What did I do wrong that caused me to lose bitcoin?












3















I've been accumulating bitcoin into a paper wallet for a couple weeks. It's all been stolen. I'm trying to figure out what I did wrong:
https://www.blockchain.com/btc/address/193jdrxMKoUjWLyKm2UCGNXLGGvK1x3FDV



I've been very careful with this wallet. I purchased bitcoin on Bisq. Over time I was sending them to a paper wallet that I generated on bitcoinpaperwallet .com. I printed this paper wallet on a piece of paper hidden inside my house. I never saved the private key anywhere on my computer.



As I transferred funds into the wallet, I would verify they arrived by checking blockchain .com. They always did.



A week ago I transferred a lot more bitcoin to this same paper wallet. Today I checked and the wallet was completely drained, hours after the last transfer and soon after I verified they arrived (using blockchain .com). The bitcoins seem to have been instantly transferred to a bunch of wallets downstream and scrambled.



I'm completely baffled as to what I've done wrong. I searched my computer to make sure I didn't accidentally save the private key somewhere, it's nowhere to be found. But I knew that I didn't do this. I was very careful when generating the paper wallet. The only place the private key is on this piece of paper.



No one in my house knows anything about bitcoin, and anyway, this paper has been kept concealed.



What did I do wrong? Any clues?



P.S. Since I know someone will ask, the reason I didn't use a hardware wallet is that I was going to save this paper wallet on multiple encrypted USB sticks. I don't trust the hardware wallets to be secure and recoverable ~10 years from now when those companies may be gone and their software may be outdated.










share|improve this question


















  • 1





    Can you elaborate on how you generated the paper wallet? Did you do so in a web browser? Did you save the .html file and then run it while offline? Did the computer that generated the keys ever go online again later? What sort of printer did you use, is it connected to your network? Your answers to these questions may provide clues. Sorry you were robbed :(

    – chytrik
    Mar 4 at 0:42











  • I use Chrome as my daily browse so I bitcoinpaperwallet .com in Safari and printed out a few copies of the wallet on my printer. It is a network printer but it's just on my local wifi. I did leave Safari open on my Mac for a few days with the paper wallet still open in the tab, but minimized it in the background. I'm 99% certain no one saw it on my screen as Chrome is always in the foreground and my computer locks after a few minutes of inactivity. I didn't save the HTML file, my only guess is somehow leaving this open something scrapped it? But browser tabs are pretty well isolated processes.

    – sucks1717171
    Mar 4 at 6:23













  • I just read about CookieMiner and now I'm wondering if I possibly have malware on my computer. I'm very careful about things like this. However, I just tried one malware scanner just now and it found nothing. I'm not sure if CookieMiner is being picked up by current malware scanners.

    – sucks1717171
    Mar 4 at 6:40
















3















I've been accumulating bitcoin into a paper wallet for a couple weeks. It's all been stolen. I'm trying to figure out what I did wrong:
https://www.blockchain.com/btc/address/193jdrxMKoUjWLyKm2UCGNXLGGvK1x3FDV



I've been very careful with this wallet. I purchased bitcoin on Bisq. Over time I was sending them to a paper wallet that I generated on bitcoinpaperwallet .com. I printed this paper wallet on a piece of paper hidden inside my house. I never saved the private key anywhere on my computer.



As I transferred funds into the wallet, I would verify they arrived by checking blockchain .com. They always did.



A week ago I transferred a lot more bitcoin to this same paper wallet. Today I checked and the wallet was completely drained, hours after the last transfer and soon after I verified they arrived (using blockchain .com). The bitcoins seem to have been instantly transferred to a bunch of wallets downstream and scrambled.



I'm completely baffled as to what I've done wrong. I searched my computer to make sure I didn't accidentally save the private key somewhere, it's nowhere to be found. But I knew that I didn't do this. I was very careful when generating the paper wallet. The only place the private key is on this piece of paper.



No one in my house knows anything about bitcoin, and anyway, this paper has been kept concealed.



What did I do wrong? Any clues?



