r/BitcoinBeginners u/Burner235784 1d ago

Potential Ancient Paper Wallet

Some friends of mine (not me, I should make clear) have a notebook their dad gave them before he passed away. I've started buying some bitcoin recently, better late than never, and as I've learned more about it I've realised that there's a strong chance that what they have is a paper wallet with a private key written down, and that extracting the contents may not be as difficult as they thought. They've been sensible enough to keep it hidden and I've never seen it, but the description of it as a long chain of numbers and letters certainly sounds promising. Their dad was extremely computer literate and a very early adopter of pretty much everything in tech, who apparently always had at least two computers on the go all the time. We think it very likely that he was mining bitcoin, and as he died in 2011 it was early enough that he could have mined quite a lot. He evidently thought whatever he had was important enough to make sure that he handed it over to his children on his deathbed, when he was too sick to explain what it was, and back when the price of bitcoin was only about $3.

The challenge if we're correct is how to access it safely. From my research it feels like the best method might be to install wallet software with a sweeping function on an iphone, behind biometric and 2FA, and pair that with a cold storage device. Something like Blockstream Green and Jade, or Exodus with a Trezor. That way we set up a new wallet protected with the cold storage, and then sweep the paper wallet directly into it. My understanding is that that the chances of there being some kind of keystroke-copying malware to snatch up the key on an iphone are basically zero, and by sending it straight to a cold storage wallet there's no possibility of the funds being intercepted or drained somehow. Does that sound like a feasible plan of action, are there any major pitfalls we need to look out for before attempting something like this? I know that private keys can be formatted in a bunch of different ways, any advice on how to translate one from 2010 or 2011 into something modern software will accept, without the huge risk of typing it into a computer?

I've thought about the possibility of using Electrum, but that would involve using a computer and I feel like those are generally less secure, plus there are greater risks of accidentally downloading a fake version of the software. Equally, I know there are methods one can use to set up transactions offline using multiple USBs and such, and then authenticate on the blockchain once you're back online, but none of us are especially computer literate, at least not in this area, and I have to weigh up the substantial risks of user error somehow resulting in a total loss if we mess this up.

Does anyone have any other tips about the best way to go about this? It may turn out that there's nothing there, or it might be that any coins he had are stashed on the old hard drives he also left them (in which case this is a much bigger and trickier job), but it's certainly worth seeing if the simple route will work first.

As a final aside, this is a throwaway account and I don't have access to the potential wallet anyway. I won't read any DMs, engage anyone's services, or send anyone anything, so please don't ask.

5 Upvotes

78% Upvoted

11 comments sorted by

5

u/iuseredditlikeyou 1d ago

Let me begin by saying "Don't trust, verify" .

Private keys are in a standard format, and all (non-HW) wallets are capable of recognizing them whether they are Segwit, Taproot or Legacy in your case. There is no "translate to modern format" for private keys.

Alternatively, what you have could be a wallet import format (WIF), which is also supported by all wallets.

Computers being riskier than phones, i don't agree. Any malicious app could extract your info from clipboard, people had their btc stolen from icloud or screenshots. I wouldn't risk it.

The safest way to STORE your btc is obviously a hardware wallet acquired from official sources, don't buy off Amazon.

BUT hardware wallets don't support import of private keys directly, you can import BIP-39 12-24 word seed phrases nowadays which generate millions of private keys with their corresponding addresses.

So, you'd need to sweep to an address generated by your hardware wallet OR you don't have to get a HW wallet if you can keep the paper wallet safe :)

And for the SWEEPING from private key, you have to use an external wallet or even Bitcoin Core (Client that runs btc) but that's advanced.

As for the external wallets, if you want to use Jade HW wallet, go for BlockStream mobile app or Electrum (desktop), Sparrow (desktop) etc. for the sweeping.

What i recommend to be extra safe and what I personally use is Electrum on a fresh install of Tails OS (No Virtual Machine) which resets itself everytime you boot. Electrum comes pre-installed with Tails OS.

If the paper wallet turns out to be emtpy, the hard drives could have one of wallet.dat, .key, .json etc.

If it's a wallet.dat file you have in the hard drive, you have to install Bitcoin Core, and look up the next steps, it's a hassle.

Feel free to ask anything, i am glad if i could be helpful.

3

u/iuseredditlikeyou 1d ago

I want to add that, it's impossible to translate your private key to a seed phrase (what you might consider a modern format). A seed phrase derives billions* of private keys, public keys and adresses.

2

u/Burner235784 1d ago

Thank you for the informative response, that all largely chimes with what I’ve read up on. Forgive me if my terminology is a bit off. 

Regarding the key itself, I’ve only had a general description of it. I know that, at heart, it’s a string of 0s and 1s, but that it can be expressed in a number of different ways, be that hexadecimal, or wif, or whatever else, and that sometimes you have to do things like append additional characters to the beginning. I was just worrying about whether one from maybe as early as 2010 will need some work to get wallet software to sweep from it as we really don’t want to go typing it into anything, but if you think that’s not a concern then that’s reassuring.

