At the left hand side you see the master key, all adresses are derived from this master key (simply put by adding a counter). Tools like walletexplorer.com are capable of backtracing adresses to their master seed.
Incorrect. You CANNOT backtrace addresses to a master seed. Addresses are NOT generated by “simply” adding a counter: The counter (index
i in the standard) is run through HMAC-SHA512, together with data that are not available from blockchain transaction data. Can you invert HMAC-SHA512?
Please do not spread grossly wrong technical misinformation about
BIP 32 Hierarchical Deterministic Wallets.
There are ways that blockchain analysis companies can infer addresses to be part of the same HD wallet. Those who use proper privacy practices are immune to this. For example, you will never be able to correlate the addresses in
my HD wallets. BIP 32 itself does not have any privacy problems.
P.S., your
coinsutra.com link blocks Tor with 403 Forbidden. I could not review the article that you linked. I hope that they are not claiming that HD wallet addresses can be “backtraced”!
Edit—with thanks to Lakai01 for the courteous followup:
Perhaps I should not have come off so harshly. I am undoubtedly a curmudgeon, after too much experience dealing with people who insist on spreading wrong information. And here, there are real potential consequences to something that came off as FUD on HD wallets.
If newbies see that, and decide to try to figure out how to run an old-fashioned keypool instead of using an HD wallet, then they are at risk of losing money to disk crashes, etc. due to the practical difficulty of keeping up-to-date backups of a non-HD wallet. And they
still will not have privacy: From a blockchain analyst’s perspective, there is
no difference between an HD wallet, and a wallet of addresses from randomly generated keys.
I actually do not know why the site here is referring to an “HD wallet”. I have seen other explorer sites that simply refer to correlated addresses as “wallets”.
The common ownership heuristics used to do these correlations are quite reliable, outside unusual scenarios. For someone juggling over a hundred accounts for the purpose of cheating, it would require considerable expertise to avoid getting busted this way.
For obvious reasons, I am not inclined to provide a “how to not get busted” guide on a thread where a cheater was busted with blockchain evidence. For safety’s sake, however, I will advise people to keep an HD wallet xpub (extended public key, or what Electrum calls a “master public key”) almost as confidential as a private key. That was not the issue here. It’s just good general advice—not only for privacy, but also for security insofar as an xpub together with a single non-hardened child address’ private key can be used to recover the corresponding xpriv, and thus all private keys descending from the same “master key”. BIP 32 explicitly warns about this, and provides hardened derivations for this exact reason. BIP 32 hardened child keys do NOT have this issue. — Aside, I should also remark that an HD wallet is not necessarily generated from mnemonic seed phrases. BIP 32 itself generates an HD wallet from a pseudorandom binary seed of 128–512 bits. A seed phrase can be used to generate the input for BIP 32; there are several schemes for secure seed phrases, including BIP 39 and Electrum’s Seed Version System. A secure seed phrase must be randomly generated according to such a scheme; it is not the same as a “brainwallet”, which is insecure and should never be used.
