London Daily

Focus on the big picture.
Thursday, Sep 18, 2025

BitcoinPaperWallet ‘Back Door’ Responsible for Millions in Missing Funds, Research Suggests

BitcoinPaperWallet ‘Back Door’ Responsible for Millions in Missing Funds, Research Suggests

It was just past midnight on Jan. 7, 2021, when “Nick Wendell” (a pseudonym) lost half a million dollars in bitcoin.

Bitcoin’s price was roaring toward $40,000, and Wendell was moving some of his bitcoin to a paper wallet generated by BitcoinPaperWallet.com. These wallets allow you to store your private key on a pdf that can then be printed out or saved as a computer file.

Within a minute of depositing 14.5 BTC, worth over $500,000 at the time (and now worth over $700,000), it was all gone. Someone had swept the funds from Wendell’s wallet and, after playing blockchain hopscotch across multiple addresses, sent them to the Binance exchange.

The situation set Wendell’s world spinning.

“Within one minute I realized what happened and it felt like I was falling but [wouldn’t] hit the ground for several minutes. I remember walking in circles around the kitchen as if I were dizzy,” Wendell told CoinDesk.

Wendell is one of at least half a dozen users who claim to have lost dizzying sums to the paper wallet. A quick Google search reveals posts on Reddit, Bitcointalk and elsewhere that tell several individual accounts of a multi-million dollar collective heist: Someone with access to the site appears to be filching user funds through a back door in the code that gives them access to private keys.

In fact, some users of the most popular bitcoin paper wallet generator on Google’s search ranking claim to have collectively lost millions of dollars worth of bitcoin over the past two years, CoinDesk has learned.

It’s poetic if tragic that something called a “paper wallet” is so fragile. While it might seem intuitively sensible to store your bitcoin offline on a slip of paper or a USB drive to protect it from hackers, doing so can be fraught with risk.

Before loss or degradation, a couple of risks associated with storing bitcoin this way, the primary concern is private key generation – in other words, how you are creating your private keys. If you’re using a third-party software to generate a paper wallet, you’re trusting that the generator creates the private key securely.

If the software isn’t honest, then your wallet is vulnerable at its core.

The BitcoinPaperWallet.com back door


According to security researchers, BitcoinPaperWallet.com sends a copy of every private key it generates on behalf of its users to the site’s servers. Whoever has access to the BitcoinPaperWallet’s back end can then access these keys and steal the funds associated with wallets generated on the site.

Colin and Bryan Aulds, two brothers who run the PrivacyPros blog, nearly purchased the website last year. But after they were tipped off to the series of heists during the negotiation process, they began investigating it for fraud and published their findings on their blog.

If you have the MetaMask or MyEtherWallet (MEW) extensions installed on your computer, the app will automatically redirect you to a page warning you that BitcoinPaperWallet.com unsafe. According to MetaMask, the site is registered on their “domain warning list” because “it has been explicitly identified as a malicious site.”

In May of last year, Ethereum wallet provider MyCrypto released a video and tweet thread warning about a “vulnerability” in BitcoinPaperWallet which creates “a back door that leaves you at risk of your funds being stolen.”

The Aulds brothers mention that the code for this particular exploit no longer exists in BitcoinPaperWallet’s build. But something new has replaced it and people are still losing money because “someone is actively changing [the back door] once the current exploit is published widely,” Bryan Aulds told CoinDesk.

CoinDesk spoke with some of the wallet’s victims. One, who asked to remain anonymous, had made incremental deposits into his wallet throughout August 2020. On the 21st of the month, his funds were gone, on their way to the Binance exchange.

“I mistook it for another legit website that I had used years ago. Basically, I googled ‘Bitcoin paper wallet’ and this scam comes up first,” they told CoinDesk.

Another victim interviewed by CoinDesk lost 50.1 BTC in December. The person deposited funds into a wallet generated by the website, went to get a COVID-19 test and came back to find an empty wallet address.

Still another, who also asked to remain anonymous, lost 1.8 BTC in May 2019. One user on Reddit reported losing BCH to the site as well.

