Back to Blog Entries

Private key safety improvements

April 28th 2014

In the MultiBit 0.5.18 release there are two changes we have made to improve the safety of your private keys:

1. Private key imports of wallet exports are no longer supported

Recently a user found that one of their private keys was incorrect and Mike Hearn, a core Bitcoin developer, kindly performed forensics on the issue. He discovered that the user had performed an import of a encrypted wallet backup into MultiBit which had resulted in a corrupted private key.

Unfortunately the original import file is no longer available for study. developers were asked if anything had changed in their export formats recently but nothing has. As a result the exact cause of the error cannot be precisely established. The error was not repeatable within the available time for the investigation.

It is of critical importance that private keys are kept secret and safe. Therefore to avoid this happening to any user in the future we have removed the ability to import 'json' and 'json.aes' wallet backups into MultiBit.

In the early days of Bitcoin this functionality helped improve the resilience of the Bitcoin ecosystem. Should be subject to a concerted attack (such as a denial of service attack or similar) users would have been able to migrate their private keys into MultiBit. Over time Bitcoin has matured and this is no longer necessary. With HD wallets private key imports will all but disappear.

For some time there have been alternate ways to recover private keys. One example is's own static wallet decryption page. Users can keep a local copy of this page on a secure machine for emergency use.

Overall, by removing this outdated option from MultiBit we close down a potential error path for our users and thus further improve reliability.

2. Utility to verify the integrity of your wallet's private keys

So far we have seen only a single case of this particular error occurring. It is entirely natural for MultiBit users who have also imported private keys from to want to check that their wallet is OK. To support our users in this we have added an integrity checking utility into MultiBit 0.5.18. It can be accessed through "Tools | Check Private Keys".

This utility crosschecks the wallet's private keys with the wallet's receiving addresses by recalculating everything from scratch and reporting any issues.

Related articles

Here are some related articles: