XPUB Debacle

[GenX755]

I’m not new to BTC but not very technical ..just enough to get myself into trouble. I signed up for an exchange that offered automatic threshold withdrawals and you had an option to enter your XPUB to avoid address reuse. I opted for this and late one night I either used my Ledger or Trezor to enter my XPUB.  An automatic withdrawal was made I confirmed it, and although I noticed it was a bech32, I didn’t realize that it was odd. When I went into my Trezor,  the transaction couldn’t be found. I hooked it up to Electrum thinking that somehow the derivation was screwed up but nothing. I checked my Ledger and nothing.

I know I provided the XPUB from one of these 2 devices and most likely the Trezor. I have no idea where the bech32 address came from. The exchange says they don’t store the XPUBS and told me that a Trezor wouldn’t provide a bech32. The address and the funds are on the blockchain and have not been moved. I have not been the victim of any SIM swap or other fraud.

It wasn’t a tremendous sum but enough that it’s pretty irritating. Any thoughts other than I’m an idiot are greatly appreciated.

[nc50lc]

Try to copy a random xpub and paste it somewhere else, for example:

Code:

xpub6DBNLPKQ6DMSjMaateX5TyzgwDgoDFyxNokKQa75EMp3KkEWHm2GkM4Madx5YZUrZ49onJUYW73PSo3zRDh4N5qVKvug6WCrhmz6dFzZKr1

Check every characters if something changed because there may be a variant of "clipboard hijacking virus" that changes 'extended public keys' instead of addresses.

If not and you have no idea where you might have copied it, try to link both of your hardware wallets to Electrum, both Trezor (latest firmware) and Ledger should have "native segwit" option when creating a new wallet using a hardware device.

[bob123]

[...] I signed up for an exchange that offered automatic threshold withdrawals and you had an option to enter your XPUB to avoid address reuse.
[...] The exchange says they don’t store the XPUBS [...]

This doesn't make sense.
Why do they ask for your xpub, but don't store it afterwards.

The only explanation i could imagine is, that they derive X addresses and afterwards delete the xpub. But this doesn't make that much sense IMO.

Something seems to be odd here..


What exchange are we talking about here?

[GenX755]

It’s Swan they “don't store the xpub that you uploaded, because doing so would be a privacy issue. Instead, it statelessly generates the addresses in your browser.”

I’ve been happy with them and like their  service. I just don’t know where the BTC went and they don’t store XPUB so I’ve looked at all the possible derivation paths for the wallets on my Trezor and Ledger using Electrum, but still nothing.  The BTC is just sitting there. I’m gonna keep trying to locate where it could’ve landed the next few days.

I made the mistake of setting this up at 1:30 am and was not thinking about address types etc I saw the Bech32 address and I confirmed it so ultimately it’s on me but I just don’t know where the BTC landed.

[BitMaxz]

It’s Swan they “don't store the xpub that you uploaded, because doing so would be a privacy issue. Instead, it statelessly generates the addresses in your browser.”

I’ve been happy with them and like their  service. I just don’t know where the BTC went and they don’t store XPUB so I’ve looked at all the possible derivation paths for the wallets on my Trezor and Ledger using Electrum, but still nothing.  The BTC is just sitting there. I’m gonna keep trying to locate where it could’ve landed the next few days.

I made the mistake of setting this up at 1:30 am and was not thinking about address types etc I saw the Bech32 address and I confirmed it so ultimately it’s on me but I just don’t know where the BTC landed.

What do you mean about Swan? Swan exchange?

Can you post that the exact URL of the website here?

You might be trusting an exchange site that is unknown and made only for scamming purposes. If it's a fake exchange that is never shared here publicly it means that this exchange is a 99.9% scam. I never heard someone could retrieve all BTC from scam exchanges.

[GenX755]

They are 100% legit. I reenacted loading the YPUB to their site and I have the right YPUB and the deposit address is listed as the first address BUT I cannot pull it up and access the address and the funds. Again, I have been using BTC since 2016 but this one got me.

https://www.swanbitcoin.com/

[pooya87]

Go to https://iancoleman.io/bip39/ and enter your ypub in the "BIP32 Root Key" textbox then scroll down to "Derivation Path" section and play around with the options (it is probably the last one, BIP141, that you are looking for) to try and find the address they generated. The list of addresses are found at the bottom under "Derived Addresses".
If you found your derivation path you can then go back to your wallet and see if you can find a way to change it there. If not you can always import your mnemonic into another wallet that lets you set the derivation path such as Electrum (or even the site above BUT only offline after cloning its repository and running it on an airgap computer). Keep in mind to verify Electrum's signature if went that direction.

[bob123]

They are 100% legit. [...]
https://www.swanbitcoin.com/

Well, i don't know:

Code:

Domain Name: swanbitcoin.com
Registry Domain ID: 2466272308_DOMAIN_COM-VRSN
Updated Date: 2020-12-13T13:53:04Z
Creation Date: 2019-12-12T18:25:25Z

Why would you trust and use such an exchange if there are way better options available? I don't get it.
Even if it is an legit exchange, why use this one with no proven security or trust?

Anyways..
They have their address derivation library available on github.


You said, you saw a bech32 address?
In this case the path should be m/84'/0'/0'/0/X with X being the index (0 = first address; 1 = second address; ...).

[BitMaxz]

Actually never heard of that website but there are some users here on the forum who mention this.
Here are the two posts that I found:
- https://bitcointalk.org/index.php?topic=5267253.msg54964867#msg54964867
- https://bitcointalk.org/index.php?topic=673775.msg55565738#msg55565738

It means it's not a well-known website so there is a high chance that this site is a scam.

Anyway, if it's YPUB it starts with a "3".

What I think is if you have the XPUB from Trezor try to use this tool https://www.blockonomics.co/views/segwit_xpub_convert.html
And then try to convert it to segwit(Starts with "3") and check the result if it's the same as what you saw from swanbitcoin.

Adding this tool https://blockpath.com/wallets/local/101?action=appxpub
Use this to scan if you have addresses from your xPub/yPub with funds.


Why not check your Trezor again and maybe you don't remember that you copied the yPub instead of xPub?

Use this image below as a reference.

[FinneysTrueVision]

They are 100% legit. [...]
https://www.swanbitcoin.com/

Well, i don't know:

Code:

Domain Name: swanbitcoin.com
Registry Domain ID: 2466272308_DOMAIN_COM-VRSN
Updated Date: 2020-12-13T13:53:04Z
Creation Date: 2019-12-12T18:25:25Z

Why would you trust and use such an exchange if there are way better options available? I don't get it.
Even if it is an legit exchange, why use this one with no proven security or trust?

If you look at their team that is listed on their website it is all mostly well-known bitcoiners. I think the reason why somebody would choose them over a more established exchange is because of convenience. It is not like a traditional trading exchange. It is intended for people who want to set up a Bitcoin savings plan.

[TryNinja]

Why do they ask for your xpub, but don't store it afterwards.

The only explanation i could imagine is, that they derive X addresses and afterwards delete the xpub. But this doesn't make that much sense IMO.

[...] We use your extended public key to generate a list of addresses in your browser. We only store this list of addresses, not your extended public key.

https://help.swanbitcoin.com/hc/en-us/articles/360060455013-How-do-I-connect-my-wallet-s-extended-public-key-xpub-ypub-zpub-to-my-Swan-account-

They don't look like a scam to me. Most of the guys listed on the website are active on social media and are followed by a bunch of people I know. It's not the first time someone comes with a wallet that buys a fixed amount of BTC per week/month or round your purchases on your credit/debit card (to buy BTC). It's a cool idea if you want to stack sats while DCA'ing and not worring about logging into an exchange every week.

Your coins also go to Prime Trust, according to their FAQ.

[GenX755]

Happy New year.

Thank you for the replies.

I was able to recreate what I did and it was the YPUB not an XPUB (Just like the sample posted), and it was all bech32 addresses that were produced for wallet addresses that the funds would be sent to. The first addresses listed is where the BTC was withdrawn to, but I still cannot locate the BTC via Electrum. I must be screwing up the derivation path. I'm putting in m/84'/0'/X' (X representing the account # on my Trezor) but nothing.
I used Swan because they are good to stack (daily/weekly) and just automatically have it sent to cold storage. Instead of selecting most compatible I chose cheapest transaction cost which is why it was sent to the bech32.

I will use the tools provided to see if I can sort out how to get my hands on the BTC. 

[nc50lc]

-snip- I must be screwing up the derivation path. I'm putting in m/84'/0'/X' (X representing the account # on my Trezor) but nothing.

In Electrum, if you didn't selected "native segwit" prior to editing the derivation path to m/84'/0'/x', it will still create a wallet with legacy/p2sh-segwit addresses depending on what's selected.
It's worth the try.

[bob123]

They don't look like a scam to me.

