Topic: [ANN] Moneypot (Discontinued) - page 2. (Read 840 times)

It is interesting idea you are using with two private keys and creating child key, but maybe you need to think of creating some hacking competition or bounty reward for people who want to try and abuse your wallet and find some bugs or maybe you should complete audit for wallet code.

thanks for your question, because this allows us to point out some of the beauty of moneypot.

So, with a regular wallet that uses BIP39, you take your mnemonic, convert it into a seed using PBKDF2, so far so good, this is what moneypot does client-side as well.

Now, moneypot does something similar to BIP32, but not exactly.

Most wallets using BIP32 would derive a master key from the seed using PBKDF2 and a salt. Then, from that master private key, they generate (mostly?!) hardened private keys while using a path like m/0/0'..


Now, what moneypot does, is that it takes your seed, and generates a private key out of it through a hash function, I assume it's mostly kind of similar to a standard BIP32 wallet up to this point. Derive the resulting public key, and you have your "xpub", or claimantGenerator.


Because moneypot is a custodial wallet, the client can't just tweak the private key by an index to then derive the adress.

What we actually do is the following (although the next step is not really related to it being a custodial wallet) : We take the private key derived from the seed, and add another private key to it. The final result serves as our "child key". The added private key is the hash of an index parameter + the previously derived private key from our seed (see above), converted to a public key. I assume this is pretty standard too for most wallets.

This function is described here.

This derivation function is equivalent to as can be seen here.
Deriving by the claimantGenerator allows you to generate addresses without access to the seed/private key, which could be useful in certain situations!

Note: This does mean that if one of your child keys + your xpub leak out, an attacker could probably access *what would be equivalent to* your "xpriv", just like all unhardened keys. However, this would only be a problem for new hookins which are accepted but not yet claimed, as the coins resulting from claims from hookins are not derived from the same private key, but rather from the wallet seed.



How do we actually do this? In the case of a public key for a deposit address, we take the private key from the seed, and we first derive it by it's purpose. In this case, it's a deposit address, so "bitcoinAddress".
After that, we take the resulting private key, and derive it again. This time we derive by the index. Let's say it's our first key, so we derive by 0.

And you get

You can check it out here
We end up with a private key that's actually a key for a yet to exist  "bitcoinAddress 0". Let's call the public key resulting from this private key "claimant bitcoinAddress 0"

However, we do not want to derive an address from this key and subsequently send this key to the custodian, because then we would not be able to prove that we initiated or signed certain actions pertaining to this address. Such as claiming coins!

So what do we do? We hash the resulting public key again, and convert the hash into a private key. From that private key, we derive the public key, and then add the public key to the custodian's fundingKey.
From the resulting public key, we derive either a nested segwit address, or native.

The database function is described here and the function to add the public keys together is described here. Although, they're not really that interesting because it still hides the abstracts away.

Now, whenever we deposit funds on bitcoinAddress 0, we send a hookin to the custodian using "claimant bitcoinAddress 0". The custodian derives the private key from "claimant bitcoinAddress 0" and can subsequently claim the bitcoins deposited on the address. Now, because the custodian does not know the private key to the claimant, only you, the client, can initiate a claim! thus making it provably-fair, as the custodian will be unable to provide a valid signature for the claimant, and thus cannot falsely claim that your coins have already been claimed.

Of course, you could also send us your claimant and ask us for a deposit address, but that solution would not be as elegant, would it? (This is exactly what we do for lightning invoices though!)

---

So, no. You cannot use any standardized third-party tool to derive your deposit addresses, for moneypot is far too "un-standard". However, it wouldn't be too hard to come up with an api to generate keys following the same derivation as the wallet does.

Let us know if anything was vague, or if it was too technical.

---

No, you're not missing much. I'd say that that is about right. Sure, there are a lot of things that can go wrong, but we believe that this could also blossom into something cool, otherwise we wouldn't have started it.
I'm not dismissing your concerns, I think they are understandable, obviously we do hope you change your mind sooner or later.

