Andreas Antonopoulos says to stop using paper wallets, do you agree?

[ChiBitCTy]

Was just having the convo of safest storage methods with some buddies and an hour later this popped up on my YouTube - https://youtu.be/iNHVbDtUL0E

I’m having a hard time understanding if he means for the general public/ non experts (me) or even for someone like himself or Gmaxwell , for example ?  I had always been taught that paper wallets are the purest form of cold storage. He’s advocating for hardware wallets (even over a correctly established air-gapped pc) , but there are some risks they pose that paper does not, right?  He’s stating paper wallet tech is simply outdated, but I don’t see how?

As always appreciate any insight you Mr Robots can provide!

[1713428573]

1713428573

[1713428573]

1713428573

[ranochigo]

Paper wallets are fine, but most people don't know how to use it properly. For the sake of simplicity, I'm answering from the POV that both HD and single address paper wallets are the same.

I skimmed through the video, so forgive me if I got any of it wrong. Cold storage are offline methods of storing the keys, but it doesn't guarantee any degree of security, or at least without the user intentionally practicing good security habits (generation, and spending namely). I've long advocated for most people to use hardware wallets, because they are designed to be secure. They are convenient in the sense that they dumb down the security for most, to the point for which it is harder to make common mistakes which can compromise the security.

If you can correctly and securely establish your own air-gapped wallet, then sure, you should use it by all means. That eliminates the costs going into it and also the degree of trust into the device and the manufacturer. However, if you know that you might unintentionally make any mistakes which can compromise your security, or if you're unsure about what attack vectors that you're trying to guard against (and if you can eliminate them effectively), then please use a hardware wallet.

Personally, I've used a RPi as an air-gapped wallet for quite a while but the hassle of it doesn't really appeal to me, though I know I can properly generate and use the cold storage. I opted for a well-known and transparent hardware wallet and have never looked back since.

[Pmalek]

He is saying that it is not needed to keep track of individual private keys (on paper, steel or otherwise) and their addresses in today's age of recovery phrases. When Bitcoin was still in its beginning, it didn't have 12/24 word recovery phrases. Now it does and we use HD wallets. Why make backups of a single private key when you can take note of the recovery phrase and back up every private key that can be derived from it. That's what he is talking about.

[LoyceV]

None of his arguments against paper wallets scare me. He basically says you have to trust a hardware wallet.
It's a hell of a lot more complicated to create and use a paper wallet on a proper air gapped system though, but once in a while I swing on a dedicated laptop for it. I also have a dedicated printer, without Wifi or LAN.

Let's counter his arguments: how often has a paper wallet leaked millions of customer addresses? I've seen countless people enter their mnemonic seed into a phishing website. I've seen even more people lose their funds because they left them on an exchange. Paper wallets aren't perfect, but they serve a purpose.
I've used paper wallets as a very easy giveaway, and some of the receivers still hodl it. The total value at the time was less than the price of a hardware wallet, which makes a paper wallet the best solution in that case.

[pooya87]

I wouldn't tell anyone to stop using any type of wallets, just as long as they understand what are the advantages and disadvantages of each wallet type (that could include even custodial wallets). For example a paper wallet generated on a website is never secure or a hardware wallet that can be exploited can lead to losses. So you can never that one method is better than the other IMO.

When comparing hardware wallets with paper wallets I would consider two facts.
1) If the user is new and doesn't want to or can not spend time learning and creating a secure wallet, the hardware wallet for them is a good option. They just have to pay some money to buy them.
2) If the user is going to regularly access the wallet, using hardware wallet is more convenient than using a paper wallet. Also if paper wallet was chosen a HD one should be created instead of a single key.

Personally since I didn't like paying for my bitcoin wallet, I created my own cold storage using a USB disk and a Linux OS and Electrum with paper backups. I wouldn't call it outdated either.

[PrimeNumber7]

Using a paper wallet increases the scope in which your private key can potentially be compromised compared to a hardware wallet or an encrypted wallet on a hard drive. This is true for both when you are creating a paper wallet, and when you are spending coin that you have stored on a paper wallet.

[Pmalek]

Let's counter his arguments: how often has a paper wallet leaked millions of customer addresses?

Not really a fair comparison. How could a paper do that?

