK6rxfW2Ht2j
18o1NmcfKpTAiR1pZsPk3yPD4xV6subG18
19HX43m1W6eaxhT7qD8BmxPEDLU549ZYHX
19jnChYpb6GweNdjTvycZv3Lf8daytPtFd
1AjgxUANuB44ZsZ9qot12bjy2kmhmVJ6Zd
1B8YcYjJnpsapVRgGt5upGCHma9DbC4ADo
1BgK8t4YQkSvg9tnmeaCcKKqUuVFpPVmSX
1Ckzbj7yHgtbKRtxT5JZDrrtRLBGsaWWyr
1EimBpXgYqKP3twh5QPmgjpAVeGjCpbVgJ
1G2tcYNxgbndxvqaBCHDt4JLsXnCYnGxLz
1GDmoqDc4X51iBe4cpvHRwJTDuc3je8JKk
1JnuFETZRMcuJTJDj7xLs4qFjm7DMpcpKV
1KeAfFjH84v3Mg7uNbi66MZAMZMJKbA1wp
1PhW4HGRsn4DTZr2AWVZAviSgGnayN6Vhw
1QBUL6ddarYbqWSzHDKjMeNBQci59vZmNN

If anyone thinks this site is safe in offline mode, it is not. Another test, new seed, computer disconnected from internet. From 100 addresses, 27 were used.

Code:

1KGNd5VeZtuznXkNykoJMF3x17LjNQDq3D
13mFSZheed2VQgbEWGerxyrGqTnKk5ZUXT
13uH54xDLpGFq4uFbAb6tJpG2ReSxpuza3
19VYwcfjpmbN7NoYDJjRhCziK6pRMhhSb
14ZWc1YdsCT2bCRdxthyypzxrSnbaFN6Lm
112n8MsV55HQ5ibwjp1psFmtXHedpb4YTL
13o9YDygRaYeSsZuky9rhhwnzEcRLFywWi
1529n4injHqVQLeC9gjtaG5xMmrJKYiFcn
16oLbqAuKCE6GpD1sB5pJ6VwxNh1Pa1YhK
17XJvVkQJ9TL9WRXk8g2tb3APS6vyXJJV6
18kQ7b8cvfvDaioFnncTffPK6rxfW2Ht2j
18o1NmcfKpTAiR1pZsPk3yPD4xV6subG18
19HX43m1W6eaxhT7qD8BmxPEDLU549ZYHX
19jnChYpb6GweNdjTvycZv3Lf8daytPtFd
1AjgxUANuB44ZsZ9qot12bjy2kmhmVJ6Zd
1BgK8t4YQkSvg9tnmeaCcKKqUuVFpPVmSX
1Ckzbj7yHgtbKRtxT5JZDrrtRLBGsaWWyr
1EimBpXgYqKP3twh5QPmgjpAVeGjCpbVgJ
1G2tcYNxgbndxvqaBCHDt4JLsXnCYnGxLz
1GDmoqDc4X51iBe4cpvHRwJTDuc3je8JKk
1KZ4QS51KgmpE52m9NXp8rUCxUuYAK1FnN
1KeAfFjH84v3Mg7uNbi66MZAMZMJKbA1wp
1LYd9EdQdfQrwPn2Qx8CvwL8JHLr2Erot4
1MnG9KumACRJP158xntCb1i28TiT83Rxho
1NudbExzDo4xjGZZFmaxy7zzCd3J6NsXUW
1PhW4HGRsn4DTZr2AWVZAviSgGnayN6Vhw
1QBUL6ddarYbqWSzHDKjMeNBQci59vZmNN

Last test, 10000 addresses generated, just to find, who lost potentionally the most because of this scammy website. It was 18zSTXqo1PrPLY3v53LaCqdd6WiXPBaw2c, with almost 4 BTC in february this year. To prove this, I have signed message with the private key of this address.

Code:

Message: bitcoinpaperwallet.com is SCAM!
Address: 18zSTXqo1PrPLY3v53LaCqdd6WiXPBaw2c
Signature: G6GKC3l+xjd19Bzh63mkL4qSNu65OGeSPgFTaN98a1KDE3n93h3+JO9CZvqQN6ejUGGReg1x8bk85JkDHRvFMPU=

[Chivas Regal]

Sorry if my question is a little dense; what was the wallet address(es) the OP created and where did the funds that were in those wallets end up going?  (Follow the money)

[TacoDog]

Downloading those sites, running them offline, and only using the "Wallet Details" to enter your dice made HEX PrivKey to get your address, should be ok, right?

Not necessarily. A site could quite easily just show you a pre-generated address from a list of pre-generated addresses which all belong to a malicious attacker, regardless of what private key you enter. Downloading the site and running it offline won't protect against that at all.

If you are going to go down that route, then you should use multiple sources to make sure that they generate the same address, and the sources you use should be open source. If you are unable to audit the code yourself, then find someone trusted to do it for you, or look for community consensus that the site or service is trusted. Ideally, the computer you enter your private key to should be permanently airgapped rather than just temporarily offline. If you don't have an airgapped computer, then a run a live OS from a USB stick. You could download and verify Electrum from electrum.org, as well as an open source site such as bitaddress.org from their GitHub, and ensure the address generated by each service matches.

Sorry if my question is a bit off topic, I'm quite new here and I would really appreciate someone pointing me out to the right direction.

So... What would be the best way to create your address? sadly, at the end you will end up trusting someone else... many people say "just buy a hardware wallet" but then ppl are just trusting that company...

I liked the idea of creating PrivKeys myself, with dices or any other kind of entropy because that way I am totally sure I am the only one that knows it, but at the end I don't know what to do with it, how do I get an Address from an HEX Priv Key?? What about downloading several paper wallets sites, running them offline in a Live OS and comparing their results to make sure they are giving me the same WIF and Address?? does anyone have a better suggestion??

At the end, what is what most people do to have their OWN wallets? most people download the Bitcoin Core or what?? or they just thrust on someone else's code?? What does most people here do?? (Own nodes I suppose??)

Thanks in advance!

[nc50lc]

Sorry if my question is a bit off topic, I'm quite new here and I would really appreciate someone pointing me out to the right direction.

If your problem is just generating a paper wallet, then you shouldn't use a random online generator.
You can use any well-known client like Bitcoin Core, Electrum, Armory, etc.  to create the address and private key.
You can use them to create a key pair on an Air-Gap Machine; ofcourse, the steps differ per client.

When it comes with trust, those mentioned wallets are "open-source", means that their source code is open for the public to check if there are malicious codes in it.
If you can't review it yourself, you can ask someone who's an expert on the programming language of the wallet's source code.

For hardware wallets, most are closed-source because if they aren't, then it will be easier to find a vulnerability to hack their firmware/hardware.
People are trusting them (the famous ones) because they "stand the test of time".

BTW, this topic has been derailed too far, it won't be an issue to create your own thread.

[slaman29]

The things people can learn about just by reading this section every now and then! Never generated my own wallets but I always thought this paper wallets are not recommended anymore? Or is Bitcoin wiki wrong now?

Flip a coin 11 times, turn the resulting number in to a BIP39 word from the word list. Repeat 22 more times.
Flip a coin 3 times, calculate the checksum using a permanently airgapped computer, pick the last word.

How do you mean turn resulting number? Coinflip is Heads or Tails only right?

[o_e_l_e_o]

Never generated my own wallets but I always thought this paper wallets are not recommended anymore?

They aren't recommended for newbies or casual users, because they are difficult to set up securely and difficult to use safely, and there are a lot more things that can go wrong than using a software or hardware wallet. If you know what you are doing, though, then they are one of the safest methods for long term bitcoin storage.

How do you mean turn resulting number? Coinflip is Heads or Tails only right?

You would assign heads the value of "1" and tails the value of "0" (or vice versa). Flipping the coin 11 times will give you an 11 digit number in binary. Convert that to base 10 and you get a number between 0 and 2047, which will correspond to a word from the BIP39 wordlist which contains 2048 words.

[bedla]

How do you mean turn resulting number? Coinflip is Heads or Tails only right?

With 11 flips you have nice 11 bit number, which you can then convert from binary to decimal representation and then use word on the corresponding line - https://github.com/bitcoin/bips/blob/master/bip-0039/english.txt

Eg you can think about head as 1, tail as 0.

