Hacked Bitcoin Paper Wallet

Bitcoin Paper Wallets are a way of storing your Bitcoins in an offline wallet. They are useful for storing Bitcoins for a long period of time in a bank vault, or just handing them out offline.

Earlier, I uploaded the picture below to Reddit. (Click here for the post)

stacks

 

I was just showing off a few of the paper wallets I made over at BitAddress.orgĀ (Always take the necessary precautions when generating paper wallets!). There was a few comments, such as:

Mind pushing it over a bit? šŸ˜‰

And another that really caught my attention:

They use level H error correction.

Reading up on that, I found that these QR codes have different redundancy levels. That means, for the cost of the size, you can add extra error checking into the QR code. For the QR codes used in these paper wallets, its of the highest level, H. With H level errorĀ checkingĀ  up to 30% of the QR code can be lost and it can still be recovered.

See the half sticking out private key QR code in the top right? I made a comment saying that if anybody can get the key and drain the balance and show how they did it, they will get an extra 0.20 BTC. Just seconds later, it was done.

CqYD1bT

Reddit user stormsbrewingĀ used photoshop to extract, and straighten up the part of the image that was shown. He re-added the corner squares which are used for positioning and identifying. He was able to scan the code successfully and extract the private key. Not only did he get the 0.10 BTC from the paper, I held up my promise and tipped him an extra 0.20. A small “loss” to realize this, but well worth it. I guess if you arn’t careful with your paper wallets, even they are hackable.

Comments

  • Yes! Key to QR is that they degrade nicely. You can significantly muss them up and they’ll still decode. A bonus if/when your paper wallet gets a little wet and the ink smudges…

    Shameless plug: https://bitcoinpaperwallet.com

    This is my design for a paper wallet which uses a folding design with a variety of anti-tampering and tamper-evident measures to prevent people from sneaking a peek at your private key.

    CantonMay 5, 2013
    • I’ve actually been following your design since you released a concept video on it. I came across the full complete site for it yesterday, and I actually plan on making a whole stack with your design when I get time. Ill post pictures up of them when complete!

      BrandonMay 5, 2013
  • Encrypt your private keys with BIP38!

    JamesMay 5, 2013
    • Just looked that up, seems interesting! Thanks for letting me know!

      BrandonMay 5, 2013
  • May 5, 2013

    […] by Beyondem [link] [11 […]

  • I’ve always loved that QR codes have error correction that allows them to be extremely flexible. But I think common sense dictates that a QR code for a private key should be kept secure and completely covered from viewing.

    RobMay 23, 2013

Leave a Reply