London Daily

Focus on the big picture.
Monday, Jul 07, 2025

BitcoinPaperWallet ‘Back Door’ Responsible for Millions in Missing Funds, Research Suggests

BitcoinPaperWallet ‘Back Door’ Responsible for Millions in Missing Funds, Research Suggests

It was just past midnight on Jan. 7, 2021, when “Nick Wendell” (a pseudonym) lost half a million dollars in bitcoin.

Bitcoin’s price was roaring toward $40,000, and Wendell was moving some of his bitcoin to a paper wallet generated by BitcoinPaperWallet.com. These wallets allow you to store your private key on a pdf that can then be printed out or saved as a computer file.

Within a minute of depositing 14.5 BTC, worth over $500,000 at the time (and now worth over $700,000), it was all gone. Someone had swept the funds from Wendell’s wallet and, after playing blockchain hopscotch across multiple addresses, sent them to the Binance exchange.

The situation set Wendell’s world spinning.

“Within one minute I realized what happened and it felt like I was falling but [wouldn’t] hit the ground for several minutes. I remember walking in circles around the kitchen as if I were dizzy,” Wendell told CoinDesk.

Wendell is one of at least half a dozen users who claim to have lost dizzying sums to the paper wallet. A quick Google search reveals posts on Reddit, Bitcointalk and elsewhere that tell several individual accounts of a multi-million dollar collective heist: Someone with access to the site appears to be filching user funds through a back door in the code that gives them access to private keys.

In fact, some users of the most popular bitcoin paper wallet generator on Google’s search ranking claim to have collectively lost millions of dollars worth of bitcoin over the past two years, CoinDesk has learned.

It’s poetic if tragic that something called a “paper wallet” is so fragile. While it might seem intuitively sensible to store your bitcoin offline on a slip of paper or a USB drive to protect it from hackers, doing so can be fraught with risk.

Before loss or degradation, a couple of risks associated with storing bitcoin this way, the primary concern is private key generation – in other words, how you are creating your private keys. If you’re using a third-party software to generate a paper wallet, you’re trusting that the generator creates the private key securely.

If the software isn’t honest, then your wallet is vulnerable at its core.

The BitcoinPaperWallet.com back door


According to security researchers, BitcoinPaperWallet.com sends a copy of every private key it generates on behalf of its users to the site’s servers. Whoever has access to the BitcoinPaperWallet’s back end can then access these keys and steal the funds associated with wallets generated on the site.

Colin and Bryan Aulds, two brothers who run the PrivacyPros blog, nearly purchased the website last year. But after they were tipped off to the series of heists during the negotiation process, they began investigating it for fraud and published their findings on their blog.

If you have the MetaMask or MyEtherWallet (MEW) extensions installed on your computer, the app will automatically redirect you to a page warning you that BitcoinPaperWallet.com unsafe. According to MetaMask, the site is registered on their “domain warning list” because “it has been explicitly identified as a malicious site.”

In May of last year, Ethereum wallet provider MyCrypto released a video and tweet thread warning about a “vulnerability” in BitcoinPaperWallet which creates “a back door that leaves you at risk of your funds being stolen.”

The Aulds brothers mention that the code for this particular exploit no longer exists in BitcoinPaperWallet’s build. But something new has replaced it and people are still losing money because “someone is actively changing [the back door] once the current exploit is published widely,” Bryan Aulds told CoinDesk.

CoinDesk spoke with some of the wallet’s victims. One, who asked to remain anonymous, had made incremental deposits into his wallet throughout August 2020. On the 21st of the month, his funds were gone, on their way to the Binance exchange.

“I mistook it for another legit website that I had used years ago. Basically, I googled ‘Bitcoin paper wallet’ and this scam comes up first,” they told CoinDesk.

Another victim interviewed by CoinDesk lost 50.1 BTC in December. The person deposited funds into a wallet generated by the website, went to get a COVID-19 test and came back to find an empty wallet address.