Newsletter

Related Articles

0:00
0:00
Close
US Tech Giants Pledge Billions to UK AI Infrastructure Following Starmer's Call
Saudi Arabia cracks down on music ‘lounges’ after conservative backlash
DeepMind and OpenAI Achieve Gold at ‘Coding Olympics’ in AI Milestone
SEC Allows Public Companies to Block Investors from Class-Action Lawsuits
Saudi Arabia Signs ‘Strategic Mutual Defence’ Pact with Pakistan, Marking First Arab State to Gain Indirect Access to Nuclear Strike Capabilities in the Region
Federal Reserve Cuts Rates by Quarter Point and Signals More to Come
Effective and Impressive Generation Z Protest: Images from the Riots in Nepal
European manufacturers against ban on polluting cars: "The industry may collapse"
Sam Altman sells the 'Wedding Estate' in Hawaii for 49 million dollars
Trump: Cancel quarterly company reports and settle for reporting once every six months
Turkish car manufacturer Togg Enters German Market with 5-Star Electric Sedan and SUV to Challenge European EV Brands
US Launches New Pilot Program to Accelerate eVTOL Air Taxi Deployment
Christian Brueckner Released from German Prison after Serving Unrelated Sentence
World’s Longest Direct Flight China Eastern to Launch 29-Hour Shanghai–Buenos Aires Direct Flight via Auckland in December
New OpenAI Study Finds Majority of ChatGPT Use Is Personal, Not Professional
Hong Kong Industry Group Calls for HK$20 Billion Support Fund to Ease Property Market Stress
Joe Biden’s Post-Presidency Speaking Fees Face Weak Demand amid Corporate Reluctance
Charlie Kirk's murder will break the left's hateful cancel tactics
Kash Patel erupts at ‘buffoon’ Sen. Adam Schiff over Russiagate: ‘You are the biggest fraud’
Homeland Security says Emmy speech ‘fanning the flames of hatred’ after Einbinder’s ‘F— ICE’ remark
Charlie Kirk’s Alleged Assassin Tyler Robinson Faces Death Penalty as Charges Formally Announced
Actor, director, environmentalist Robert Redford dies at 89
The conservative right spreads westward: a huge achievement for 'Alternative for Germany' in local elections
JD Vance Says There Is “No Unity” with Those Who Celebrate Charlie Kirk’s Killing, and he is right!
Trump sues the 'New York Times' for an astronomical sum of 15 billion dollars
Florida Hospital Welcomes Its Largest-Ever Baby: Annan, Nearly Fourteen Pounds at Birth
U.S. and Britain Poised to Finalize Over $10 Billion in High-Tech, Nuclear and Defense Deals During Trump State Visit
China Finds Nvidia Violated Antitrust Laws in Mellanox Deal, Deepens Trade Tensions with US
US Air Force Begins Modifications on Qatar-Donated Jet Amid Plans to Use It as Air Force One
Pope Leo Warns of Societal Crisis Over Mega-CEO Pay, Citing Tesla’s Proposed Trillion-Dollar Package
Poland Green-Lights NATO Deployment in Response to Major Russian Drone Incursion
Elon Musk Retakes Lead as World’s Richest After Brief Ellison Surge
U.S. and China Agree on Framework to Shift TikTok to American Ownership
London Daily Podcast: London Massive Pro Democracy Rally, Musk Support, UK Economic Data and Premier League Results Mark Eventful Weekend
This Week in AI: Meta’s Superintelligence Push, xAI’s Ten Billion-Dollar Raise, Genesis AI’s Robotics Ambitions, Microsoft Restructuring, Amazon’s Million-Robot Milestone, and Google’s AlphaGenome Update
Le Pen Tightens the Pressure on Macron as France Edges Toward Political Breakdown
Musk calls for new UK government at huge pro-democracy rally in London, but Britons have been brainwashed to obey instead of fighting for their human rights
Elon Musk responds to post calling for the murder of Erika Kirk, widow of Charlie Kirk: 'Either we fight back or they will kill us'
Czech Republic signs €1.34 billion contract for Leopard 2A8 main battle tanks with delivery from 2028
USA: Office Depot Employees Refused to Print Poster in Memory of Charlie Kirk – and Were Fired
Proposed U.S. Bill Would Allow Civil Suits Against Judges Who Release Repeat Violent Offenders
Penske Media Sues Google Over “AI Overviews,” Claiming It Uses Journalism Without Consent and Destroys Traffic
Indian Student Engineers Propose “Project REBIRTH” to Protect Aircraft from Crashes Using AI, Airbags and Smart Materials
French Debt Downgrade Piles Pressure on Macron’s New Prime Minister
US and UK Near Tech, Nuclear and Whisky Deals Ahead of Trump Trip
One in Three Europeans Now Uses TikTok, According to the Chinese Tech Giant
Could AI Nursing Robots Help Healthcare Staffing Shortages?
NATO Deploys ‘Eastern Sentry’ After Russian Drones Violate Polish Airspace
Anesthesiologist Left Operation Mid-Surgery to Have Sex with Nurse
Tens of Thousands of Young Chinese Get Up Every Morning and Go to Work Where They Do Nothing
×