P.S. Since I know someone will ask, the reason I didn't use a hardware wallet is that I was going to save this paper wallet on multiple encrypted USB sticks. I don't trust the hardware wallets to be secure and recoverable ~10 years from now when those companies may be gone and their software may be outdated.










share|improve this question


















  • 1





    Can you elaborate on how you generated the paper wallet? Did you do so in a web browser? Did you save the .html file and then run it while offline? Did the computer that generated the keys ever go online again later? What sort of printer did you use, is it connected to your network? Your answers to these questions may provide clues. Sorry you were robbed :(

    – chytrik
    Mar 4 at 0:42











  • I use Chrome as my daily browse so I bitcoinpaperwallet .com in Safari and printed out a few copies of the wallet on my printer. It is a network printer but it's just on my local wifi. I did leave Safari open on my Mac for a few days with the paper wallet still open in the tab, but minimized it in the background. I'm 99% certain no one saw it on my screen as Chrome is always in the foreground and my computer locks after a few minutes of inactivity. I didn't save the HTML file, my only guess is somehow leaving this open something scrapped it? But browser tabs are pretty well isolated processes.

    – sucks1717171
    Mar 4 at 6:23













  • I just read about CookieMiner and now I'm wondering if I possibly have malware on my computer. I'm very careful about things like this. However, I just tried one malware scanner just now and it found nothing. I'm not sure if CookieMiner is being picked up by current malware scanners.

    – sucks1717171
    Mar 4 at 6:40














3












3








3


1






I've been accumulating bitcoin into a paper wallet for a couple weeks. It's all been stolen. I'm trying to figure out what I did wrong:
https://www.blockchain.com/btc/address/193jdrxMKoUjWLyKm2UCGNXLGGvK1x3FDV



I've been very careful with this wallet. I purchased bitcoin on Bisq. Over time I was sending them to a paper wallet that I generated on bitcoinpaperwallet .com. I printed this paper wallet on a piece of paper hidden inside my house. I never saved the private key anywhere on my computer.



As I transferred funds into the wallet, I would verify they arrived by checking blockchain .com. They always did.



A week ago I transferred a lot more bitcoin to this same paper wallet. Today I checked and the wallet was completely drained, hours after the last transfer and soon after I verified they arrived (using blockchain .com). The bitcoins seem to have been instantly transferred to a bunch of wallets downstream and scrambled.



I'm completely baffled as to what I've done wrong. I searched my computer to make sure I didn't accidentally save the private key somewhere, it's nowhere to be found. But I knew that I didn't do this. I was very careful when generating the paper wallet. The only place the private key is on this piece of paper.



No one in my house knows anything about bitcoin, and anyway, this paper has been kept concealed.



What did I do wrong? Any clues?



P.S. Since I know someone will ask, the reason I didn't use a hardware wallet is that I was going to save this paper wallet on multiple encrypted USB sticks. I don't trust the hardware wallets to be secure and recoverable ~10 years from now when those companies may be gone and their software may be outdated.










share|improve this question














I've been accumulating bitcoin into a paper wallet for a couple weeks. It's all been stolen. I'm trying to figure out what I did wrong:
https://www.blockchain.com/btc/address/193jdrxMKoUjWLyKm2UCGNXLGGvK1x3FDV



I've been very careful with this wallet. I purchased bitcoin on Bisq. Over time I was sending them to a paper wallet that I generated on bitcoinpaperwallet .com. I printed this paper wallet on a piece of paper hidden inside my house. I never saved the private key anywhere on my computer.



As I transferred funds into the wallet, I would verify they arrived by checking blockchain .com. They always did.



A week ago I transferred a lot more bitcoin to this same paper wallet. Today I checked and the wallet was completely drained, hours after the last transfer and soon after I verified they arrived (using blockchain .com). The bitcoins seem to have been instantly transferred to a bunch of wallets downstream and scrambled.



