Bitcoin Paper Wallets Or Hardware Wallets: Which Is Safer?

There is an urban myth that bitcoin paper wallets are the safest way to store your bitcoin long term. They are promoted as the better choice than a hardware wallet like Trezor or Ledger. That myth is just plain wrong and it is time it was debunked and laid to rest.

What Exactly Is A Bitcoin Paper Wallet?

A paper wallet usually refers to a printed piece of paper containing a bitcoin address and private key generated by a site like bitaddress.org:

Bitcoin Paper Wallets

What Is A Bitcoin Hardware Wallet?

A bitcoin hardware wallet is a micro-controller or smart card based device that stores the private keys of bitcoin addresses generated by an HD (deterministic) bitcoin wallet. Here is an example of the Trezor hardware wallet:

Trezor Bitcoin Hardware Wallet

In an deterministic bitcoin wallet all the private keys and addresses you will ever use are derived from a seed phrase. The seed is usually twelve or twenty four words. Examples of HD wallets would be Multibit HD, Electrum or the browser based wallets used by Trezor or Ledger.

The bitcoin hardware wallet keeps the private keys for your bitcoin stored offline safe from theft. When you need to spend bitcoin the hardware wallet connects by USB and signs transactions you generate in the online or desktop bitcoin wallet.

Consider when you are using an HD bitcoin wallet the seed phrase is your bitcoin. The hardware device used to sign and send transactions is incidental. All the bitcoin addresses and keys you will ever use in the wallet are derived from the seed.

You can lose your hardware wallet with no risk to your bitcoin savings. Just buy another and recover from seed. You can also use your seed in a compatible desktop wallet if you like. As long as your seed is safe you will never lose your bitcoin or have them stolen from you by malware.

So What Is Wrong With Paper Wallets?

Bitcoin paper wallets if used properly by someone who understands their limitations are fine, if limited in scope and security. Problems occur when new bitcoin users do not take the time to really learn how their paper wallets work and lose bitcoin.

Storing bitcoin in paper wallets is safe enough but spending funds is much less so due to the use of change addresses.

There are many examples of paper wallet users who spent a portion of the bitcoin in their wallet and did not realize that the balance was sent to a change address different from the sending address.

The most common mistake people have made in the past is to import a paper wallet with say 50 bitcoin into a wallet like blockchain.info, spend one or two bitcoin, and then assume that the paper wallet still holds 48 bitcoin.

They did not create a new paper wallet for the change, assuming the change was sent back to the original address, and lost their bitcoin. Here is another fellow who lost 90 bitcoin from a paper wallet.

When you need to use bitcoin in a paper wallet all the bitcoin should be swept into a wallet like Electrum or blockchain.info from where you can then spend bitcoin. Never try to spend directly from your paper wallet, and after emptying your paper wallet and making your purchases create a new paper wallet for storage.

Paper wallets are promoted as a safe and secure way to store bitcoin for beginners. In actual practice they should be reserved for bitcoin veterans who fully understand change addresses and the difference between sweeping and importing private keys.

Also remember that bitcoin stealing malware is common today. When you are creating a paper wallet, any malware on your computer can read the private keys. If you print out the paper wallet the attack surface is increased as your private key will be sent out over your network unencrypted.

Even if you use an encrypted paper wallet you are still in danger from keyloggers. A hardware wallet is immune to these attacks.

Beginners who want to protect their bitcoin from theft would be much better served by using a hardware wallet like Trezor.

What About Piper Wallet?

Piper Wallet is a $199 device for generating and printing paper wallets:

Piper Wallet

Paper wallets printed by Piper have the same disadvantages as ones you print for free from bitaddress.org.

Even if you use a Piper to print out your paper wallet at some point you will have to sweep the private keys into an online wallet to spend your bitcoin. At that time your private keys can be stolen by malware. Also consider you can buy a hardware wallet for half the cost of a Piper Wallet.

Urban Myth Disproved: Hardware Wallets Really Are Safer Than Bitcoin Paper Wallets.

I think I have shown the dangers inherent in bitcoin paper wallets. Even bitcoin veterans who understand how change addresses work could still have their private keys stolen by malware.

New users to bitcoin who want to keep their bitcoin safe from theft will be better served by ignoring paper wallets and buying one of the affordable hardware wallets like Trezor or Ledger.

I prefer Trezor over the alternatives. The online user manual is better than the competition and the device itself is compact, easy to carry and affordable at $99. While learning how to use bitcoin do yourself a favor and forget about paper wallets. Start off safe and use a hardware wallet like Ledger or Trezor to store your bitcoin.

  • BitcoinIsLiberty

    If you need bitcoins to get your hardware wallet and you already have a paper wallet then Copay is a safe way to import it. Create a 2 of 2 shared wallet between your home computer and your phone and the wallet will be pretty safe. Just make sure to actually write down the 12 words on each device on paper. That’s the backup.

