Paper wallet

From Organic Design wiki
Info.svg Disclaimer: Of course I am not responsible in any way for your crypto! This is a guide to help you make your own decisions and create your own safe storage method that you must take full responsibility for.


Storing Crypto-currency in a paper wallet is one of the simplest ways to hold your savings securely, but you should follow some important steps to be sure that you can truly be confident in its security. A paper wallet is a way of keeping your assets safe by having the only way to access them written on a piece of paper so that they're safe against hackers, theft or mechanical failure.

The procedure described here is a way of using the popular Exodus multi-asset wallet software as a secure paper wallet consisting of a single twelve word phrase which can secure a wide variety of different crypto-currencies. Since the twelve word phrase we create allows access to the savings within it, we want to be very certain that it has not been seen by any hackers or malware, so it should be created and written down while the computer is offline, and furthermore it should be created from within an operating system that has never been online before. To do this we'll be using a Linux operating system booted live from a USB stick.

What you'll need

  • One USB stick with the bootable live version of a security-focused Linux distro such as Tails or Kali on it.
  • Make sure that the file for the OS you're downloading is from the official site which is HTTPS and marked in green showing the official organisation name.
  • Make sure that you have verified that the checksum of the downloaded file is the same as that shown on the site.
  • Another USB stick with the latest Exodus for Linux on it (you can install via the deb package on Debian-like distros like Kali, but otherwise you'll need to use the zip). Note that you can create a bootable Linux with an additional partition for data so you don't need two sticks, but it's not easy.
  • Again verify that the file you've downloaded matches the proper hash shown on the site and that it is indeed the official Exodus site.
  • A pen and paper :-)

The procedure

Write down your 12 words
Check your words are correct
Create a list of receiving addresses
  • Disconnect your computer from the network and reboot into the live Linux OS on the USB stick.
  • Insert the other USB stick, then install and run Exodus (you should see a warning at the top saying it can't connect), and also open a text editor.
  • Click "Backup" in the left sidebar of Exodus, and enter a new password into Exodus - this can be anything because you won't need this to restore your paper wallet
  • Exodus will then prompt you to write down your twelve words, don't put these in the text editor, only on paper!
  • Exodus will then ask you some questions to ensure you've got the phrase right.
  • These words are your paper wallet, write a second copy and store them safely.
  • Now select "wallet" in the left sidebar, and go to all the asset types you care about, click "receive" on each one you're likely to use and copy/paste the addresses into the text editor you opened noting down what asset type each address is associated with. You may also like to save the QR-codes.
  • Optional: Open the developer menu (CTRL+SHIFT+D) and select "Export Safe Report Data". The Safe Report is a read-only backup that does not contain any private key information you can use to check on your savings safely in Exodus any time.
  • Save the text in the text editor, to a file on the USB stick, and if you made a Safe Report, copy that from the desktop to the USB stick as well.
  • Remove the bootable USB and reboot into your normal OS and reconnect the net.
  • That's it! You can now send assets to the addresses you noted down, you can check your balances using the safe report.

Accessing the assets

To check the balances of the coins in a safe read-only way you can run Exodus and import the safe-report zip file you exported, note that this will overwrite any existing data in Exodus. The safe report allows you to easily keep track of the balances of all the assets in your paper wallet, and even to obtain public addresses of other assets in the same wallet you may wish to send coins to that you didn't initially make a note of.

To spend the coins, you'll need to run Exodus and recover from the twelve word phrase. But note that you would have then compromised the security of your paper wallet, so once you do this, you'll need to go through the process again and create another paper wallet and then send the remaining funds to it.

For the more technical minded, you may be interested to know that it is possible to create and sign transactions offline and then publish the transaction online later, so it's possible to send money from your savings without compromising the security of the paper wallet. However this is not supported by Exodus, so you'd need to use a wallet dedicated to the particular asset type you want to spend. This is well beyond the scope of this simple article, but is something that more technical readers might like to read up on and experiment with. It's done by working manually with raw transactions, which in the case of bitcoin are described in the bitcoin wiki here, or in another good article about using them here.

Keeping your twelve words safe but also accessible

I've been talking about paper wallets with various people over the last year or so, and one thing comes up a lot which is that people are afraid of losing the paper with the twelve words on it, or not having access to it when they need it, but not wanting to keep it with them in case someone sees it. These are very valid concerns, and in fact in my view it's not even a good idea to have a piece of paper anywhere with the twelve words written down on it, because if anyone dishonest were to find a piece of paper with twelve words written on it, they would be very likely to know exactly what it is and take it.

