Bitcoin Q&A: Derivation Paths and Watch-Only Wallets

"I tried to recover a wallet with my BIP-39 mnemonic
seed. The wallet balance is showing zero [bitcoin]. "I am quite annoyed, obviously.
The backup was done carefully." "When I look up the receive address on
a block explorer, the coins have not moved." "Is there a way that I could verify that my
receive address is linked to my mnemonic seed?" "Is it possible that my wallets [are malfunctioning]?
I have tried both Samourai Mycelium." "[Would they] take multiple days to
update the balance [information]?" There are lots of questions packed in there.
This is a common problem, and you must be…

[aware of something] when
you are [making seed backups]. It is often very useful to make a note of
which wallet you use to initiate the seed. There are three aspects to recovering a seed. First, the seed itself. Obviously, you need to
have your 12 or 24 words in the correct order. They have a checksum, so you will know
whether it is the correct mnemonic seed. Your wallet will not accept it if [the words] are not
in the correct order and the checksum doesn't match. You've made it this far if you have been able
to import the mnemonic seed into a wallet. The seed is okay. Now, how does the wallet take
that seed and generate the receive addresses? It uses two additional pieces of information.
One is a potential passphrase.

In the comments, other people have
responded that this may be an issue. If you used a passphrase, a common security
mechanism, in addition to the mnemonic seed… People do this in order to have a second factor, when
they are worried about the physical security of the seed. If they are not sure that they
can keep the mnemonic secure. In your living situation, you might
have roommates that you don't trust. You might not be in a physically secure location or
somewhere to store your seed, like a safe deposit box. Maybe then you will need a second factor. If you have set a passphrase, in order to restore your
mnemonic, you also need to re-apply the passphrase.

Every passphrase you use will generate a different set
of receive addresses from the same mnemonic seed. The mnemonic seed plus passphrase 'A'
will generate one set of addresses; mnemonic seed plus passphrase 'B'
will generate a different set of addresses. A mnemonic seed without a passphrase
will generate a third set of addresses. If you are not seeing the addresses that
you expected, or there is no balance in them, then you may be entering the passphrase [incorrectly]. Keep in mind: with BIP-39 mnemonic seeds,
there is no such thing as a "wrong" passphrase. Every passphrase generates some addresses. The passphrase will simply generate
[a different set] you have never used, because you typed it differently than before,
and you will end up at a zero-balance address. Of course, if you just use random passphrases,
you will end up with a random [set of] addresses, which have not been used and have no balance.

So, if you are not seeing a balance, one possibility
is that you have mis-typed your passphrase, or you used a passphrase before, but didn't
enter one [this time], which [has the same result]. Finally, the third aspect of this is,
when a mnemonic seed is converted into addresses, it uses what is known as a derivation path. A derivation path looks like a string of numbers.
For example, you might see something like… m/44'/0'/0'. That is a derivation path, which is telling
the wallet that in order to arrive at a specific address, you must use the master private key
generated by the mnemonic seed, and derive the 44th hardened sub-address.

From that, the 0th (or first) hardened sub-address,
and then the 0th hardened sub-address of that. You don't need to worry about the details. The point is, if you use a different derivation
path from the one you used to [initiate the seed], you will end up at a different set of addresses
that haven't been used, with zero balance. How do you know which derivation path is
used by your wallet? There are standards. m/44'/ (44 prime), for example, is a specific standard
defined under BIP-44, which is for multi-currency… and multi-account personal wallet. It has a specific purpose and derivation path
that is a common standard across many wallets. It is the one you are most likely to use. But if you are deriving SegWit addresses, such
as SegWit wrapped in P2SH that starts with a '3,' they will be derived from a different path than
the traditional bitcoin addresses starting with '1.' If you are generating native SegWit addresses,
which starts with 'bc1,' that will also be derived…

On a different path from both traditional addresses
and SegWit wrapped in P2SH addresses. The bottom line is, if you are arriving at addresses
with no balance, the most likely reason is, you are using a different derivation path than the
one you used originally [when initiating the seed]… and moved money into those addresses. How do you find the correct receive addresses?
Try several different standard derivation paths, or try to remember which wallet you used
and [look up] which derivation path they use. Of course, the money has not gone anywhere.
It is still there. If your seed was transcribed accurately, and you remember your passphrase, you will
not lose anything. [The bitcoin] is still there. You just need to figure out where on the
derivation path [the right addresses] might be. Good luck with that. One more thing I will say… You asked, "Is it possible that the wallet
takes multiple days to update the balance?" With the wallets you listed, Samourai
and Mycelium, it should not take that long.

Those wallets are not syncing a full blockchain.
They are using third-party servers to look up… the balance of addresses and UTXO sets. It does not take [several days]. It may take ten minutes
to re-scan the wallet, but it should not take days. You should see an option within
the settings to re-scan the wallet. Let's go back to the chat room
and see how things are going. "Is there a security risk in monitoring the
balance [of funds] on a hardware wallet… with a watch-only [client] using the master public key?" "Similarly, is there a security benefit to splitting
funds between a [spending] hardware wallet, for regular use, and a savings hardware wallet,
which is rarely connected to a computer?" Good questions here. There is no security risk persay to
using a watch-only wallet using the master public key. In fact, you wouldn't be using the master public key.
You would be using a hardened derivation xPub, an xPub that derives to a specific account,
perhaps m/44'/0'/0'/0', which is the first receive address… of the first account of the first currency in a
multi-currency, multi-account derivation path.

It is a hardened public key that
is derived three levels down, which is usually what your
hardware wallet would export. If you ask it to export an xPub, that is
what it will give you, not the root xPub. It is not insecure to use that on another computer.
However, there is a privacy risk. Anyone with access to the computer watching these
funds will how much money you have on that seed. They may change their opinion as to
how much risk they are willing to take… to compromise your security
in order to steal those funds. If they thought you had $100 of bitcoin, then look at
your xPub and see that you have $100 million of bitcoin, they will take a different set of
risks to compromise that seed. So there is a privacy risk to that.
However, you can [find ways to mitigate that].

There is no technical security risk with exporting
a master public key that is appropriately hardened. Is there a security benefit to splitting funds between
multiple hardware wallets or multiple seeds? To a certain degree, there is.
You must strike a careful balance. For example, I do believe there is good reason to
have one seed that you use for cold, cold storage, which is not even [instantiated] on a hardware wallet. You would only have it as a paper backup or another
fixed medium, like etched or stamped in steel. [You should keep] multiple copies, and not [instantiate]
them in a wallet unless you absolutely need to. That is a slightly higher level of security.

Of course, you might have a passphrase to
protect that really cold storage seed as well. Then you would also have a device
that you use for everyday operations. For example, if you are running a business with
cryptocurrencies and need an operating budget… to pay salaries and contractors, receive [invoices],
you would use this hardware wallet every single day. That would be more of a "checking"
or spending hardware wallet, if you like.

I do that and certainly believe there is good reason to.
Now, how far to you take that [compartmentalization]? If one [device or seed] is good, and two is better,
is three or four best? How about one hundred? Then you encounter other problems. For every
new seed you create, you need a robust backup plan. You need to figure out where to store it, then
audit and track where the backup copies are. You will need to do inheritance and
continuity planning for your businesses, etc. The more [seeds or devices] you have,
the more complex that becomes. There is no significant advantage to having
more than two, because then you at least have… one [wallet] that is warm, and one that is very cold. Creating other levels doesn't really make sense. There is rarely a need to split
a large amount across multiple seeds..

You May Also Like