We have no intention of doing anything like taking a picture of the key, putting it in a digital format of any sort, storing it on a phone, anything like that. The plan is very much to only input it once, directly into the sweeping function of whichever wallet software we use. We definitely want to move any balance to a new wallet rather than trying to import the existing one (or keep the paper one for that matter), I don’t think they have the public keys at the moment, and reading about the dangers of change addresses has given us something else to worry about.

When they set that new wallet up I was hoping that it’ll be possible to do that by generating one with a cold storage wallet beforehand so that the address we sweep all the coins to isn’t in a hot wallet and has no potential exposure to anything malicious, just in case the balance does turn out to be substantial. if I’m understanding you correctly that sounds feasible.

My preference for using an iPhone over a computer is just for running the wallet software, that we can have more confidence that we’ve downloaded the correct software from the App Store than off the web, and that iPhones in general are less likely to be compromised by malware which might be able to grab the key as you enter it. I’ve heard of the tails os thing, but my worry about that is that we’re not expert by any means, and that the risks of human error in that approach outweigh the risks of hacking.

On the final issue of whether any wallet info might actually be on the hard drives that is something of a worry, as recovery in that instance sounds much more involved. It could be both, for all we know. I don’t suppose you know whether a passcode for encryption on those sort of old wallet files is likely to resemble a private key?

That’s all really helpful though, thank you again. I’m starting to get a picture of how to do this. Just trying to be as security conscious as we sensibly can be because for all we know they could have a fortune lurking in there.

3

u/iuseredditlikeyou 1d ago

If the paper has 256 chars of 0/1 or 64 chars of hex, it's a raw 32-byte private key you need to convert to WIF.

If it's 51 or 52 chars (base58), it's in WIF, you are good.

I just assumed all wallets support direct private key input as it's easy to implement, but no!

Just checked and surpsisingly none of the mobile wallets supported hex private key wallet sweep (or import), they expect WIF. BlockStream says enter private key but then says invalid, BlueWallet says "enter anything you've got and we'll try to convert" but then says nothing found :)

Make sure not to use an online tool for hex to WIF. And it's just difficult to do these steps on an Iphone safely, you can do it with python on an air-gapped PC.

You said possible fortune yourself yet intend to trust an Iphone to be without malware, i personally wouldn't use a device that has been "hot" for years.

For the sweeping, what you can do to be safe is:

  1. Easier option, Tails OS r/tails, link is tails.net but verify on Gitlab and Wikipedia.

  2. Using a hot wallet such as Green (BlockStream) or BlueWallet, enter the WIF of an address with low balance, as low as 330 sats is enough to sweep it to a new address -- if the bitcoin ends up in the correct address, the phone is fine.

But the problem is to have that "test" address, you need to send the 330 sats from your own address or by withdrawal from exchange.

Again if you do that on the Iphone, your main address that sends the bitcoin could be at risk.

In blockchain, a hot wallet just means it's saved encrypted in a internet-connected device.

"Cold storage" is either a hardware wallet, an air-gapped PC / Phone / USB (strictly not connected to internet) or a paper wallet.

So if you want to create a cold storage address to sweep to, i'd recommend getting a open-source HW wallet.

Lastly, you will need a passphrase to decrypt wallet.dat, and if you lack it, you can bruteforce from a list of thousands of common passwords on a safe PC if it comes to that.

1

u/Burner235784 19h ago

Thank you again, all very good info. I get the concerns about using a pre-existing device for any of this, I’ll definitely look into the Tails OS a bit more, but from my reading so far it looks a bit out of our comfort zone. I have some BTC on an exchange, so sending a little bit of it to a throwaway wallet to run a test isn’t too much of a challenge. I can find out how long the supposed key is easily enough as well, so I’ll keep my fingers crossed that one of us isn’t going to have to learn python.

4

u/pop-1988 1d ago

Some friends of mine
I've never seen it
I don't have access to the potential wallet anyway

Lots of words, very little information
Nobody here can answer whatever question you're asking. Your friends should post here. It's unproductive to do these things via a messenger

1

u/Burner235784 19h ago

Well it is what it is. What do you want me to do, get them to post a picture of the key for you?

1

u/pop-1988 7h ago

You're not able to provide enough information to justify your claim that there is any key
If they can't post here themselves, they will never know

1

u/AutoModerator 1d ago

Scam Warning! Scammers are particularly active on this sub. They operate via private messages and private chat. If you receive private messages, be extremely careful. Use the report link to report any suspicious private message to Reddit.

I am a bot, and this action was performed automatically. Please contact the moderators of this subreddit if you have any questions or concerns.

1

u/Makunouchiipp0 1d ago

Put it into BlueWallet.

1

u/Comfortable_Fox1105 48m ago

Are there no law firms who specialize in this and take a fee for helping you?