But what I really understood after the fork was that many users don’t know how to use paper wallets properly.
For the uninitiated, paper wallets are simply Bitcoin private keys printed on a piece of paper. It can have the Bitcoin public address also printed on it, but not necessarily. Paper wallets are an effective way of storing Bitcoin private keys offline.
When basilpuglisi published this article about a fork of Bitcoin named as Bitcoin Gold, and also this guide to claim Bitcoin Gold, many users were confused as to whether they should sweep their private keys or import their private keys of paper wallet to claim their BTG. That is why I thought it is an important topic from the security point of view to explain what it means to sweep or import your private keys from a paper wallet.
Since this is regarding the security of your funds, I want to tell you a thumb rule if you are using paper wallets which is Always Sweep Your Paper Wallet’s Private Keys.
Further on, I am going to tell you why you should sweep that and I will also elaborate on what sweeping and importing your private keys basically means.
So without further delay let’s get started.
What Is Private Key Import?
When a user imports their private keys from a paper wallet to a software wallet like Mycelium or Coinomi, it means the user is putting that private key in their existing collection of keys. This results in a scenario in which your coins are visible and accessible from both source and destination wallet i.e. the wallet from which the keys were exported from and the wallet to which the keys are imported.
In this case, your funds can be sent from any of the wallets so basically, it is replica or copy of your original paper wallet.
Some of you would say what’s the harm in this scenario as it is a good thing that now you can spend from any of the wallets, but there are some risks that you need to understand.
Risk Of Importing Private Keys
Risks that you need to know if you are importing your private keys in a software wallet.
- If you lose your paper wallet effectively anyone can spend your funds even if you have imported your private keys because the paper wallet’s private key is still valid and by importing you have just kept a copy of it on your software.
- Also, a vice-versa scenario is possible where an attacker who has access to your mobile can somehow spend your Bitcoin funds that are stored in your cold stored paper wallet.
- Another scenario though risky is very interesting.
Imagine you are a merchant and you have received some bitcoins as a gift from one of your customer, for example me and knows how to use Bitcoin paper wallets very well.
I am evil so I encourage you to import this wallet’s keys in a software wallet and also tell you to start accepting Bitcoin payments on it. And because I have evil intentions, I keep a copy of the private keys of the paper wallet that I have given you as a gift. And now whenever you receive a decent amount of payment on this imported paper wallet, I will be able to withdraw and steal your hard earned money because I have the keys too.
And the merchant will be clueless as to why his funds are missing because he doesn’t understand the security harms of importing a key.
So you saw how importing can lead to this scenario but instead, if the merchant had swept his keys then the customer would not have tricked him. (I will explain sweeping of keys in the next section of this article)
But it doesn’t mean that import is a bad feature and should not be used. It should be used if you are very well aware of its security implication and can take care of it.
When To Import Private Keys?
As a must follow practice you should only import those private keys that are only known to you and nobody else will ever know.
Also, if someone else has given you the paper wallet then you should definitely not import those keys. Instead, you should sweep those keys or paper wallet.
What Is Private Key Sweep?
Thought sweep and import may look like same but a private key sweep is fundamentally different from the import of private keys. How? Read on.
When you sweep your paper wallet or private keys into a software wallet, you are basically creating a new transaction to a new public address which empties your source wallet i.e. paper wallet.
In short, you bitcoins after a sweep will be sent to a new public address of your software wallet which will now have a new private key that is stored in an encrypted form on your device.
And as it is like making a transaction on the blockchain to an address that you only control so an applicable miner’s fee or transaction fee will be deducted from your whole balance and rest amount you will receive in your new wallet.
Also unlike in case of import, after a sweep, your funds will be accessible and visible only from this software wallet in which you have swept your paper wallet.
When Should You Sweep?
So now the million dollar question when should you sweep your private keys? So if your answer to all the below questions is YES, you should sweep your paper wallet.
- When someone will ever have access to your paper wallet’s private keys.
- When you are sure that you are careless and can’t take care of your paper wallet.
- When you want to destroy your paper wallet and take your funds
Wallets That Allow You To Sweep & Import Paper Wallets/Private Keys.
Here is a list of some of the wallets that allow you to sweep/import private keys:-
- Bitcoin Core
In any type of Bitcoin wallet (mobile/desktop/hardware/paper), the most important thing is your private key because it will prove that the bitcoins you claim as your own are actually yours.
In my upcoming post, I will show you how to sweep your paper wallet into a software wallet.
Until then, please your thoughts: Do you use a paper wallet? Do you sweep your wallet or import it? Let us know in the comments below!! Still, doubtful and have a question? Feel free to ask in the comment section below.
Happy reading, learning, and sharing with the basilpuglisi.infomunity!
Here are a few hand-picked articles for you to read next: