Want to understand how online transaction services work

[BaiMangal]

Hi Guys,

What would be a good starting point to understand and learn how transactions are done on behalf of users. Like the exchanges.
User has own bitcoin address in say bitstamp/kraken/blockchain.info
The user has their own 24 words seed.
What I want to learn is how the different providers initiate a transaction on behalf of the user from the users wallet. Surely they don't store users passphrase, that sounds way too unsecure.

Any articles, github project, would be much appreciated.

Sorry for the basic question.

[wiebemarten]

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512

Hi Guys,

What would be a good starting point to understand and learn how transactions are done on behalf of users. Like the exchanges.
User has own bitcoin address in say bitstamp/kraken/blockchain.info
The user has their own 24 words seed.
What I want to learn is how the different providers initiate a transaction on behalf of the user from the users wallet. Surely they don't store users passphrase, that sounds way too unsecure.

Any articles, github project, would be much appreciated.

Sorry for the basic question.

This question is not basic at all. In my personal opinion, no 'dumb' questions exist, but only people that do not want to invest the time to answer.

Short answer: To transfer bitcoin funds, a party needs to have access to the private key of an address. Therefore, these systems need to have some way to do that.
I can think of:

1. The funds are only moved to the user's wallet once the user states that they want to be paid out. Or, alternatively, only transactions are made from a special wallet that the user explicitly fills.
2. The party _does_ know the user's seed/private key.
3. The address is a '1 of n' multisignature wallet. Hmm, in practice this would be similar to (2) I guess.
4. The user is asked every time a transaction is supposed to take place for their password.

I do know that most exchanges have full control over the funds you store at them, which is also why they go to rigorous lengths in attempts to prove that they are not stealing from anyone. (Also, some 'exchanges' did run away with money in the past).

I believe most exchanges use either (2) or (4) (haven't used them for a while though, so I do not have hard evidence).

~Wiebe-Marten
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1

iQIcBAEBCgAGBQJaCv3xAAoJEBfPRUP+Bdzsn7IP/Rm346yY/TC+WwYItEuYYbjz
JUmVUYGRcLQye5eJEBe97mosG3RzCEbVk32cqGXTrO9NbzXHzY10GByohPYRGgJh
lG3k6Gn97XbIHCnnbzoy29o1EmS0OHB+jedMe2gb2eveIVyyB40gvCnmgK870cEu
5SpXsQw3ViTE9XB1r7w/Y96iPbR1z4rjlwgHYm8qqA2r9VZs2JwvXZibB7K8ceTW
xjDDeQpi3KAKySqvF6yKL+ize2566sr50fuChVSukR03Jej4Hm7ECRtvTZXihRuG
YFHxpViRqYiFsarEJGOIG0CirBBwipdfc52xOfbKoHWc4F45TVnlh0L3opjeCCq1
R7tSNrwOQloeiHNqGs5uTX5ph1jExgjrRssKg4MxoK8OlLYhJb1IMa5yjzKBbIuq
Zm97hKk+oXaW9ePeOMMDWh9ta8BEhuftmSzi1K6QSBc6woarkw8O23MbkiGBBsTT
VyZcnX3Rb+p2B1TgeRuP0uWF1/RacFxBxgnIV4nqajt63cadQwtprZHMykkxrHBS
Be5/tq+LYUmnzdlLMrDnYbhwvWYNWiB7pU2Cht8s7RiWrWx26RC/bgrQ8Soy2f/N
jX4cx0lYfpNcxSJmhxq4AqdpZgxOd5dvL1n3JTyJtNdD9R7VIrQz8Zdpy/3sOctZ
UelymraUUL/tTNO3HN81
=MmLs
-----END PGP SIGNATURE-----