Maybe a dumb question: safe to put a #bitcoin master public key on a hot wallet...? Any best practices? Words of caution?
#asknostr
Discussion
safe is maybe not the word, not private
if you don’t run your own node then most likely your xpub is already being tracked but multiple nodes you have connected wallets to. Anyone with your xpub can see balances and transactions
Thanks - tried a thank you zap but it didnt go through
LNBC210N1PJHUJYASP5MEV9YM9RU3PHMCRNW2VQ97EYGHD7G0V4RCEGHHQS5NT6DNGQHGJSPP5LHMFS7R8ZFWWUQWYXFLCNT5VQSM5J5FA8KXZJUQ0JXARER6U9W4QDQGV4H82ARNXQZJCCQPJRZJQDVA2LTCH9A03Q8JLMXYE9AWWSQXFKGJGE4NR0HDJ5LVG865YN7JKZ7PQQQQ9HSQQYQQQQQQQQQQQQGQYG9QXPQYSGQ2AD8HL0432TNVR5E2RE8Q572X02QQX5NJT3M7CSUPEWDCWG2X87PDL0WGURCP6TG30KJUNKAHFDMCN9KZ8HEALF4KS5SDAHUX6Z7KTQQRQJJ2J
Might not be safe if it could lead to further unauthorized transfers. Depends on the technical security layer.
If adding xpub for a watch wallet is the question then yes and no. Your funds are absolutely safe but if somehow someone got a hold of your xpub then privacy is compromised. It is the root that generates all of your wallet addresses so any address used could be traced back to your xpub
https://youtu.be/Q4gpVF-ATAg?si=6hZbsEe3Lq46bPOF as i was scrolling i was watching this video and touched up on i bet what you are asking
I dumped ledger long ago, I was thinking about setting up a watch/receive only wallet on a mobile device for convenience. Theoretically the mpk would be from a 100% offline signing device. Sounds like the mpk should be treated as carefully as the secret but for privacy's sake.
Ya it would be the same as a desktop wallet but on your phone. Someone will need your device to move funds because its a watch only wallet.
Right. But if I don't want the app-maker (Zeus, Blockstream, Phoenix, etc) to see my mpk I shouldn't add it. And I don't think there's a electrum for mobile right?
This is dumb of me. Thought I wanted a way to see cold storage balance and receive on the go. But bad opsec, unnecessary risk. Hot wallet on phone, when balance gets high, drain to cold wallet. Easy peasy.
Its the same thing when you set up sparrow. But now you setting up on your phone a wat h only receive wallet. If you loose your phone no can move the money because you the one with the signing device.. im always sending to my cold storage on the go shit ill be at Walmart and send to cold storage hahaha
running your own full node solves your concerns
you can create a watch only wallet of your cold storage using Sparrow Wallet
connect Sparrow to your own node
you can see your balance and receive to cold storage addresses
Connect to your own node, and you won't have to worry about some rando node on the network logging all your assoicated addresses and transactions.
Short answer seems to be: safe but not private. Appreciate responses!