I'm completely baffled as to what I've done wrong. I searched my computer to make sure I didn't accidentally save the private key somewhere, it's nowhere to be found. But I knew that I didn't do this. I was very careful when generating the paper wallet. The only place the private key is on this piece of paper.



No one in my house knows anything about bitcoin, and anyway, this paper has been kept concealed.



What did I do wrong? Any clues?



P.S. Since I know someone will ask, the reason I didn't use a hardware wallet is that I was going to save this paper wallet on multiple encrypted USB sticks. I don't trust the hardware wallets to be secure and recoverable ~10 years from now when those companies may be gone and their software may be outdated.







paper-wallet wallet-security






share|improve this question













share|improve this question











share|improve this question




share|improve this question










asked Mar 3 at 20:05









sucks1717171sucks1717171

162




162








  • 1





    Can you elaborate on how you generated the paper wallet? Did you do so in a web browser? Did you save the .html file and then run it while offline? Did the computer that generated the keys ever go online again later? What sort of printer did you use, is it connected to your network? Your answers to these questions may provide clues. Sorry you were robbed :(

    – chytrik
    Mar 4 at 0:42











  • I use Chrome as my daily browse so I bitcoinpaperwallet .com in Safari and printed out a few copies of the wallet on my printer. It is a network printer but it's just on my local wifi. I did leave Safari open on my Mac for a few days with the paper wallet still open in the tab, but minimized it in the background. I'm 99% certain no one saw it on my screen as Chrome is always in the foreground and my computer locks after a few minutes of inactivity. I didn't save the HTML file, my only guess is somehow leaving this open something scrapped it? But browser tabs are pretty well isolated processes.

    – sucks1717171
    Mar 4 at 6:23













  • I just read about CookieMiner and now I'm wondering if I possibly have malware on my computer. I'm very careful about things like this. However, I just tried one malware scanner just now and it found nothing. I'm not sure if CookieMiner is being picked up by current malware scanners.

    – sucks1717171
    Mar 4 at 6:40














  • 1





    Can you elaborate on how you generated the paper wallet? Did you do so in a web browser? Did you save the .html file and then run it while offline? Did the computer that generated the keys ever go online again later? What sort of printer did you use, is it connected to your network? Your answers to these questions may provide clues. Sorry you were robbed :(

    – chytrik
    Mar 4 at 0:42











  • I use Chrome as my daily browse so I bitcoinpaperwallet .com in Safari and printed out a few copies of the wallet on my printer. It is a network printer but it's just on my local wifi. I did leave Safari open on my Mac for a few days with the paper wallet still open in the tab, but minimized it in the background. I'm 99% certain no one saw it on my screen as Chrome is always in the foreground and my computer locks after a few minutes of inactivity. I didn't save the HTML file, my only guess is somehow leaving this open something scrapped it? But browser tabs are pretty well isolated processes.

    – sucks1717171
    Mar 4 at 6:23













  • I just read about CookieMiner and now I'm wondering if I possibly have malware on my computer. I'm very careful about things like this. However, I just tried one malware scanner just now and it found nothing. I'm not sure if CookieMiner is being picked up by current malware scanners.

    – sucks1717171
    Mar 4 at 6:40








1




1





Can you elaborate on how you generated the paper wallet? Did you do so in a web browser? Did you save the .html file and then run it while offline? Did the computer that generated the keys ever go online again later? What sort of printer did you use, is it connected to your network? Your answers to these questions may provide clues. Sorry you were robbed :(

– chytrik
Mar 4 at 0:42





Can you elaborate on how you generated the paper wallet? Did you do so in a web browser? Did you save the .html file and then run it while offline? Did the computer that generated the keys ever go online again later? What sort of printer did you use, is it connected to your network? Your answers to these questions may provide clues. Sorry you were robbed :(

– chytrik
Mar 4 at 0:42













I use Chrome as my daily browse so I bitcoinpaperwallet .com in Safari and printed out a few copies of the wallet on my printer. It is a network printer but it's just on my local wifi. I did leave Safari open on my Mac for a few days with the paper wallet still open in the tab, but minimized it in the background. I'm 99% certain no one saw it on my screen as Chrome is always in the foreground and my computer locks after a few minutes of inactivity. I didn't save the HTML file, my only guess is somehow leaving this open something scrapped it? But browser tabs are pretty well isolated processes.

