London Daily

Focus on the big picture.
Saturday, Jul 19, 2025

BitcoinPaperWallet ‘Back Door’ Responsible for Millions in Missing Funds, Research Suggests

BitcoinPaperWallet ‘Back Door’ Responsible for Millions in Missing Funds, Research Suggests

It was just past midnight on Jan. 7, 2021, when “Nick Wendell” (a pseudonym) lost half a million dollars in bitcoin.

Bitcoin’s price was roaring toward $40,000, and Wendell was moving some of his bitcoin to a paper wallet generated by BitcoinPaperWallet.com. These wallets allow you to store your private key on a pdf that can then be printed out or saved as a computer file.

Within a minute of depositing 14.5 BTC, worth over $500,000 at the time (and now worth over $700,000), it was all gone. Someone had swept the funds from Wendell’s wallet and, after playing blockchain hopscotch across multiple addresses, sent them to the Binance exchange.

The situation set Wendell’s world spinning.

“Within one minute I realized what happened and it felt like I was falling but [wouldn’t] hit the ground for several minutes. I remember walking in circles around the kitchen as if I were dizzy,” Wendell told CoinDesk.

Wendell is one of at least half a dozen users who claim to have lost dizzying sums to the paper wallet. A quick Google search reveals posts on Reddit, Bitcointalk and elsewhere that tell several individual accounts of a multi-million dollar collective heist: Someone with access to the site appears to be filching user funds through a back door in the code that gives them access to private keys.

In fact, some users of the most popular bitcoin paper wallet generator on Google’s search ranking claim to have collectively lost millions of dollars worth of bitcoin over the past two years, CoinDesk has learned.

It’s poetic if tragic that something called a “paper wallet” is so fragile. While it might seem intuitively sensible to store your bitcoin offline on a slip of paper or a USB drive to protect it from hackers, doing so can be fraught with risk.

Before loss or degradation, a couple of risks associated with storing bitcoin this way, the primary concern is private key generation – in other words, how you are creating your private keys. If you’re using a third-party software to generate a paper wallet, you’re trusting that the generator creates the private key securely.

If the software isn’t honest, then your wallet is vulnerable at its core.

The BitcoinPaperWallet.com back door


According to security researchers, BitcoinPaperWallet.com sends a copy of every private key it generates on behalf of its users to the site’s servers. Whoever has access to the BitcoinPaperWallet’s back end can then access these keys and steal the funds associated with wallets generated on the site.

Colin and Bryan Aulds, two brothers who run the PrivacyPros blog, nearly purchased the website last year. But after they were tipped off to the series of heists during the negotiation process, they began investigating it for fraud and published their findings on their blog.

If you have the MetaMask or MyEtherWallet (MEW) extensions installed on your computer, the app will automatically redirect you to a page warning you that BitcoinPaperWallet.com unsafe. According to MetaMask, the site is registered on their “domain warning list” because “it has been explicitly identified as a malicious site.”

In May of last year, Ethereum wallet provider MyCrypto released a video and tweet thread warning about a “vulnerability” in BitcoinPaperWallet which creates “a back door that leaves you at risk of your funds being stolen.”

The Aulds brothers mention that the code for this particular exploit no longer exists in BitcoinPaperWallet’s build. But something new has replaced it and people are still losing money because “someone is actively changing [the back door] once the current exploit is published widely,” Bryan Aulds told CoinDesk.

CoinDesk spoke with some of the wallet’s victims. One, who asked to remain anonymous, had made incremental deposits into his wallet throughout August 2020. On the 21st of the month, his funds were gone, on their way to the Binance exchange.

“I mistook it for another legit website that I had used years ago. Basically, I googled ‘Bitcoin paper wallet’ and this scam comes up first,” they told CoinDesk.

Another victim interviewed by CoinDesk lost 50.1 BTC in December. The person deposited funds into a wallet generated by the website, went to get a COVID-19 test and came back to find an empty wallet address.

Still another, who also asked to remain anonymous, lost 1.8 BTC in May 2019. One user on Reddit reported losing BCH to the site as well.

Newsletter

Related Articles

0:00
0:00
Close
Brazil's Supreme Court Imposes Radical Restrictions on Former President Bolsonaro
Centrist Criticism of von der Leyen Resurfaces as she Survives EU Confidence Vote
Judge Criticizes DOJ Over Secrecy in Dropping Charges Against Gang Leader
Apple Closes $16.5 Billion Tax Dispute With Ireland
Von der Leyen Faces Setback Over €2 Trillion EU Budget Proposal
UK and Germany Collaborate on Global Military Equipment Sales
Trump Plans Over 10% Tariffs on African and Caribbean Nations
Flying Taxi CEO Reclaims Billionaire Status After Stock Surge
Epstein Files Deepen Republican Party Divide
Zuckerberg Faces $8 Billion Privacy Lawsuit From Meta Shareholders
FIFA Pressured to Rethink World Cup Calendar Due to Climate Change
SpaceX Nears $400 Billion Valuation With New Share Sale
Microsoft, US Lab to Use AI for Faster Nuclear Plant Licensing
Trump Walks Back Talk of Firing Fed Chair Jerome Powell
Zelensky Reshuffles Cabinet to Win Support at Home and in Washington
"Can You Hit Moscow?" Trump Asked Zelensky To Make Putin "Feel The Pain"
Irish Tech Worker Detained 100 days by US Authorities for Overstaying Visa
Dimon Warns on Fed Independence as Trump Administration Eyes Powell’s Succession
Church of England Removes 1991 Sexuality Guidelines from Clergy Selection
Superman Franchise Achieves Success with Latest Release
Hungary's Viktor Orban Rejects Agreements on Illegal Migration
Jeff Bezos Considers Purchasing Condé Nast as a Wedding Gift
Ghislaine Maxwell Says She’s Ready to Testify Before Congress on Epstein’s Criminal Empire
Bal des Pompiers: A Celebration of Community and Firefighter Culture in France
FBI Chief Kash Patel Denies Resignation Speculations Amid Epstein List Controversy
Air India Pilot’s Mental Health Records Under Scrutiny
Google Secures Windsurf AI Coding Team in $2.4 Billion Licence Deal
Jamie Dimon Warns Europe Is Losing Global Competitiveness and Flags Market Complacency
South African Police Minister Suspended Amid Organised Crime Allegations
Nvidia CEO Claims Chinese Military Reluctance to Use US AI Technology
Hong Kong Advances Digital Asset Strategy to Address Economic Challenges
Australia Rules Out Pre‑commitment of Troops, Reinforces Defence Posture Amid US‑China Tensions
Martha Wells Says Humanity Still Far from True Artificial Intelligence
Nvidia Becomes World’s First Four‑Trillion‑Dollar Company Amid AI Boom
U.S. Resumes Deportations to Third Countries After Supreme Court Ruling
Excavation Begins at Site of Mass Grave for Children at Former Irish Institution
Iranian President Reportedly Injured During Israeli Strike on Secret Facility
EU Delays Retaliatory Tariffs Amid New U.S. Threats on Imports
Trump Defends Attorney General Pam Bondi Amid Epstein Memo Backlash
Renault Shares Drop as CEO Luca de Meo Announces Departure Amid Reports of Move to Kering
Senior Aides for King Charles and Prince Harry Hold Secret Peace Summit
Anti‑Semitism ‘Normalised’ in Middle‑Class Britain, Says Commission Co‑Chair
King Charles Meets David Beckham at Chelsea Flower Show
If the Department is Really About Justice: Ghislaine Maxwell Should Be Freed Now
NYC Candidate Zohran Mamdani’s ‘Antifada’ Remarks Spark National Debate on Political Language and Economic Policy
President Trump Visits Flood-Ravaged Texas, Praises Community Strength and First Responders
From Mystery to Meltdown, Crisis Within the Trump Administration: Epstein Files Ignite A Deepening Rift at the Highest Levels of Government Reveals Chaos, Leaks, and Growing MAGA Backlash
Trump Slams Putin Over War Death Toll, Teases Major Russia Announcement
Reparations argument crushed
Rainmaker CEO Says Cloud Seeding Paused Before Deadly Texas Floods
×