Did you mean this RHavar- https://bitcointalksearch.org/user/rhavar-389331
If I got you correctly, the domain was in control of RHavar, he sold to someone who was a scammer. Later RHavar somehow purchased the domain again and sold to you. Interesting. You didn’t know the history of the website?
Anyway, you have somehow started with a controversial domain. You have to struggle a lot if you want to stay on the market.

OK, I'm obviously missing something here.
Custodial wallet with full access to user funds
A domain with a dubious past
Newbie account on the forum

What could possibly go wrong?

I tried your wallet and got one address only, native segwit by default, to change into nested we should go to settings,

Is moneypot using BIP39 mnemonic seed? because I don't see my address when putting it in the bip39 tool, If using BIP39 seed what derivation path of address?

Thanks for answering and providing explanation, and I am not frustrated but I just posted my feedback after visiting your website and testing the wallet, so you can maybe improve some things.

As I saw in my previous posts. You start with a negative marked brand name which will make it very difficult for you to reach a good position in the market. For example, a few comments here is about some old scam moments related to your business name and we should talk about your service and how to improve it perhaps.
Month ago, maybe more, one team running giveaway content for best name suggestion for his new created altcoin. they got a lot of good and creative ideas and this is a good start even if it's just about coin name.
The good marketing program is always appreciated if you want to make your service more recognised but of course, you must have a competitive and solid quality product.

all this does not mean that I am 100% right, certainly, the decision is up to you.

Hi, yes, that was the project previously hosted on this domain. While we are not completely aware of the exact depths of their scummy behaviour, we do recognize they probably were up to no good, and have undoubtedly scammed people.

It's a complicated story as to how we got this domain, and we do not actually know entirely how it ended up in our hands.
So, in short, It originally belonged to rhavar, which used it for a gambling bankroll service slash wallet. He ended up selling that project to the abovementioned - what turned out to be - scammers.

At some point, he (or a group representing him) has bought back the domain from Monsterbyte.io (which merged with the buyers of "moneypot.com"), and we currently "lease" it from him. Note: rhavar is in no other way currently directly involved with moneypot.

So while we accept that you might want to give us this negative connotation due to the domain name, we do not believe it is right, and hope you'll view us differently over time.

I do not necessarily see how the three are correlated with each other, but there are numerous arguments why a service such as moneypot would be useful. For one, it pushes other services and bitcoin to innovate. While we recognize that extreme trust is required to use a custodial wallet, and currently, maybe ever, we are not deserving of that trust. So you're just going to have to make a decision based on the risks vs the rewards.

The risks:
 - We could scam everyone and run with the deposited funds. please note: It is impossible for us to unprovably scam any individual user, at least; that's the idea.
 - You might lose funds due to poorly implemented code.

The benefits:
 - Make transactions with enormous privacy. (every input is blinded using an established blind schnorr signature scheme.)
 - Use lightning efficiently and with privacy.
 - Make use of our cheap on-chain transactions.

You're right. There's definitely a lot of room for improvement. In your opinion, apart from using a different domain name; how could we improve how you view us?

Yes, We understand your frustration, however if you want to enjoy complete privacy, tor is more or less required. You can download the standalone tor client for windows, or install the package on linux, and then simply route all your browser traffic through
Tor is not synonymous to the Tor Browser, but this should perhaps be a bit more clear, I agree.

A VPN with a rotating IP would also suffice in most cases.

Like I said in your other topic, I don't understand why you are asking people to use TOR but website and wallet is not working with Tor browser.
It is better to remove this popup or fix the problem, and I didn't even know there is software version until I visited main website and saw that in releases.

Yeah, acts amateurish. This also: "so please come back in a week or two!"
I did not delve deeper into the analysis, but to me, all this does not inspire confidence. maybe they really have good intentions, but I think the chances of using this wallet are very low.

According to their website, they said they have purchased the domain from monsterbyte.io, what the f is this? I have no idea though. And it seems fishy to me, why would anyone with such a domain to start a custodial wallet service, at the BTC peak?

the first thing I thought too, whether these are the same fraudsters come back again or it's just a mistake. if there really is a new team behind this domain, I have to admit it was a very bad decision to use moneypot name in new business.
In essence, they start from negative, it will probably take a lot of energy and time to build a positive reputation. much more than starting with a brand new and unknown name and domain. Especially if we are still talking about the very sensitive matter as it is Bitcoin wallet.