– sucks1717171
Mar 4 at 6:23







I use Chrome as my daily browse so I bitcoinpaperwallet .com in Safari and printed out a few copies of the wallet on my printer. It is a network printer but it's just on my local wifi. I did leave Safari open on my Mac for a few days with the paper wallet still open in the tab, but minimized it in the background. I'm 99% certain no one saw it on my screen as Chrome is always in the foreground and my computer locks after a few minutes of inactivity. I didn't save the HTML file, my only guess is somehow leaving this open something scrapped it? But browser tabs are pretty well isolated processes.

– sucks1717171
Mar 4 at 6:23















I just read about CookieMiner and now I'm wondering if I possibly have malware on my computer. I'm very careful about things like this. However, I just tried one malware scanner just now and it found nothing. I'm not sure if CookieMiner is being picked up by current malware scanners.

– sucks1717171
Mar 4 at 6:40





I just read about CookieMiner and now I'm wondering if I possibly have malware on my computer. I'm very careful about things like this. However, I just tried one malware scanner just now and it found nothing. I'm not sure if CookieMiner is being picked up by current malware scanners.

– sucks1717171
Mar 4 at 6:40










1 Answer
1






active

oldest

votes


















2














1) If you generate your paper wallet on your computer, you have to fully trust your computer



2) If you use a website for generating your paper wallet, a) you need to trust that website (hopefully its local javascript) b) your browser and its random number generator and c) eventually your network provider(s) (depending on the transport layer security)



3) If you generate your paper wallet on your computer and it was compromised, the generated paper wallet was accessible at least during the time of your generation.



My recommendation



1. Never ever use a online paperwallet generator



2. Hardware wallets are eventually not super secure, but they offer great security, maybe use them instead of a paperwallet



3. The BIP39 24 word seed can be restored even if the vendor of your HWW disappears



Conclusion:



Use an old offline computer with Bitcoin Core or any other semi-trusted software to generate your private keys or seeds, keep it offline all the time!



Or... use multiple hardware wallets from different vendors in a multisig setup if you want maximal security (but comes with minimal user experience)






share|improve this answer
























  • I said "old" computer because we can assume that older computer have less risks of included hardware based backdoors (like the intel management engine, etc.)

    – Jonas Schnelli
    Mar 3 at 22:21






  • 1





    Another possible attack vector is the printer, especially if it is a network printer.

    – Nate Eldredge
    Mar 3 at 23:19











  • Also your printer may store a lot of info in it's memory. Including the private key :(

    – Josh
    Mar 6 at 5:58











Your Answer








StackExchange.ready(function() {
var channelOptions = {
tags: "".split(" "),
id: "308"
};
initTagRenderer("".split(" "), "".split(" "), channelOptions);

StackExchange.using("externalEditor", function() {
// Have to fire editor after snippets, if snippets enabled
if (StackExchange.settings.snippets.snippetsEnabled) {
StackExchange.using("snippets", function() {
createEditor();
});
}
else {
createEditor();
}
});

function createEditor() {
StackExchange.prepareEditor({
heartbeatType: 'answer',
autoActivateHeartbeat: false,
convertImagesToLinks: false,
noModals: true,
showLowRepImageUploadWarning: true,
reputationToPostImages: null,
bindNavPrevention: true,
postfix: "",
imageUploader: {
brandingHtml: "Powered by u003ca class="icon-imgur-white" href="https://imgur.com/"u003eu003c/au003e",
contentPolicyHtml: "User contributions licensed under u003ca href="https://creativecommons.org/licenses/by-sa/3.0/"u003ecc by-sa 3.0 with attribution requiredu003c/au003e u003ca href="https://stackoverflow.com/legal/content-policy"u003e(content policy)u003c/au003e",
allowUrls: true
},
noCode: true, onDemand: true,
discardSelector: ".discard-answer"
,immediatelyShowMarkdownHelp:true
});


