Wallet Logo

PaperSafe Satoshinote

🔍 Last analysed 19th May 2022 . Provided private keys Not functioning anymore
15th May 2015

Jump to verdict 

Do your own research!

Try out searching for "lost bitcoins", "stole my money" or "scammers" together with the wallet's name, even if you think the wallet is generally trustworthy. For all the bigger wallets you will find accusations. Make sure you understand why they were made and if you are comfortable with the provider's reaction.

If you find something we should include, you can create an issue or edit this analysis yourself and create a merge request for your changes.

What is a bearer token?

Bearer tokens are meant to be passed on from one user to another similar to cash or a banking check. Unlike hardware wallets, this comes with an enormous "supply chain" risk if the token gets handed from user to user anonymously - all bearer past and present have plausible deniability if the funds move. We used to categorize bearer tokens as hardware wallets, but decided that they deserved an altogether different category. Generally, bearer tokens have these attributes:

  • secure initial setup
  • tamper evidence
  • balance check without revealing private keys
  • small size
  • low unit price
  • either of ...
    • somebody has a backup and needs to be trusted
    • nobody has a backup and funds are destroyed if the token is lost/damaged

The Analysis 

Product Description

Originally announced via Bitcointalk in May 5, 2015, the PaperSafe Satoshinote is described as:

The paper wallet is meant to be folded into thirds … The bottom 1/3 of the wallet is the public address and encrypted private key that is printed from bitaddress.org. The hardest part was to get the printing in that location and have it not fall on any folding that may destroy the keys in any way….. The private key is encrypted with a code that is preprinted before anything else is printed ….I created an an excel spread sheet to help with this bulk printing of the codes and is mixed with math to produce a quasi random code… 25 are printed at a time…. Then the graphics are printed , 25 sheets at a time… The third printing is the bitcoin address…. Individual paper wallet codes are entered into bitaddress.org from an off line laptop to encrypt the private key…one at a time… after each print …the paper wallet is taken off the printer and a scratch off sticker is applied immediately over the code ..

Then a holographic signature sticker is applied over the scratch off…. this holographic sticker is the anti tamper seal… as long as this seal has not been disturbed, the code is secure…..The paper wallet is then passed through the printer for the 4th time ….printing a tamper evident security feature over top of the holographic seal, extended onto the paper making it impossible to remove the seal and the scratch off without evidence…

The wallets are then embossed with the 2 embossers and numbered multiple times in different locations with the numbering machines in both back ink and UV ink… A smaller holographic seal is placed over a UV number somewhere in the middle section of the wallet..

Analysis

Criticism of the product centers on the private key being printed on a piece of paper. The provider has this to say:

when the private key is created, It is never seen unencrypted….the codes that are pre-printed are never saved….anywhere!!! and covered with the scratch off as quickly as possible

As nobody can prove to not keep a copy of the keys, we have to file this as: The provider potentially has the keys.

(dg)

Verdict Explained

The device gets delivered with private keys as defined by the provider!

As part of our Methodology, we ask:

Are the keys never shared with the provider? If not, we tag it Provided Keys!

The best hardware wallet cannot guarantee that the provider deleted the keys if the private keys were put onto the device by them in the first place.

There is no way of knowing if the provider took a copy in the process. If they did, all funds controlled by those devices are potentially also under the control of the provider and could be moved out of the client’s control at any time at the provider’s discretion.

But we also ask:

Is the product still supported by the still existing provider? If not, we tag it Defunct!

Discontinued products or worse, products of providers that are not active anymore, are problematic, especially if they were not formerly reproducible and well audited to be self-custodial following open standards. If the provider hasn’t answered inquiries for a year but their server is still running or similar circumstances might get this verdict, too.