Consider this scenario:
You said you have a printer without WIFI. Maybe you bought it with cash, maybe with a credit card that shows your real name. That information is stored somewhere on a server. The shop gets hacked and the data gets leaked. Does that make your product (the printer) worse? Would you stop using it and throw it away?
Although Andreas is advocating for the use of hardware wallets (I think he even mentioned ColdCard in the video), the point is to stop using individual private keys and back them up. Too many mistakes have happened that have caused people to lose money by not making a proper backup of their private key, using bad software solutions that send change to a different address whose private key you don't have, etc. Instead of that use HD wallets and forget about single keys. Hardware wallets happen to be a good compromise between security and simplicity.

[ChiBitCTy]

Thanks guys! This is pretty much what I thought, but the outdated tech comment threw me. 

Besides hacks to HD wallet databases ( why companies can’t seem to properly secure their servers with encryption like Signal /telegram have I still don’t understand, shouldn’t there be encryption code out there everyone could utilize, or would that expose the encryption and make it useless?) are there any other big security risks with them? Could Trezor /ColdCards etc secretly build in some sort of attack that would enable them to steal coins somehow? Perhaps a highly technical employee plans to go rogue with a few million so they build it in and steal before anyone notices…Maybe this is a silly question but this stuff is Chinese to me. Appreciate y’all !

[ranochigo]

Besides hacks to HD wallet databases ( why companies can’t seem to properly secure their servers with encryption like Signal /telegram have I still don’t understand, shouldn’t there be encryption code out there everyone could utilize, or would that expose the encryption and make it useless?) are there any other big security risks with them? Could Trezor /ColdCards etc secretly build in some sort of attack that would enable them to steal coins somehow? Perhaps a highly technical employee plans to go rogue with a few million so they build it in and steal before anyone notices…Maybe this is a silly question but this stuff is Chinese to me. Appreciate y’all !

Signal and Telegram are not encryption, neither are they used to secure data. They are messaging applications.
Nevermind, might've misunderstood it. They operate on a need-to-know basis, messages are encrypted from end-to-end.

The hardware wallet company needs your personal data, or else your hardware wallet will never reach you. Unlike passwords, which allows for websites to only store hashed and salted database, you cannot store an encrypted shipping address (without it being decrypted at some point in time), because that is useless. At some point in time, your shipping data will be made known to the company and that is the time frame for which it can be compromised. Problem being, certain company was found to have stored the data for longer than necessary (ie. after the device is shipped).

Sure, hardware wallets can definitely do this. Use a flawed RNG at any point in time when you're using your device. This is why independent audits and having their firmware being open source are necessary. The way most hardware wallet is designed makes it such that it is difficult to embed malicious codes without changing the chips themselves, ColdCard for example does a check on the firmware on every boot and its bootloader only takes in signed firmware.

Still, there is a certain level of trust which can really never be eliminated. I'd probably still support a well-known manufacturer though.

[LoyceV]

Let's counter his arguments: how often has a paper wallet leaked millions of customer addresses?

Not really a fair comparison. How could a paper do that?

Exactly, that's my point

Consider this scenario:
You said you have a printer without WIFI. Maybe you bought it with cash, maybe with a credit card that shows your real name. That information is stored somewhere on a server. The shop gets hacked and the data gets leaked. Does that make your product (the printer) worse? Would you stop using it and throw it away?

Everybody has a printer, nobody cares about it, and nobody is going to hit you on the head with a $5 wrench to ask you about your printer. But just in case, you can pick one up at a store, wear a mask inside, and pay in cash.

Too many mistakes have happened that have caused people to lose money by not making a proper backup of their private key, using bad software solutions that send change to a different address whose private key you don't have, etc. Instead of that use HD wallets and forget about single keys. Hardware wallets happen to be a good compromise between security and simplicity.

That's all true, but doesn't mean paper wallets can't be used in certain cases. In fact, it works just as well as it did 10 years ago, and that's the beauty of paper wallets: it will still work the same decades later.

[ABCbits]

Could Trezor /ColdCards etc secretly build in some sort of attack that would enable them to steal coins somehow? Perhaps a highly technical employee plans to go rogue with a few million so they build it in and steal before anyone notices…

Sure, hardware wallets can definitely do this. Use a flawed RNG at any point in time when you're using your device. This is why independent audits and having their firmware being open source are necessary. The way most hardware wallet is designed makes it such that it is difficult to embed malicious codes without changing the chips themselves, ColdCard for example does a check on the firmware on every boot and its bootloader only takes in signed firmware.

Still, there is a certain level of trust which can really never be eliminated. I'd probably still support a well-known manufacturer though.