A good solution to this problem is to think of a personal method of obfuscating your twelve words, and then having many copies stored at a number of physical locations in places where they're easy to find and won't get thrown out - such as with your other important paper work like property titles etc. This method works by everybody having their own unique method of obfuscating their information and not sharing that method with anyone, because if any single method were to become popular, it would be an extremely weak method to use.

Here's a couple of examples of the kind of method I mean - I don't use either of these methods I'm about to describe, and neither should you, they're just examples to give you an idea of what I mean. Be sure not to make your process too complicated or you may forget the details after a few years - and you want it to be simple enough that you don't need to write the process itself down as that's as insecure as just writing the twelve words down!

Example method 1: You could have a list of 24 numbers where every pair of numbers represents one of your twelve words in the following way. The first number is the page number from your favourite French-English dictionary that you carry with you everywhere, and the second number is the word entry to look at from the start of that page which is the next word for your twelve word sequence.

Example method 2: All the words are in official lists which are part of the BIP-39 protocol and will never change. This means that each word is also a number based on it's position in the list, so you could have your twelve words disguised in for example a fake bank statement where every entry of a certain kind (e.g. maybe supermarket expenses) represents a word in the list, for example a supermarket transaction costing $17.29 matches the word "submit" because it's the 1729th word in the English BIP-39 list.

Details about Hierarchical Deterministic (HD) wallets

The BIP-39 and BIP-32 are standard protocols that are used by many wallets such as Electrum, Coinomi, Atomic or Exodus so that all the addresses for all the assets they support (including all "change" addresses and even covering assets they don't yet support that may not even exist yet!) along with their private keys are generated from single seed phrase. Wallets that work in this way are called Hierarchical Deterministic Wallets, or just HD wallet for short.

A simplified explanation of how seed phrases work is that the wallet software has a list of words taken from a dictionary, with each word assigned to a number. The seed phrase can be converted to a number which is used as the seed integer to a deterministic wallet that generates all the key pairs used in the wallet. The English-language wordlist for the BIP39 standard has 2048 words, so if the phrase contained only 12 random words, the number of possible combinations would be 204812 which is 2132 meaning the phrase would have 132 bits of security. However, some of the data in a BIP-39 phrase is used for check-summing, so the actual security aspect of the seed phrase is only 128 bits. This is approximately the same strength as all Bitcoin private keys, so most experts consider it to be sufficiently secure.

The seed can generate any number of addresses for assets across most different types of cryptos. The seed phrase is the root of a potentially infinite tree of assets types and addresses for each asset. When a wallet imports the phrase, it scans this tree for all addresses. For each asset, each address starting with the first are checked for coins and added to the wallet, then the next address checked until an empty address is found. BIP-39 defines the way the phrase is made, and BIP-32 defines the way to make a tree of addresses from a single seed.

Coinomi have released an open source standalone BIP-39 seed generator that allows you to generate BIP-39 phrases and to see the addresses associated with the phrases. Just save the tool (by right-clicking the "raw" button and selecting "save link as") and the run it in you browser. Select the number of words (usually 12 for most wallets) and then you can select different coins and check their addresses from the bottom of the page. The image to the right shows the relevant fields in the Coinomi tool page that appear after you click the "generate button", first is the backup phrase, second is the number of words which is usually 12, third is the type of coin you want to see the addresses for, and last is the first address in the list. You can change the coin setting to get the addresses of different coins without the phrase changing. Alternatively you could enter an existing phrase to see more different addresses associated with it.

Eventually this means will mean that a single phrase can act as a backup for many different addresses and cryptos, and since many different wallets support the protocol, the same backup phrase can be imported into any of them. But currently wallets that support BIP-39 do not implement it exactly the same way, many use a different "path" so that the same seed leads to a different set of addresses in different wallets. Also some that use the same seed end up with different addresses for just some assets.

For example if you create a seed and look at the addresses in the BIP-39 tool and compare those same addresses to the ones in Exodus after importing the same seed, you can see that most of the Exodus receive addresses such as for Bitcoin, Litecoin and Dash all match the first address in the Coinomi tool list for the same coin. But if you look at the Ethereum address, you'll find it doesn't match, the Exodus receive address for Ethereum is no where to be found in the address list on the Coinomi tool.

This is the reason that in my procedure above, I have chosen a specific wallet (Exodus) and obtain the addresses from the wallet directly, not from the BIP-39 tool. However, if you used the tools addresses and restored your wallet and found that some assets were missing, you could still recover those assets by entering the 12 word phrase into the BIP-39 tool and getting the private key for that address, and then importing just that key into a wallet that supports that asset.

See also