While we generally say we are worried about hacks and data theft, there is often little we can do, as our data is stored by third parties on remote servers, outside our reach. In many cases, a hack of our accounts could reveal information we’d rather keep private, but control can be swiftly restored and data, when stolen, does not go missing—there are now merely more copies of it.
Not so with Bitcoin. When your Bitcoin wallet is hacked, you lose your cryptocurrency. A Bitcoin transaction is irreversible, and unlike a photo it cannot be copied. To prevent hacks and theft and to secure your Bitcoin, you may create a Bitcoin paper wallet.
[Know your crypto news. Sign up for the ExpressVPN Blog Newsletter.]
What is a Bitcoin paper wallet?
A paper wallet is a piece of paper that contains your Bitcoin private keys. Typically this key comes in the form of 12 to 24 words, called a seed phrase. A near-infinite number of addresses can be generated from this private key. There are no other copies of this private key stored on an electronic device. The public keys, however, usually are stored electronically, so that you can safely generate new Bitcoin addresses and observe your balance and transactions from a computer or smartphone.
Why use a Bitcoin paper wallet
Paper can’t be hacked. With a paper wallet you are almost 100% safe from attacks over the internet, and you won’t have to worry about your computer catching a virus, your hardware wallet breaking, or your phone being accessed by somebody else.
How to create a Bitcoin paper wallet
There are many ways to generate a Bitcoin paper wallet. For maximum security, we will generate the paper wallet on your computer in a way that even if your computer were to currently host malware, your paper wallet will be safe.
We will make use of the free operating system TAILS. To install it, you do not need to make any changes to your computer. We can instead install TAILS directly onto a USB stick. To get TAILS, follow the instructions on their website.
To launch TAILS, we will insert the TAILS USB stick we made into our computer, then restart the computer and boot from USB. How to enter the boot menu differs from device to device and typically requires you to press a button shortly after you turn on your computer while the manufacturer icon flashes on the screen.
TAILS runs from the USB stick without accessing your computer’s hard drive. That means that any malware potentially running on your computer will not be able to access your Bitcoin wallet. We will also not connect the computer to the internet to avoid loading any nefarious code.
You can keep the USB stick for later when you want to access your paperwallet, or you can format it and generate a new one at any time.
Launch Electrum and create a wallet
You can find Electrum in the list of applications. Launch it, read the warnings carefully and create a new wallet. We will not enable persistence or save this wallet anywhere on a computer. Everything we do now will be deleted when we shut down the computer.
During this process, make sure there are no cameras pointing at your screen or paper!
Write down the seed phrase
As we create the wallet, Electrum will generate 12 words. We recommend that you write these words down with a pen on paper, rather than print it out. You’ll also want to choose a paper and pen pairing that does not easily fade or become hard to read, even when exposed to heat or water. There are lots of tricks for advanced users, such as engraving the words on leather or steel to make it more permanent.
Export the public key
In Electrum, under Wallet > Information we can find the Master Public Key, which begins with xpub or zpub. We will need to save this key somehow. One option is to save it on a separate USB stick, another is to generate a QR code of it (e.g., with the QR code function of the pre-installed office app in TAILS).
Store the paperwallet securely
It’s important that you find a good place for your paperwallet. It should only be accessible to you, safe from fire or water damage, and protected from being accidentally discarded or lost, for example during a move. A safe is a good place, or at least where you keep other important documents, such as diplomas.
Import the public key into Electrum, BTCPay, or other Bitcoin wallet
We will use the public key obtained in Step 5 to create a watch only wallet, which allows us to see our transactions, generate new Bitcoin addresses, and observe our balance. We can do that by installing Electrum on our regular computer, then creating a new standard wallet and choosing use a master key at setup.
Fill your wallet with Bitcoin
We can now send Bitcoin to our paperwallet, using the addresses we can see in our watch only wallet. For peace of mind we may also try to first send a small amount of Bitcoin to that wallet, then redeeming it instantly, to verify that our paperwallet is set up correctly.
How to spend Bitcoin in your paperwallet
While saving is a good thing, we can’t hold on to our Bitcoin forever. When the time comes, we will be able to redeem our Bitcoin from our paperwallet with the following steps.
Create a transaction with the watch only wallet
Using our regular computer and the watch only wallet we have created there, we will generate a transaction, meaning we will go to the send tab and enter the amount and destination address as well as specify the fee. We can then select Pay, then Advanced, and then export our unsigned transaction either as a QR code or file.
Get and launch TAILS
Similar to when we created our paperwallet, we will launch the operating system TAILS again from our USB. Again, we will not connect this computer to the internet or install any additional software.
Launch Electrum and enter your seed phrase
This time as we launch Electrum, we will select that we want to recover an existing wallet from our seed phrase. Here we will enter the words written on our paperwallet.
Import and sign the pre-created transaction
Depending on the computer we are using we might be able to import the transaction using the QR code, or import the file we obtained in Step 1 through another USB stick into Electrum. We should be able to immediately see the details of the transaction, such as the destination address and amount. We can now sign this transaction with our private keys.
Export the signed transaction
Once the transaction is signed, we will need to export it again to a computer with an internet connection. We can use the same method that we did in Step 1, a QR code, or a file via USB.
Broadcast the transaction
Finally, we will go back to our regular computer with the watch only wallet and import the signed transaction. There is the option to broadcast it, which will publish the transaction to the Bitcoin network. You can see your new transaction in the watch only wallet as well.
What can go wrong with a Bitcoin paper wallet?
Your paper wallet is safe from even advanced attacks from hackers, but anybody with physical access to the paper will be able to take your Bitcoin. This means your paper wallet is not safe from robbers or roommates unless you specifically take these threats into account.
Your paperwallet is also not safe from fire or water damage, and can be seized by law enforcement together with your physical possessions.
Read more: The comprehensive Bitcoin glossary