Regardless of whether they have bad intentions or not.
I wouldn't trust a new exchange with no history, no security audits, nothing.

When trusting a centralized service with your money, i'd at least go for trusted ones with good security practices which exist longer than a year.

[HCP]

I was able to recreate what I did and it was the YPUB not an XPUB (Just like the sample posted), and it was all bech32 addresses that were produced for wallet addresses that the funds would be sent to.

This is indeed quite confusing....

XPUB = Legacy ("1" type) Addresses
YPUB = Nested SegWit ("3" type) Addresses
ZPUB = Native SegWit ("bc1" type) bech32 Addresses

Quite how you got bech32 addresses from a YPUB master public key is a mystery... it would point to some sort of issue within the code/library generating the addresses, as it is technically doing "non-standard" things

I must be screwing up the derivation path. I'm putting in m/84'/0'/X' (X representing the account # on my Trezor) but nothing.

Note that "X" should not be the same as the account # in the Trezor wallet... the derivation path is 0-indexed... so "Account #1" on the Trezor is actually m/84'/0'/0'... "Account #2" would be m/84'/0'/1' etc.

[GenX755]

They don't look like a scam to me.

Regardless of whether they have bad intentions or not.
I wouldn't trust a new exchange with no history, no security audits, nothing.

When trusting a centralized service with your money, i'd at least go for trusted ones with good security practices which exist longer than a year.

I understand. Ironically my intentions were pure to go with a smaller startup that is more grass roots bitcoin only. And the people behind it are reputable I just hope that my issue is not some type of their code/library issue like HCP indicated.

[GenX755]

I was able to recreate what I did and it was the YPUB not an XPUB (Just like the sample posted), and it was all bech32 addresses that were produced for wallet addresses that the funds would be sent to.

This is indeed quite confusing....

XPUB = Legacy ("1" type) Addresses
YPUB = Nested SegWit ("3" type) Addresses
ZPUB = Native SegWit ("bc1" type) bech32 Addresses

Quite how you got bech32 addresses from a YPUB master public key is a mystery... it would point to some sort of issue within the code/library generating the addresses, as it is technically doing "non-standard" things

I must be screwing up the derivation path. I'm putting in m/84'/0'/X' (X representing the account # on my Trezor) but nothing.

Note that "X" should not be the same as the account # in the Trezor wallet... the derivation path is 0-indexed... so "Account #1" on the Trezor is actually m/84'/0'/0'... "Account #2" would be m/84'/0'/1' etc.

So I emailed them to get this raised up because I am concerned that this point that this is just not operator error (me). I put in the derivation as you listed above and nothing. I used the Ian Coleman tool offline and generated the YPUB that I had uploaded to them and it only produces "Nested SegWit" (3 type) so I do not know how they got a bech32 from the YPUB ? I still created the ZPUB corresponding with my Trezor just to see and that address that they sent the BTC to was not produced. So I think I have a problem. I have emailed them and they are raising it but I really thank everyone who responded for at least confirming that I am not just making some obvious error.

The BTC is just sitting in the wallet.

Regardless of what happens I will update this thread with the outcome.

[pooya87]

so I do not know how they got a bech32 from the YPUB ?

xpub, ypub, zpub strings don't add any kind of restriction on the type of address that can be derived from the extended key. They are more like guidelines, otherwise the actual data they contain (public key + chaincode) that is used in deriving keys is the same for all of them. The interpreter has to check the version int and decide which address type to derive from that data, which it fails in this case to check it.

[GenX755]

so I do not know how they got a bech32 from the YPUB ?

xpub, ypub, zpub strings don't add any kind of restriction on the type of address that can be derived from the extended key. They are more like guidelines, otherwise the actual data they contain (public key + chaincode) that is used in deriving keys is the same for all of them. The interpreter has to check the version int and decide which address type to derive from that data, which it fails in this case to check it.

Thank you. I didn’t really know that was possible. So my question is how’d I locate the BTC? That seems to be what they did they took my YPUB created a Bech32 series of addresses but I can’t recover it. Is this only something that Swan can tell me because for me it’s a needle in a haystack scenario?

[pooya87]

Is this only something that Swan can tell me because for me it’s a needle in a haystack scenario?

Yes, that is something that they can tell you easily by knowing how their platform works under the hood. Otherwise you will have to go through the most common derivation paths one by one to see if you can reproduce the same address. That is assuming their system didn't have any bugs and didn't give you a wrong key that can't be reproduced through conventional methods.