  • cantonbecker

    As the guy behind https://bitcoinpaperwallet.com I obviously have a bias here 🙂

    The article is correct in saying that paper wallets are rotten (and dangerous) for trying to spend funds, i.e. using as a true “wallet”.

    However, I think this article makes too general a conclusion. In my opinion, paper wallets are still an excellent choice for (1) long-term storage, and (2) offering gifts to introduce people to Bitcoin.

    For long-term savings of Bitcoin (5, 10, more years) I’d trust a password-protected paper wallet over a device because:

    1. I don’t like the idea of backing up a device by having a non-password protected seed phrase written down on paper. If someone finds the seed phrase you wrote down to backup your device, you’re in big trouble. On the other hand, if someone sneaks a peek at your password-protected paper wallet, they can’t do anything with it.

    2. Your device might not work with any of your computers in the future. Myself, I have a drawer full of devices and storage media that are no longer compatible with modern computers. ADB, SCSI, Data-DAT, Zip drives, gold-plated burnable CDs that decayed after 20 years instead of the promised 100… In fact, this weekend I spent 10 hours trying to build a virtual PC to run old software that required a USB dongle that’s no longer functioning in my modern OS.

    • Thanks for your comments. I like that you take care to inform readers of the dangers inherent in using a bitcoin paper wallet.

      1) Certainly the seed of a hardware wallet needs to be protected very well. For most users storing in a safe deposit box would be adequate. You could always store the seed on a cheap air gapped laptop running Ubuntu with full disk encryption. A USB drive loaded with TAILS is another option.

      2) It is unlikely that bitcoin wallet technology would change such that the seed of your hardware wallet could no longer be imported and restored. Developers take pains to ensure backwards compatibility of new releases. A paradigm shift in bitcoin would likely affect paper wallets as well. I would worry more about bitcoin failing and becoming worthless.

    • Aero

      For the case that you specify – i agree but disagree in general as you have expressed a narrow and specific case that isn’t the norm. its irrational and a straw man argument to compare using paper wallets with passwords, and trezor’s without passwords. compare like for like to be fair.

      your argument to say you don’t like the idea of backing up a device by having a non-password protected seed is correct. No one does like doing that, and thats why you shouldn’t, and your suggestion is as invalid as using a paper wallet without password. thats why trezor users already use passphrase protected seeds – a recommendation in the Trezor manual. you can even use more than one password to access different accounts from the same seed (say a business and personal one, or an ‘under duress’ one with a low value sacrificial wallet, etc).

      Now, when comparing a Trezor, with 24-word seed (with passphrase!) versus a paper wallet (with passphrase). i would definitely choose the trezor (or ledger or keepkey or any other hardware wallet) over any paper wallet, as you not only have safety of long term storage, but also have the ability to spend funds whenever you want.

      Paper wallets are for storage only, not for ‘use as a wallet’, but even for storage-only requirements, there are many potential attack surfaces to make them unsafe to use for new users. for instance…

      of course your site isn’t hacked, and you’re honest, but there are probably dishonest paper wallet generators out there that might have been crippled or have predictable rng seeds or blatant scraping of the private keys generated etc, so how is a new user expected to know which paper wallet generator they’re using is an honest one and which one isn’t?

      the whole idea of paper wallets requires a lot of trust in a web site that a new user will have gone to without any knowledge nor ability in how to find an honest and trusted one, and no knowledge or skill required to determine if its been hacked or compromised, and few new users will have the ability to ‘compile from sources’ let alone ‘run it offline’ on a new computer etc. the sheer number of vulnerabilities present for a ‘new user’ is too great to trust any paper wallets unless you know what you’re doing. and even then, its a compromised model so why bother.

      then there’s other attack surfaces like is your printer storing your paper wallet printouts for later recovery by someone else? or is your network being snooped so that when you print someone can remotely capture/copying your wallet print files. or perhaps, whether the new users have done something stupid like snapped a copy of their paper wallet with their camera or made a backup of it online. new users without experience do random strange things, and the paper wallet system is unforgiving for new users that might make mistakes, and will then risk losing their cash.

      in short, i think the security of using a hardware wallet where your private keys are completely safe and there is no way they will be shared (because even you don’t have access to them) is far more secure, both for a new user who has no experience, AND a bitcoin expert. i no longer recommend paper wallets to my friends and have stopped using them entirely.

      your suggested use, as a gift for friends (for low amounts).. is about the only use i can think of that might still be a sensible risk/reward proposition. for any high value bitcoin storage or use, there’s no good argument to keep using paper wallets now that hardware wallets exist. And some are really inexpensive (ledger series). and some are enabled for additional functionality like password generators (trezor, ledger nano s), and ethereum wallets too (like ledger nano s)

  • Jamie

    I have used paper wallets for a couple of years and use Mycelium to spend from them and I’ve never lost any of the funds to an alternate change address.