}
});














draft saved

draft discarded


















StackExchange.ready(
function () {
StackExchange.openid.initPostLogin('.new-post-login', 'https%3a%2f%2fbitcoin.stackexchange.com%2fquestions%2f85038%2fwhat-did-i-do-wrong-that-caused-me-to-lose-bitcoin%23new-answer', 'question_page');
}
);

Post as a guest















Required, but never shown

























1 Answer
1






active

oldest

votes








1 Answer
1






active

oldest

votes









active

oldest

votes






active

oldest

votes









2














1) If you generate your paper wallet on your computer, you have to fully trust your computer



2) If you use a website for generating your paper wallet, a) you need to trust that website (hopefully its local javascript) b) your browser and its random number generator and c) eventually your network provider(s) (depending on the transport layer security)



3) If you generate your paper wallet on your computer and it was compromised, the generated paper wallet was accessible at least during the time of your generation.



My recommendation



1. Never ever use a online paperwallet generator



2. Hardware wallets are eventually not super secure, but they offer great security, maybe use them instead of a paperwallet



3. The BIP39 24 word seed can be restored even if the vendor of your HWW disappears



Conclusion:



Use an old offline computer with Bitcoin Core or any other semi-trusted software to generate your private keys or seeds, keep it offline all the time!



Or... use multiple hardware wallets from different vendors in a multisig setup if you want maximal security (but comes with minimal user experience)






share|improve this answer
























  • I said "old" computer because we can assume that older computer have less risks of included hardware based backdoors (like the intel management engine, etc.)

    – Jonas Schnelli
    Mar 3 at 22:21






  • 1





    Another possible attack vector is the printer, especially if it is a network printer.

    – Nate Eldredge
    Mar 3 at 23:19











  • Also your printer may store a lot of info in it's memory. Including the private key :(

    – Josh
    Mar 6 at 5:58
















2














1) If you generate your paper wallet on your computer, you have to fully trust your computer



2) If you use a website for generating your paper wallet, a) you need to trust that website (hopefully its local javascript) b) your browser and its random number generator and c) eventually your network provider(s) (depending on the transport layer security)



3) If you generate your paper wallet on your computer and it was compromised, the generated paper wallet was accessible at least during the time of your generation.



My recommendation



1. Never ever use a online paperwallet generator



2. Hardware wallets are eventually not super secure, but they offer great security, maybe use them instead of a paperwallet



3. The BIP39 24 word seed can be restored even if the vendor of your HWW disappears



Conclusion:



Use an old offline computer with Bitcoin Core or any other semi-trusted software to generate your private keys or seeds, keep it offline all the time!



Or... use multiple hardware wallets from different vendors in a multisig setup if you want maximal security (but comes with minimal user experience)






share|improve this answer
























  • I said "old" computer because we can assume that older computer have less risks of included hardware based backdoors (like the intel management engine, etc.)

    – Jonas Schnelli
    Mar 3 at 22:21






  • 1





    Another possible attack vector is the printer, especially if it is a network printer.

    – Nate Eldredge
    Mar 3 at 23:19











  • Also your printer may store a lot of info in it's memory. Including the private key :(

    – Josh
    Mar 6 at 5:58














2












2








2







1) If you generate your paper wallet on your computer, you have to fully trust your computer



2) If you use a website for generating your paper wallet, a) you need to trust that website (hopefully its local javascript) b) your browser and its random number generator and c) eventually your network provider(s) (depending on the transport layer security)



3) If you generate your paper wallet on your computer and it was compromised, the generated paper wallet was accessible at least during the time of your generation.



My recommendation



1. Never ever use a online paperwallet generator



2. Hardware wallets are eventually not super secure, but they offer great security, maybe use them instead of a paperwallet



3. The BIP39 24 word seed can be restored even if the vendor of your HWW disappears



Conclusion:



Use an old offline computer with Bitcoin Core or any other semi-trusted software to generate your private keys or seeds, keep it offline all the time!



