|
Title: What's the worst that can happen if someone aquires your watch wallet? Post by: 9thsky on April 30, 2021, 08:15:11 AM ^
Title: Re: What's the worst that can happen if someone aquires your watch wallet? Post by: OmegaStarScream on April 30, 2021, 08:28:33 AM They can see your transactions. If you've imported an address, they will only be able to see the transactions of that single address.. however, if you've imported a deterministic wallet (using an xPub) then they'll be able to see all the wallet's transactions.
Title: Re: What's the worst that can happen if someone aquires your watch wallet? Post by: pooya87 on April 30, 2021, 08:28:38 AM You mean your "watch only" wallet that only contains your address or public key or master public key?
Then apart from your privacy being lost, nothing else. They gain access to anything that is inside that wallet (address(es), public key(s), bookmarks, labels) and your transaction history from blockchain. If you also continue leaking other things then you may be in trouble, for example leaking your master private key or mnemonic, or in certain cases with master public key in non-hardened derivation paths if you reveal both master public key and a single child private key then all your keys will be revealed. Title: Re: What's the worst that can happen if someone aquires your watch wallet? Post by: ABCbits on April 30, 2021, 08:59:31 AM Then apart from your privacy being lost, nothing else. They gain access to anything that is inside that wallet (address(es), public key(s), bookmarks, labels) and your transaction history from blockchain. With those information, someone could 1. Analyze your habit (e.g. when do you spend your Bitcoin) 2. Link your IRL identity with online account (e.g. linking you with your bitcointalk.org account if you ever posted your Bitcoin address) 3. Know how do you spend your Bitcoin (e.g. deposit to exchange and buy gift card) I think the worst case is someone could threat you and demand Bitcoin with reason such as 1. Will report to police because Bitcoin isn't legal. 2. Share your personal stuff (most common are masturbation video and personal chat history), even though they actually don't have those stuff. Title: Re: What's the worst that can happen if someone aquires your watch wallet? Post by: hugeblack on April 30, 2021, 11:51:50 AM The worst that can happen has two aspects, privacy and security.
- The more information a person knows about you, the less your privacy is. watch wallet or master public key gives the person a lot of information about you and thus the lowest possible level of privacy. - With regard to security, as long as you keep the seeds, master private key, and all your private keys safe, you are safe, losing any part of this triangle will greatly compromise the security of your coins. Title: Re: What's the worst that can happen if someone aquires your watch wallet? Post by: philipma1957 on April 30, 2021, 12:44:16 PM Then apart from your privacy being lost, nothing else. They gain access to anything that is inside that wallet (address(es), public key(s), bookmarks, labels) and your transaction history from blockchain. With those information, someone could 1. Analyze your habit (e.g. when do you spend your Bitcoin) 2. Link your IRL identity with online account (e.g. linking you with your bitcointalk.org account if you ever posted your Bitcoin address) 3. Know how do you spend your Bitcoin (e.g. deposit to exchange and buy gift card) I think the worst case is someone could threat you and demand Bitcoin with reason such as 1. Will report to police because Bitcoin isn't legal. 2. Share your personal stuff (most common are masturbation video and personal chat history), even though they actually don't have those stuff. I have been told on four different emails to pay btc or photos of me pleasuring myself will be released. They never cease to amuse me as my pcs have no cameras so there are no videos. The reason this happens is years ago I posted a btc addy in my profile. I also had my email revealed for people to use. Title: Re: What's the worst that can happen if someone aquires your watch wallet? Post by: HCP on May 01, 2021, 02:21:39 AM If it's a watching-only wallet from an HD wallet... and they have access to the master public key in it... and they somehow gain access to just one of your private keys, then, technically, they could derive ALL the private keys from your wallet.
otherwise... someone getting your watching-only wallet is more of a privacy issue than a security issue. Title: Re: What's the worst that can happen if someone aquires your watch wallet? Post by: o_e_l_e_o on May 01, 2021, 09:36:08 AM But how many wallet which use non-hardened keys these days? Well, most times people create a watch only wallet, they don't actually use their master public key, but they are instead using their account extended public key. So instead of using the public key at m, they are using the public key at m/44'/0'/0', for example. The combination of this key plus a single private key from an address in this wallet, such as at m/44'/0'/0'/0/0, would allow an attacker to dervie all the other keys in this wallet, but would not allow them to go above the account level, to something like m/84'/0'/0', for example. Title: Re: What's the worst that can happen if someone aquires your watch wallet? Post by: philipma1957 on May 07, 2021, 05:03:17 AM I have been told on four different emails to pay btc or photos of me pleasuring myself will be released. I'm more surprised you count such email received on your email. They never cease to amuse me as my pcs have no cameras so there are no videos. True, but could be frightening for paranoid people who have notebook or PC with camera. If it's a watching-only wallet from an HD wallet... and they have access to the master public key in it... and they somehow gain access to just one of your private keys, then, technically, they could derive ALL the private keys from your wallet. But how many wallet which use non-hardened keys these days? I meant four different email accounts. outlook accounts and yahoo accounts. Those four accounts have received countless emails asking for coin. |