diff --git a/tests/wif.test.js b/tests/wif.test.js
index f4c1e94..11d7c85 100644
--- a/tests/wif.test.js
+++ b/tests/wif.test.js
@@ -1,4 +1,5 @@
 import * as lib from '@exodus/bytes/wif.js'
+import { toBase58checkSync } from '@exodus/bytes/base58check.js'
 import { randomValues } from '@exodus/crypto/randomBytes'
 import { test } from 'node:test'
 import assert from 'node:assert/strict'
@@ -73,3 +74,26 @@ test('sizes roundtrip, random data', async (t) => {
     }
   }
 })
+
+test('invalid length throws before version check', async (t) => {
+  // Regression test: length validation before version check
+  // Old: threw "Invalid network version" for invalid length with wrong expectedVersion
+  // New: throws "Invalid WIF length" regardless of expectedVersion
+
+  const invalidLengths = [0, 1, 4, 10, 32, 35, 50]
+
+  for (const len of invalidLengths) {
+    const arr = new Uint8Array(len).fill(128)
+    arr[0] = 42
+    const encoded = toBase58checkSync(arr)
+    const wrongVersion = 99
+
+    await t.assert.rejects(async () => lib.fromWifString(encoded, wrongVersion), {
+      message: 'Invalid WIF length',
+    })
+
+    t.assert.throws(() => lib.fromWifStringSync(encoded, wrongVersion), {
+      message: 'Invalid WIF length',
+    })
+  }
+})
diff --git a/wif.js b/wif.js
index cc6737f..690477e 100644
--- a/wif.js
+++ b/wif.js
@@ -6,6 +6,7 @@ import { assertUint8 } from './assert.js'
 
 function from(arr, expectedVersion) {
   assertUint8(arr)
+  if (arr.length !== 33 && arr.length !== 34) throw new Error('Invalid WIF length')
   const version = arr[0]
   if (expectedVersion !== undefined && version !== expectedVersion) {
     throw new Error('Invalid network version')
@@ -14,7 +15,6 @@ function from(arr, expectedVersion) {
   // Makes a copy, regardless of input being a Buffer or a Uint8Array (unlike .slice)
   const privateKey = Uint8Array.from(arr.subarray(1, 33))
   if (arr.length === 33) return { version, privateKey, compressed: false }
-  if (arr.length !== 34) throw new Error('Invalid WIF length')
   if (arr[33] !== 1) throw new Error('Invalid compression flag')
   return { version, privateKey, compressed: true }
 }
@@ -22,7 +22,6 @@ function from(arr, expectedVersion) {
 function to({ version: v, privateKey, compressed }) {
   if (!Number.isSafeInteger(v) || v < 0 || v > 0xff) throw new Error('Missing or invalid version')
   assertUint8(privateKey, { length: 32, name: 'privateKey' })
-  if (privateKey.length !== 32) throw new TypeError('Invalid privateKey length')
   const out = new Uint8Array(compressed ? 34 : 33)
   out[0] = v
   out.set(privateKey, 1)