London Daily

Focus on the big picture.
Friday, Aug 08, 2025

BitcoinPaperWallet ‘Back Door’ Responsible for Millions in Missing Funds, Research Suggests

BitcoinPaperWallet ‘Back Door’ Responsible for Millions in Missing Funds, Research Suggests

It was just past midnight on Jan. 7, 2021, when “Nick Wendell” (a pseudonym) lost half a million dollars in bitcoin.

Bitcoin’s price was roaring toward $40,000, and Wendell was moving some of his bitcoin to a paper wallet generated by BitcoinPaperWallet.com. These wallets allow you to store your private key on a pdf that can then be printed out or saved as a computer file.

Within a minute of depositing 14.5 BTC, worth over $500,000 at the time (and now worth over $700,000), it was all gone. Someone had swept the funds from Wendell’s wallet and, after playing blockchain hopscotch across multiple addresses, sent them to the Binance exchange.

The situation set Wendell’s world spinning.

“Within one minute I realized what happened and it felt like I was falling but [wouldn’t] hit the ground for several minutes. I remember walking in circles around the kitchen as if I were dizzy,” Wendell told CoinDesk.

Wendell is one of at least half a dozen users who claim to have lost dizzying sums to the paper wallet. A quick Google search reveals posts on Reddit, Bitcointalk and elsewhere that tell several individual accounts of a multi-million dollar collective heist: Someone with access to the site appears to be filching user funds through a back door in the code that gives them access to private keys.

In fact, some users of the most popular bitcoin paper wallet generator on Google’s search ranking claim to have collectively lost millions of dollars worth of bitcoin over the past two years, CoinDesk has learned.

It’s poetic if tragic that something called a “paper wallet” is so fragile. While it might seem intuitively sensible to store your bitcoin offline on a slip of paper or a USB drive to protect it from hackers, doing so can be fraught with risk.

Before loss or degradation, a couple of risks associated with storing bitcoin this way, the primary concern is private key generation – in other words, how you are creating your private keys. If you’re using a third-party software to generate a paper wallet, you’re trusting that the generator creates the private key securely.

If the software isn’t honest, then your wallet is vulnerable at its core.

The BitcoinPaperWallet.com back door


According to security researchers, BitcoinPaperWallet.com sends a copy of every private key it generates on behalf of its users to the site’s servers. Whoever has access to the BitcoinPaperWallet’s back end can then access these keys and steal the funds associated with wallets generated on the site.

Colin and Bryan Aulds, two brothers who run the PrivacyPros blog, nearly purchased the website last year. But after they were tipped off to the series of heists during the negotiation process, they began investigating it for fraud and published their findings on their blog.

If you have the MetaMask or MyEtherWallet (MEW) extensions installed on your computer, the app will automatically redirect you to a page warning you that BitcoinPaperWallet.com unsafe. According to MetaMask, the site is registered on their “domain warning list” because “it has been explicitly identified as a malicious site.”

In May of last year, Ethereum wallet provider MyCrypto released a video and tweet thread warning about a “vulnerability” in BitcoinPaperWallet which creates “a back door that leaves you at risk of your funds being stolen.”

The Aulds brothers mention that the code for this particular exploit no longer exists in BitcoinPaperWallet’s build. But something new has replaced it and people are still losing money because “someone is actively changing [the back door] once the current exploit is published widely,” Bryan Aulds told CoinDesk.

CoinDesk spoke with some of the wallet’s victims. One, who asked to remain anonymous, had made incremental deposits into his wallet throughout August 2020. On the 21st of the month, his funds were gone, on their way to the Binance exchange.

“I mistook it for another legit website that I had used years ago. Basically, I googled ‘Bitcoin paper wallet’ and this scam comes up first,” they told CoinDesk.

Another victim interviewed by CoinDesk lost 50.1 BTC in December. The person deposited funds into a wallet generated by the website, went to get a COVID-19 test and came back to find an empty wallet address.

Still another, who also asked to remain anonymous, lost 1.8 BTC in May 2019. One user on Reddit reported losing BCH to the site as well.