Great to see that your wallet have a few good features including LN payments. I would be more than happy to use that, unlucky that I couldn’t test it free. Welcome, anyway.
What's the agenda you are talking with the moneypot domain? Was it used to scam previously? If so, how did you get the domain and why such a domain?
Is this- https://bitcointalksearch.org/topic/scam-scammoneypotscam-scam-officially-announced-not-to-buy-rbies-as-promised-2207833

We know, you're probably wondering; "What?! Moneypot?! Again?!"

Rest assured, we are not in any way related to the previous owners of Moneypot.com, for we have only the domain name in common.

---

Preface: Moneypot is currently in beta so we want to re-emphasize to not deposit more funds than you are willing to lose.

moneypot is a completely functional bitcoin wallet. It has all the quirks one could reasonally expect from a web wallet: feebumping, custom fees, segwit.

However, it introduces a number of new, unique features, which we think you're going to like;
 

• moneypot utilizes so-called "blind signatures", which allows the user to transact with the utmost privacy. Your inputs and outputs are cryptographically unlinked within our ecosystem.

• moneypot utilizes in-house coin selection algorithms, allowing us to not only batch transactions at scale, but we are also able to make the smartest choices when selecting inputs.

• moneypot brings lightning to the average Joe. No longer will you be required to set up your own node, or use a separate wallet for your lightning transactions. moneypot allows you to pay and generate invoices from the comfort of the same wallet you do your daily transactions with.

• moneypot is provably-honest. We will be unable to get away with duping any single person.

• moneypot offers their service at cost. Apart from very limited anti-dusting fees, all of moneypots services are ran at cost. There are no hidden fees.

• moneypot allows instant and free transfers between users.

---

What are the drawbacks?!

• moneypot is a custodial wallet. Through malice, error, or other causes, your funds* could potentially disappear at any given time, without you being at fault. Your funds as in the collective of all of the users of a custodian(s)
  

• moneypot is coded by -humans-, sentient beings, and so there might be unspotted glitches in the wallet software that could lead to a loss of funds.

---

In what scenario would I use this wallet?

We think moneypot is to be fully appreciated when used as your day-to-day wallet. Used correctly, a transaction costs as little as a regular input. And that's not even mentioning the ease with which you can use our lightning services to pay for any service or everyday goods, all while retaining full privacy.

---

FAQ:
 Why should I trust you with my bitcoins?
   - You should not. Everyone needs to assess the risk they're willing to take with their coins, and we hope we offer enough to make it worth it for you to take that risk. There is no compelling argument we can make as to why we are worthy of safe-guarding your coins, because really, we aren't.

For more frequently asked questions, you can visit our FAQ

---

How exactly does moneypot work?

In layman terms: moneypot takes the bitcoin you deposited, and returns to you a claim to a set of coins equal to the deposited amount. Only you have the keys to those coins, and you use them each time you want to make a transaction. Due to how moneypot works, we do not know your coins, nor the keys. We only know whether or not they are valid, and whether you are the actual owner of them.

For more detailed information, please check out: Overview

---

How to use

Step 1. Visit wallet.moneypot.com

Step 2. Choose a custodian (use the affiliated ones for now. See below)

Step 2.1 Choose both a password and a name. Save your password and mnemonic phrase!

Step 3. Deposit bitcoin through either lightning or a normal transaction.

Step 4. Start blazing!

---

Electron
Moneypot also offers an electron shell, should users be interested in using that. We think it could be of benefit to both your privacy and security.

For more information, please visit Releases

---

Source code

For those interested in the source code, our github repositories are publicly accessible. You are welcome to contribute, run your own custodian, or point out bugs.

For those who spot critical security vulnerabilities; please PM us here on bitcointalk or send an email to our support.

moneypot-wallet
moneypot-lib
moneypot-wallet-electron
moneypot-custodian

---

We support both TOR and clearnet for our affiliated custodians.

---

Our PGP key used to sign releases

38876AFC1172E3DFA17A84BB2E5F4A83BFE81B1B

You can import this using


Latest wallet release

---

About

~