Still another, who also asked to remain anonymous, lost 1.8 BTC in May 2019. One user on Reddit reported losing BCH to the site as well.

Newsletter

Related Articles

0:00
0:00
Close
U.S. Enacts Sweeping Tax and Spending Legislation Amid Trade Policy Shifts
Football Mourns as Diogo Jota and Brother André Silva Laid to Rest in Portugal
Elon Musk Founds a Party Following a Poll on X: "You Wanted It – You Got It!"
London Stock Exchange Faces Historic Low in Initial Public Offerings
A new online platform has emerged in the United Kingdom, specifically targeting Muslim men seeking virgin brides
Trump Celebrates Independence Day with B-2 Flyover and Signs Controversial Legislation
Boris Johnson Urges Conservatives to Ignore Farage
SNP Ordered to Update Single-Sex Space Guidance Within Days
Starmer Set to Reject Calls for Wealth Taxes
Stolen Century-Old Rolls-Royce Recovered After Hotel Theft
Macron Presses Starmer to Recognise Palestinian State
Labour Delayed Palestine Action Ban Over Riot Concerns
Swinney’s Tax Comments ‘Offensive to Scots’, Say Tories
High Street Retailers to Enforce Bans on Serial Shoplifters
Music Banned by Henry VIII to Be Performed After 500 Years
Steve Coogan Says Working Class Is Being ‘Ethnically Cleansed’
Home Office Admits Uncertainty Over Visa Overstayer Numbers
JD Vance Questions Mandelson Over Reform Party’s Rising Popularity
Macron to Receive Windsor Carriage Ride in Royal Gesture
Labour Accused of ‘Hammering’ Scots During First Year in Power
BBC Head of Music Stood Down Amid Bob Vylan Controversy
Corbyn Eyes Hard-Left Challenge to Starmer’s Leadership
London Tube Trains Suspended After Major Fire Erupts Nearby
Richard Kemp: I Felt Safer in Israel Under Attack Than in the UK
Cyclist Says Police Cited Human Rights Act for Riding No-Handed
China’s Central Bank Consults European Peers on Low-Rate Strategies
AI Raises Alarms Over Long-Term Job Security
Saudi Arabia Maintains Ties with Iran Despite Israel Conflict
Musk Battles to Protect Tesla Amid Trump Policy Threats
Air France-KLM Acquires Majority Stake in Scandinavian Airlines
UK Educators Sound Alarm on Declining Child Literacy
Shein Fined €40 Million in France Over Misleading Discounts
Brazil’s Lula Visits Kirchner During Argentina House Arrest
Trump Scores Legislative Win as House Passes Tax Reform Bill
Keir Starmer Faces Criticism After Rocky First Year in Power
DJI Launches Heavy-Duty Coaxial Quadcopter with 80 kg Lift Capacity
U.S. Senate Approves Major Legislation Dubbed the 'Big Beautiful Bill'
Largest Healthcare Fraud Takedown in U.S. History Announced by DOJ
Poland Implements Border Checks Amid Growing Migration Tensions
Political Dispute Escalates Between Trump and Musk
Emirates Airline Expands Market Share with New $20 Million Campaign
Amazon Reaches Milestone with Deployment of One Millionth Robot
US Senate Votes to Remove AI Regulation Moratorium from Domestic Policy Bill
Yulia Putintseva Calls for Spectator Ejection at Wimbledon Over Safety Concerns
Jury Deliberations in Diddy Trial Yield Partial Verdict in Serious Criminal Charges
House Oversight Committee Subpoenas Former Jill Biden Aide Amid Investigation into Alleged Concealment of President Biden's Cognitive Health
King Charles Plans Significant Role for Prince Harry in Coronation
Two Chinese Nationals Arrested for Espionage Activities Against U.S. Navy
Amazon Reaches Major Automation Milestone with Over One Million Robots
Extreme Heat Wave Sweeps Across Europe, Hitting Record Temperatures
×