But what I understood after the fork was that many users don’t know how to use paper wallets properly.
For the uninitiated, paper wallets are simply Bitcoin private keys printed on a piece of paper. It can have the Bitcoin public address also printed on it, but not necessarily. Paper wallets are an effective way of storing Bitcoin private keys offline.
When CoinSutra published about a fork of Bitcoin named Bitcoin Gold and also a guide to claiming Bitcoin Gold, many users were confused as to whether they should sweep their private keys or import their private keys of paper wallet to claim their BTG. That is why I thought it is an important topic from the security point of view to explain what it means to sweep or import your private keys from a paper wallet.
Since this is regarding the security of your funds, I want to tell you a thumb rule if you are using paper wallets which is Always Sweep Your Paper Wallet’s Private Keys.
Further on, I am going to tell you why you should sweep that, and I will also elaborate on what sweeping and importing your private keys basically means.
So without further delay, let’s get started.
What Is a Private Key Import?
When a user imports their private keys from a paper wallet to a software wallet like Mycelium or Coinomi, it means the user is putting that private key in their existing collection of keys. This results in a scenario where your coins are visible and accessible from both source and destination wallet, i.e., the wallet from which the keys were exported and the wallet to which the keys are imported.
In this case, your funds can be sent from any of the wallets so basically, it is a replica or copy of your original paper wallet.
Some of you would say what’s the harm in this scenario as it is a good thing that now you can spend from any of the wallets, but there are some risks that you need to understand.
Risk Of Importing Private Keys
Risks that you need to know if you are importing your private keys into a software wallet.
- If you lose your paper wallet effectively, anyone can spend your funds even if you have imported your private keys because the paper wallet’s private key is still valid, and by importing, you have just kept a copy of it on your software.
- Also, a vice-versa scenario is possible where an attacker who has access to your mobile can somehow spend your Bitcoin funds that are stored in your cold stored paper wallet.
- Another scenario, though risky, is very interesting.
Imagine you are a merchant and you have received some bitcoins as a gift from one of your customers, for example, me, who knows how to use Bitcoin paper wallets very well.
I am evil, so I encourage you to import this wallet’s keys into a software wallet and also tell you to start accepting Bitcoin payments on it. And because I have evil intentions, I keep a copy of the private keys of the paper wallet I gave you as a gift. And now, whenever you receive a decent amount of payment on this imported paper wallet which is now in the software, I will be able to withdraw and steal your hard-earned money because I have the keys too.
And the merchant will be clueless as to why his funds are missing because he doesn’t understand the security harms of importing a key.
So you saw how importing could lead to this scenario, but if the merchant had swept his keys, the customer would not have tricked him. (I will explain the sweeping of keys in the next section of this article)
But it doesn’t mean that import is a bad feature and should not be used. It should be used if you are very well aware of its security implication and can take care of it.
When To Import Private Keys?
As a must-follow practice, you should only import those private keys that are only known to you, and nobody else will ever know.
Also, if someone else has given you the paper wallet, then you should not import those keys because chances are there that they have kept a copy of the keys. Instead, you should sweep those keys or paper wallets.
What Is Private Key Sweep?
Thought sweep and import may look the same, but a private key sweep is fundamentally different from the import of private keys. How? Read on.
When you sweep your paper wallet or private keys into a software wallet, you are basically creating a new transaction to a new public address which empties your source wallet, i.e., paper wallet.
In short, your bitcoins, after a sweep, will be sent to a new public address of your software wallet, which will now have a new private key that is stored in an encrypted form on your device.
And as it is like making a transaction on the blockchain to an address that you only control so an applicable miner’s fee or transaction fee will be deducted from your whole balance and the rest amount you will receive in your new wallet.
Also unlike in the case of import, after a sweep, your funds will be accessible and visible only from this software wallet in which you have swept your paper wallet.
When Should You Sweep?
So now the million-dollar question is, when should you sweep your private keys? So if your answer to all the below questions is YES, you should sweep your paper wallet.
- When someone will ever have access to your paper wallet’s private keys.
- When you are sure that you are careless and can’t take care of your paper wallet.
- When you want to destroy your paper wallet and take your funds
Wallets That Allow You To Sweep & Import Paper Wallets/Private Keys.
Here is a list of some of the wallets that allow you to sweep/import private keys:-
In any type of Bitcoin wallet (mobile/desktop/hardware/paper), the most important thing is your private key because it will prove that the bitcoins you claim are yours.
In my upcoming post, I will show you how to sweep your paper wallet into a software wallet.
Until then, please give your thoughts: Do you use a paper wallet? Do you sweep your wallet or import it? Let us know in the comments below!! Still doubtful and have a question? Feel free to ask in the comment section below.
Here are a few hand-picked articles for you to read next: