Related eBooks

So some generalisations on xpubs and current wallet providers.

  • Ledger and Trezor wallets can create xpubs which can show all transactions of a wallet
  • When a passphrase is added, this counts as a new set of private keys along with a new xpub
  • The children public addresses created from sending/receiving bitcoin are bound only to the xpub from the mnemonic phrase + passphrase i.e. if you create a new passphrased wallet it will have a new xpub
  • Children created by these wallets are not hardened
  • If an xpub is leaked for a mnemonic phrase + passphrase, if you have any of the children’s private keys, you can compromise the entire wallet linked to the xpub and all other children, hardened or non-hardened BUT the attacker will not be able to compromise any other meomonic phrase + paassphrase you have as it has a different xpub, and ultimately different children

My question, assuming the above is correct, it’s becoming more commonplace for 3rd parties (i.e. tax tools) to make use of xpubs – I want to know how it’s even possible to leak a childs private key on a trezor or a ledger as none of the outputs are able to leak these, unless I’m wrong.

Just want to make sure I’m not leaving myself too open.


By pplny

답글 남기기

이메일 주소는 공개되지 않습니다. 필수 필드는 *로 표시됩니다

Translate »