Crypto is defined by debates: Bitcoin versus Bitcoin Cash, proof-of-work versus proof-of-stake, permissioned versus permissionless blockchains, and so on. Well, one other long-standing debate reached fever pitch on Twitter and Reddit recently: the debate over whether paper wallets are superior to – or much worse than – hardware and software wallets.
Unsurprisingly, opinions expressed online have fallen all over the possible spectrum. However, as comments below show, it’s clear that not only are paper wallets less secure than they’re sometimes made out to be, but they require a level of technical expertise and oversight beyond the capabilities of most laypeople.
Paper wallets: the flaws
Paper wallets have in certain quarters been heralded as “an extremely secure way to keep Bitcoins safe,” a conception which to some degree has probably been strengthened by recent crypto-exchange hacks, which saw crypto worth more than USD 1 billion stolen last year.
And, in theory at least, they are safe. Given that they involve little more than printing out a Bitcoin address and the corresponding private key on a piece of paper, they aren’t connected to the internet and therefore aren’t vulnerable to hacking.
“Paper wallets are generally very safe when used for their one specific use case: long-term, untouchable storage,” says Trezor’s Oliver Benton, via email. “Even then, it requires a great deal of understanding and experience to use it safely and efficiently. It is not a solution for a casual user who wants to spend their cryptocurrencies.”
But despite the seeming security of having your private key stored offline on a piece of paper, various other Bitcoin experts believe they should be avoided, and that many of their supposed benefits are illusory.
“Paper wallets do not operate on their own,” says Bitcoin expert Andreas Antonopoulos. “They are part of a system that consists of a computer to generate them, a printer to print them and the same or other computer to scan and spend them.”
Antonopoulos argues that, taken as a whole, these components are less secure, less private, less robust and more susceptible to “catastrophic user error” than a hardware wallet working in conjunction with a computer.
“The computer needed to generate a paper wallet must be setup with trusted software and hardware,” he says, before pointing out that, in order to provide maximum security in this respect, a de-minimis operating system and software stack (i.e. a system and stack harboring the minimum possible risks) would be needed.
“Creating such a secure system is beyond the skill set of 99.9% of crypto users. A hardware wallet is essentially such a system, pre-build for only this purpose and far more minimal in its design.”
Similarly, Antonopoulos warns that only “the oldest and ‘dumbest’ of printers” should be used for the purpose of printing out a paper wallet, since smart printers connected to the web (or some kind of network) are another security risk.
“Sourcing and configuring a printer like this is beyond the skills of 99.9% of crypto users. A hardware wallet’s display, securely connected to the processor is the equivalent of this printer and does not leak information.”
And lastly, there is the fact that a paper wallet involves only a single address and a single private key, which Antonpoulos describes as “obsolete” technology.
“It is not human readable and requires QR-scanning software to read,” he adds. “When spent by a wallet, there may be ‘change’ generated, which will be returned to an address controlled by the wallet used to scan the paper, and not to the paper wallet itself. This is unexpected behavior that has frequently caused loss of funds as users assume that part of the money was spent and the rest remains on the paper wallet.”
Hardware wallets: the benefits
By contrast, Antonopoulos notes that hardware wallets have the advantage of being able to create “billions” of addresses using seed words, and also the benefit of having a minimal attack surface.
“Hardware wallets are far superior as they are based on a broadly supported industry standard (BIP39/32/43/44) which can be recognized and restored into any one of hundreds of software and hardware wallets. They are custom built computers that contain the entire system for verifying and signing transactions and are carefully designed to remove information leaks and minimize the attack surface that is accessible to untrusted devices.
Still, while other experts are in agreement as to the advantages of hardware wallets, some nonetheless think that all types of crypto wallet have their uses, even those based on paper.
“I would say that paper, hardware and software wallets all serve a purpose and may be more or less valuable/risky depending on your situation,” says Drew Harding, the Head of Product at Pillar, which produces a mobile-based software wallet.
Harding says that the perishable nature of paper wallets makes them risky for anyone who would use them as their only storage solution. “That said, users generally back up their seed phrase or private key for software/hardware wallets by writing them down on a piece of paper (and/or sometimes a USB) and storing it in a safe place.”
As Harding points out, this physical backup means that most wallet owners do actually use paper wallets, they just don’t use them on their own.