For example:
Flips:            H T H H H T H H T H T
Binary:         1 0 1 1 1 0 1 1 0 1 0
Decimal:       1498 -> Increment by one (because lines are numbered from 1, not from 0) -> 1499
BIP-39 word: robust - https://github.com/bitcoin/bips/blob/master/bip-0039/english.txt#L1499

[bob123]

I liked the idea of creating PrivKeys myself, with dices or any other kind of entropy because that way I am totally sure I am the only one that knows it, but at the end I don't know what to do with it, how do I get an Address from an HEX Priv Key?? What about downloading several paper wallets sites, running them offline in a Live OS and comparing their results to make sure they are giving me the same WIF and Address?? does anyone have a better suggestion??

It is easy.

Download and verify a live linux distribution.
Install it onto an USB stick.
Boot it.
Use /dev/random to gather 256 bit of entropy.
Use openssl to generate your private key, public key and address.


If you don't trust a linux distribution like debian or arch or don't trust your hardware, you will never be able to use bitcoin securely.
In the end, you do need a computer to send a transaction. You need to trust your hardware.


Just don't use use shit like online paper wallet generators. Not even offline. And not from github.
Just don't use them at all.

[slaman29]

Never generated my own wallets but I always thought this paper wallets are not recommended anymore?

They aren't recommended for newbies or casual users, because they are difficult to set up securely and difficult to use safely, and there are a lot more things that can go wrong than using a software or hardware wallet. If you know what you are doing, though, then they are one of the safest methods for long term bitcoin storage.

How do you mean turn resulting number? Coinflip is Heads or Tails only right?

You would assign heads the value of "1" and tails the value of "0" (or vice versa). Flipping the coin 11 times will give you an 11 digit number in binary. Convert that to base 10 and you get a number between 0 and 2047, which will correspond to a word from the BIP39 wordlist which contains 2048 words.

Interesting. I did not remember reading that at Bitcoin wiki, my only takeaway was that paper wallets do not last long and can get easily damaged without right storage conditions.

Thanks very much for the tip on random conversion, and to bedla for explaining it more. I actually understood that, but only after referencing a few sites. IT is definitely not for newbies and not even for a regular user if you do not understand these technical terms!

[o_e_l_e_o]

Interesting. I did not remember reading that at Bitcoin wiki, my only takeaway was that paper wallets do not last long and can get easily damaged without right storage conditions.

This is true, but it is also true of other storage mediums as well. Electronic storage is also susceptible to fire, flooding, moisture, etc., and electronic storage will also slowly degrade over time even in perfect storage conditions, as well as having a limited number of write cycles. A laminated piece of paper in a fireproof and waterproof safe would likely outlast you or I.

A paper wallet also doesn't actually have to use paper. You can also make a "paper" wallet in the fashion described above by inscribing the resulting seed phrase on a piece of metal, or by buying one of the devices manufactured for this purpose.

[LoyceV]

I have done simple script to generate 100 addresses bitcoinpaperwallet.com. From these 100 addresses were 24 already used (tx count > 0)

Can you share how you did this? I'd like to reproduce this. I have a crazy idea, but that's for another topic.

Last test, 10000 addresses generated, just to find, who lost potentionally the most because of this scammy website. It was 18zSTXqo1PrPLY3v53LaCqdd6WiXPBaw2c, with almost 4 BTC in february this year. To prove this, I have signed message with the private key of this address.

That guy had been funding his address for a while before it got emptied, and even after it got emptied, he continued funding it (after which it got emptied instantly).

[bedla]

Can you share how you did this? I'd like to reproduce this. I have a crazy idea, but that's for another topic.

Go through (or skip) seed generation process on that page. This will generate first wallet. After that paste this into your browser developer console. Increase 100 to larger sample if needed. You can also go offline and change console logging level to only INFO, this will make the process faster. Increase 10*i to 100*i or larger, if you see in console many duplicate keys in row. You may need to change element ids, if is your intention to audit different website.

Code:

for (i = 0; i < 100; i++) {
    window.setTimeout(
        function () {
            document.getElementById("papergenerate1").click();
            console.log(document.getElementById("btcaddressprivkey").textContent)
        }, 10*i) // 10 is OK for offline mode, for online mode better use 100, to give a time for loading of images. If you se many duplicates in row, increase value depending on your network connection.
}

Then get console output (right click, save As in Chrome) and import all to wallet, I have used Electrum (New wallet -> Import private keys -> paste all keys).

I cannot reproduce this ATM, so website owner took the phishing version down, or is targetting only specific IP addresses, or found a less stupid way of stealing bitcoins :-)