Independent audit/open source firmware could reduce the risks. But rogue firmware update (e.g. forcing fixed k value on ECDSA during signing transaction) signed/released by rouge employee is theoretically possible.

[n0nce]

While a cypherpunk myself; and a fan of fully trusted setups, generating seeds with own entropy and stuff like that, I think Andreas is speaking to the 99% of the crowd who probably aren't even on this forum and would 9 times out of 10 mess up a paper wallet.

If you know what you are doing and you use a setup like Loyce (with dedicated offline printer and computer) and such, go for it - there will be less trust involved.

But the majority of people will create a paper wallet probably with the online version of a potentially malicious site and screenshot the seed; thus making it heaps more secure for them to just use a hardware wallet.

To be honest, people can be phished into giving away their seed more easily when it's printed on paper as well, compared to hardware wallets that either only show it once during creation of the wallet or have to be dug out of a deep menu that gives a person time to second-guess what they are actually about to do. HW wallets could even implement features like time-locks before showing the seed and display a support email address or the like (though I haven't seen that done yet) if there are any questions from the customer, for example.

[ranochigo]

Independent audit/open source firmware could reduce the risks. But rogue firmware update (e.g. forcing fixed k value on ECDSA during signing transaction) signed/released by rouge employee is theoretically possible.

The risk exists across all of the platforms/devices and wallets. Your OS could've had the entropy being compromised inadvertently, or your wallet could've wrongly implemented the CSPRNG calls. The only real way to mitigate this is to review the code yourself to ensure that it isn't broken or to check if the signature of the firmware is checked and signed by someone you trust.

[mynonce]

It doesn't matter how you store your keys, but always remeber ...

I have a question. Recently there was a flood and a notebook containing a offline wallet was damage and it destroyed part of a WIF private key, so now I basically have:
Kw**********(I have the next 40 characters, just not posting for obvious reasons), so I am missing 10 characters in all. ...
Missing 10 Characters in WIF Private Key - Can I recover them?

[ChiBitCTy]

You guys are awesome, I really appreciate the education! Im not good with this stuff but I really enjoy learning about it so thank you all.

Something I read ..someone was saying TapRoot will or has replaced Bip38, and that it will change some things in regards to how you need send transactions from wallet to wallet.  True, or is it the same deal as like a legacy addy to a segwit addy,  which can be interchangeable as far as I know. After just recently sending Matic Polygon to Binance US to a Matic erc20 address like a fool (guessing those coins are gone?) I’m wanting to make sure I don’t make any similar mistakes again.

[DaveF]

Never talk in absolutes.
Should someone who does not know the risks of paper wallets use them? Probably not.
Should someone who knows how to make them secure, understands the risks & vulnerabilities and such use them if they want to? 100% yes.

People in general have gotten used to banks / brokerage houses / and so on keeping their money somewhat safe. Now that we have to take some responsibility to keep our funds safe there will always be "a better way to do it" but everyone will do what works for them, not what is "better" since what works for me might not work for you.

Also, keep in mind you still see how at times the failures of this. There are news items popping up about how people bought an old house and while renovating it found cash / gold / other expensive items in the walls. At times the home had passed thought several owners before it was found. Guess that secure method did not work out well for the person who did it.....

-Dave

[o_e_l_e_o]

As Andreas says at 0:43, in this video he is talking about a single key paper wallet, which is essentially a piece of paper containing a single private key and single address. I tend to agree with him here; such wallets are outdated. I have several wallets which I would refer to as a paper wallet, that is, a wallet which is generated on an airgapped device using a live OS, stored only on paper, and then all digital traces of the wallet are destroyed. However, all my such wallets are HD wallets, which involve me writing down a seed phrase, maybe a passphrase if I'm using one (on separate paper), and noting the first handful of addresses with which to receive coins. This avoids all the issues with single key paper wallets, such as making mistakes when handling individual private keys, privacy implications of reusing the same address, losing change, and so on. It also allows me to bypass using a printer altogether and hand writing the seed phrase and passphrase instead of printing the private key.

His arguments regarding hardware wallets are also correct, though. For the vast majority of users, a hardware wallet will be a much better option than an airgapped device, since they do not have the technical knowledge or skills to properly set up an airgapped device. No reason you can't combine the two though, if you really want to use a paper wallet. Take your hardware wallet, generate a new seed phrase, write it down, get the first address to send some coins to, and then wipe your hardware wallet. You now effectively have an HD paper wallet.

[dkbit98]

He’s stating paper wallet tech is simply outdated, but I don’t see how?

