First of all lets see how Mnemonic based HD wallets works.

SEED:
time face caught jump pony myth only doll treat clog monitor verify fabric walnut permit

This is the SEED used to generate xpub and xpriv keys for multiple coins, this single key can generate both bitcoin and ethereum addresses and many more, like the hardware walelts Trezor do, 1 single seed is enough for every coin that you stored in your wallet.

BITCOIN XPUB KEY
xpub6DCsNLV4BriXeaACJBxX3ny7vNaegKcJU2W16NKmE6MS8DzXNWj9LgcH647tNhKKDj4GJsamvRR ScD2Sg3bw6JSwJcto4awVGdg5dPM1FTu

path,address,private key for BITCOIN

m/44'/0'/0'/0/0,
197ToSUz1fHUZw6RyayGHcVgAbeMxQu5MN,
L4FSbxSNQdEC32rrwv2CbxEbGeRxP2HrzT6G5JhRUvm6Jri1wp2K

m/44'/0'/0'/0/1,
1H8m2zVwMhEgKJRfDnWsoti1K2kN87x2ym,
L4b7grTtHEtahUNeDLesHTDShRbUTXHp5Jy3Cy4j1YZiVSwLRHXt

ETHEREUM XPUB KEY
xpub6CT1Ak6RQCF4YmYX8X5vKCWMMTp553Mj4LfYEgKidavurq3xcAwnWMspcnEbMz1GLVhqSwgkK7x Y9wqRCBBQieZ7ziRqT5dT6zWiVaga79c

path,address,private key for ETHEREUM

m/44'/60'/0'/0/0,
0xB4d5Eb0A4033770ad5b7076494F5e111BEf0e900,
0xa3ff08362024f18909c7845b38455b3e03ee47e5735977dccc2e50ef825ec1b5

m/44'/60'/0'/0/1,
0x04905Da51b6DDdE795C1890096dDbbfCe3039b0F,
0x81a2fd621dc67aafb6d42791b513a9318eafc01fb63b91afda41c1cd71fc5b21


The issue is ETHEREUM has account model which means every generated address private key is required to make a transaction where as bitcoin has UTXOs model in which we can select multiple UTXOs and make a transaction

197ToSUz1fHUZw6RyayGHcVgAbeMxQu5MN => 0.1 BTC
1H8m2zVwMhEgKJRfDnWsoti1K2kN87x2ym => 1 BTC

so in Bitcoin i can use all 1.01 BTC in a single transaction by just using a function getUTXOs() rest is done by Bitcoin wallet. BTCD or BITCORE gives this functionality.

0xB4d5Eb0A4033770ad5b7076494F5e111BEf0e900 => 0.1 ETH
0x04905Da51b6DDdE795C1890096dDbbfCe3039b0F => 1 ETH

in case of ethereum to use a total of 1.01ETH in my HD wallet i've to individually use both addresses private key to make a transaction and then executing a batch transaction will do the job.


So the problem is not HD wallets its about the architecture of both Bitcoin and Ethereum

I can use a single SEED and xpub key to generate unlimited addresses of ETHEREUM but i can't make transactions like BITCOIN i'll need the private key of all the generated addresses.

To automate the withdrawal process we have to store private keys on server else we've to do manual transaction

bob123 is saying the storage of private keys on server is inevitable in case of automatic withdrawals. but we can use HOT and COLD wallet mechanism to store some of our funds in HOT wallets that will be used for automated withdrawals and rest of our funds will be stored in a COLD wallet that is an offline wallet and not connected to internet. This will save us from hackers to stole all of our exchange funds only HOT wallets funds can be stolen.   

Thanks bob123 for such a great clarification.

yeah the issue is I've to generate separate address for each user and in case of ethereum the hd wallets doesn't works like bitcoin where we can just select UTXOs and make a transaction.

bob123 gives the most optimal solution

and if we add this from PrimeNumber7

also thanks for pointing out this issue


i'll keep track of all these valuable suggestions and will share the final solution what I've got.


Thanks!

Really Thanks for such a quick and valuable responses Pmalek, bob123, NeuroticFish and mocacinno. I'll look into this. The gist is either prepare for the hack using hot wallets or compromise the user experience over security using cold wallets.



I'm learning to be a security-minded developer and definitely be the one with the help of you peoples. 

Hi, I'm newbie in crypto world and working on a tranding platform. I've to generate separate addresses against every user and stuck at how to securely store the private keys. I've looked into the ecc encryption, AWS KMS, and hashicorp vault but the common thing among all the methods is, the decryption password or token is still stored on the server. So if the server got compromised everything is gone. Now my question is what is the best way to store the private keys. Thanks!