Newsletter

Related Articles

0:00
0:00
Close
British Labour Government Utilizes Counter-Terrorism Tools for Social Media Monitoring Against Legitimate Critics
OpenAI Launches GPT‑5, Its Most Advanced AI Model Yet
Embarrassment in Britain: Homelessness Minister Evicted Tenants and Forced to Resign
President Trump nominated Stephen Miran, his top economic adviser and a critic of the Federal Reserve, to temporarily fill an open Fed seat
The AI-Powered Education Revolution: Market Potential and Transformative Impact
Chikungunya Virus Outbreak in Southern China: Over 7,000 Hospitalized
French wine makers have seen catastrophic damage to vines that were almost ready to be harvested after the worst fires in more than 70 years burned through the south of the country
US Lawmaker Probes Intel CEO’s China Ties Amid National Security Concerns
Brazilian President Lula says he’ll contact the leaders of BRICS states to propose a unified response to U.S. tariffs
Trump Open to Meeting Putin as Soon as Next Week, with Possible Trilateral Summit Including Zelenskiy
Katy Perry and Justin Trudeau spark dating rumors, joining high stakes world of celeb-politician romances
US envoy Steve Witkoff arrived in Moscow to seek a breakthrough in the Ukraine war ahead of President Trump’s peace deadline
WhatsApp Deletes 6.8 Million Scam Accounts Amid Rising Global Fraud
Nine people have been hospitalized and dozens of salmonella cases have been reported after an outbreak of infections linked to certain brands of pistachios and pistachio-containing products, according to the Public Health Agency of Canada
Karol Nawrocki Inaugurated as Poland’s President, Setting Stage for Clash with Tusk Government
Trump Signals JD Vance as ‘Most Likely’ MAGA Successor for 2028
US Charges Two Chinese Nationals for Illegal Nvidia AI Chip Exports
Texas Residents Face Water Restrictions While AI Data Centers Consume Millions of Gallons
U.S. Tariff Policy Triggers Market Volatility Amid Growing Global Trade Tensions
Tariffs, AI, and the Shifting U.S. Macro Landscape: Navigating a New Economic Regime
Representative Greene Urges H-1B Visa Cuts Amid U.S.-India Trade Tensions
U.S. House Committee Subpoenas Clintons and Senior Officials in Epstein Investigation
Sydney Sweeney Registered as Republican as Controversial American Eagle Ad Sparks Debate
Trump Accuses Major Banks of Politically Motivated Account Denials and Prepares Executive Order
TikTok Removes Huda Kattan Video Over Anti-Israel Conspiracy Claims
Trump Threatens Tariffs on India Over Russian Oil Imports
German Finance Minister Criticizes Trump’s Attacks on Institutions
U.S. Proposes Visa Bond of Up to $15,000 for Some Applicants
U.S. Farmers Increase Lobbying Amid Immigration Crackdown
Elon Musk Receives $23.7 Billion Tesla Stock Award
Texas House Paralyzed After Democrats Walk Out Over Redistricting
Mexican Cartels Complicate Sheinbaum’s U.S. Security Talks
Mark Zuckerberg Declares War on the iPhone
India Rejects U.S. Tariff Threat, Defends Russian Oil Purchases
United States Establishes Strategic Bitcoin Reserve and Digital Asset Stockpile
Thousands of Private ChatGPT Conversations Accidentally Indexed by Google
China Tightens Mineral Controls, Curtailing Critical Inputs for Western Defence Contractors
OpenAI’s Bold Bet: Teaching AI to Think, Not Just Chat
Tesla Seeks Shareholder Approval for $29 Billion Compensation Package for Elon Musk
Nvidia is cutting prices on its RTX 50-series graphics cards after sales slowed and inventories piled up
Ghislaine Maxwell Transferred to Minimum-Security Prison Amid Ongoing DOJ Discussions
U.S. Tariffs Surge to Highest Levels in Nearly a Century Under Second Trump Term
Matt Taibbi Slams Media for Role in Russiagate Narrative
Pilots Call for Mental Health Support Without Stigma
All Five Trapped Miners Found Dead After El Teniente Mine Collapse
Ong Beng Seng Pleads Guilty in Corruption Case Linked to Former Singapore Transport Minister
BP’s Largest Oil and Gas Find in 25 Years Uncovered Offshore Brazil
Italy Fines Shein One Million Euros for Misleading Sustainability Claims
JPMorgan and Coinbase Unveil Partnership to Let Chase Cardholders Buy Crypto Directly
Declassified Annex Links Soros‑Affiliated Officials and Clinton Campaign to ‘Russiagate’ Narrative
×