I saw this video few days ago and I would somehow agree with him that average users, and tiktok generation should better stop using and generating paper wallets because they are obsolete.
There is nothing wrong if you already have some old paper wallet, and you can use it just fine, but it's much better to have option for easy generating of new addresses, that is impossible to do on paper wallets.
If I had to choose between open source hardware wallet and paper wallets, I would always choose hardware wallet option.

Let's counter his arguments: how often has a paper wallet leaked millions of customer addresses? I've seen countless people enter their mnemonic seed into a phishing website. I've seen even more people lose their funds because they left them on an exchange. Paper wallets aren't perfect, but they serve a purpose.

Remember when one of those online website generating paper wallets got compromised, and I think that even you (correct me if I am wrong) had to change recommendations for using that website?
Thousands and maybe millions of people used that website that had a flaw, meaning that information was leaked, and who knows how many people used that website incorrectly while being online.
No company or face behind them, so you can't really blame them like you can blame ledger and owners from French village.

While a cypherpunk myself; and a fan of fully trusted setups, generating seeds with own entropy and stuff like that, I think Andreas is speaking to the 99% of the crowd who probably aren't even on this forum and would 9 times out of 10 mess up a paper wallet.

Even people on this forum would mess up paper wallets, and I guess people could still ride a horse today if they want, but most of them still opted out for driving a car that is faster.
You could die in some accident using any of this options, but you have airbags and seatbelts in cars so it's more likely you would survive a car crash.
It's similar thing with paper wallets and ''faster'' hardware wallets, but I guess you still have to secure your PAPER/metal backup even for hardware wallets  

[ChiBitCTy]

Never talk in absolutes.
Should someone who does not know the risks of paper wallets use them? Probably not.
Should someone who knows how to make them secure, understands the risks & vulnerabilities and such use them if they want to? 100% yes.

People in general have gotten used to banks / brokerage houses / and so on keeping their money somewhat safe. Now that we have to take some responsibility to keep our funds safe there will always be "a better way to do it" but everyone will do what works for them, not what is "better" since what works for me might not work for you.

Also, keep in mind you still see how at times the failures of this. There are news items popping up about how people bought an old house and while renovating it found cash / gold / other expensive items in the walls. At times the home had passed thought several owners before it was found. Guess that secure method did not work out well for the person who did it.....

-Dave

The issue with that is many people advocate “it’s not a big deal keeping my coins on several exchanges, it makes things so easy for me”. That’s called being lazy and dumb. Coinbase is the biggest and most convenient exchange /storage.but..corrupt as all fuck. Most people store their money at Chase or Bank of America because it’s convenient for them. That’s also stupid and lazy. For one they are massively corrupt, and two you earn jack shit storing money with them, if not losing. The best option, regardless of convenience is storing money on an online bank such as Ally. They aren’t corrupt like the big banks and offer a .5% interest rate vs like .001% at Chase/Wells etc. As a financial advisor I hear the “it’s what’s convenient for me” all the time and it’s one of the biggest mistakes people make and it often costs them dearly ..so respectfully convenience shouldn’t be involved in anything financial if it’s not best. If a new best arrives, then make changes!

Cold storage is the only acceptable way to store any sizable amount of coins long term & convenience should play next to no role in this. We know this is best, whether hardware or paper. Hardware offers safety paper doesn’t and vice versa so convenience here is acceptable.

The problem wasn’t the storage of money in the house, it is once again laziness and ignorance. Had they made a proper trust/will ..this wouldn’t have happened.  

[Pmalek]

Never talk in absolutes.
Should someone who does not know the risks of paper wallets use them? Probably not.
Should someone who knows how to make them secure, understands the risks & vulnerabilities and such use them if they want to? 100% yes.

I agree. However, which group do you think is bigger? Those who know how to go about using paper wallets or those who could mess it up somehow? You might not even belong to either of those groups, but you just don't want to commit to the task of creating such solutions. 

As Andreas says at 0:43, in this video he is talking about a single key paper wallet, which is essentially a piece of paper containing a single private key and single address. I tend to agree with him here; such wallets are outdated...

Exactly! I have to quote myself here:

He is saying that it is not needed to keep track of individual private keys (on paper, steel or otherwise) and their addresses in today's age of recovery phrases. When Bitcoin was still in its beginning, it didn't have 12/24 word recovery phrases. Now it does and we use HD wallets. Why make backups of a single private key when you can take note of the recovery phrase and back up every private key that can be derived from it.