Or... use multiple hardware wallets from different vendors in a multisig setup if you want maximal security (but comes with minimal user experience)






share|improve this answer













1) If you generate your paper wallet on your computer, you have to fully trust your computer



2) If you use a website for generating your paper wallet, a) you need to trust that website (hopefully its local javascript) b) your browser and its random number generator and c) eventually your network provider(s) (depending on the transport layer security)



3) If you generate your paper wallet on your computer and it was compromised, the generated paper wallet was accessible at least during the time of your generation.



My recommendation



1. Never ever use a online paperwallet generator



2. Hardware wallets are eventually not super secure, but they offer great security, maybe use them instead of a paperwallet



3. The BIP39 24 word seed can be restored even if the vendor of your HWW disappears



Conclusion:



Use an old offline computer with Bitcoin Core or any other semi-trusted software to generate your private keys or seeds, keep it offline all the time!



Or... use multiple hardware wallets from different vendors in a multisig setup if you want maximal security (but comes with minimal user experience)







share|improve this answer












share|improve this answer



share|improve this answer










answered Mar 3 at 22:19









Jonas SchnelliJonas Schnelli

5,1851026




5,1851026













  • I said "old" computer because we can assume that older computer have less risks of included hardware based backdoors (like the intel management engine, etc.)

    – Jonas Schnelli
    Mar 3 at 22:21






  • 1





    Another possible attack vector is the printer, especially if it is a network printer.

    – Nate Eldredge
    Mar 3 at 23:19











  • Also your printer may store a lot of info in it's memory. Including the private key :(

    – Josh
    Mar 6 at 5:58



















  • I said "old" computer because we can assume that older computer have less risks of included hardware based backdoors (like the intel management engine, etc.)

    – Jonas Schnelli
    Mar 3 at 22:21






  • 1





    Another possible attack vector is the printer, especially if it is a network printer.

    – Nate Eldredge
    Mar 3 at 23:19











  • Also your printer may store a lot of info in it's memory. Including the private key :(

    – Josh
    Mar 6 at 5:58

















I said "old" computer because we can assume that older computer have less risks of included hardware based backdoors (like the intel management engine, etc.)

– Jonas Schnelli
Mar 3 at 22:21





I said "old" computer because we can assume that older computer have less risks of included hardware based backdoors (like the intel management engine, etc.)

– Jonas Schnelli
Mar 3 at 22:21




1




1





Another possible attack vector is the printer, especially if it is a network printer.

– Nate Eldredge
Mar 3 at 23:19





Another possible attack vector is the printer, especially if it is a network printer.

– Nate Eldredge
Mar 3 at 23:19













Also your printer may store a lot of info in it's memory. Including the private key :(

– Josh
Mar 6 at 5:58





Also your printer may store a lot of info in it's memory. Including the private key :(

– Josh
Mar 6 at 5:58


















draft saved

draft discarded




















































Thanks for contributing an answer to Bitcoin Stack Exchange!


  • Please be sure to answer the question. Provide details and share your research!

But avoid



  • Asking for help, clarification, or responding to other answers.

  • Making statements based on opinion; back them up with references or personal experience.


To learn more, see our tips on writing great answers.




draft saved


draft discarded














StackExchange.ready(
function () {
StackExchange.openid.initPostLogin('.new-post-login', 'https%3a%2f%2fbitcoin.stackexchange.com%2fquestions%2f85038%2fwhat-did-i-do-wrong-that-caused-me-to-lose-bitcoin%23new-answer', 'question_page');
}
);

Post as a guest















Required, but never shown





















































Required, but never shown














Required, but never shown












Required, but never shown







Required, but never shown

































Required, but never shown














Required, but never shown












Required, but never shown







Required, but never shown







Popular posts from this blog

How to change which sound is reproduced for terminal bell?

Can I use Tabulator js library in my java Spring + Thymeleaf project?

Title Spacing in Bjornstrup Chapter, Removing Chapter Number From Contents