Seems like a good result all around. You've managed to secure your coins and the service is going to update their UI to hopefully prevent a similar situation from occurring for other users in the future.
Topic: XPUB Debacle (Read 564 times)
I was able to locate the address on Ian Coleman by using my YPUB in the BIP32 Root Key and then going to BIP 141 and changing the Script Semantics to P2WPKH and the address is there
In addition to the depth field as per the decoded key in pooya's post... When you put the YPUB in as the BIP32 Root Key, what is the "BIP32 derivation path" showing under the "BIP141" when you can see your address? 
So I cheated, I had a more technical friend help me out and ultimately as discussed he made me find it using the Bip 32 Root key derived from my YPUB and going to Bip 141 and then if we changed the script semantics to P2WPKH the address was there. He then had me upload my mnemonic offline and get the private key for that specific address and we imported it into Electrum and got it out.
According to the exchange "We convert the extended public key according to the user selection (3... or bc1...), because the x/y/z stuff is not set in stone but a loose convention. For example, some wallets produce "x"pubs even though they should by "z"pubs - so we can't rely on the "x" or "y" or "z" input. Therefore the user's selection is very important. Since you selected bc1 here, it impacted our derivation path."
They said they will make a change to their service and make users type and confirm the address prior to approving the Y/XPUB.
I was able to locate the address on Ian Coleman by using my YPUB in the BIP32 Root Key and then going to BIP 141 and changing the Script Semantics to P2WPKH and the address is there
In addition to the depth field as per the decoded key in pooya's post... When you put the YPUB in as the BIP32 Root Key, what is the "BIP32 derivation path" showing under the "BIP141" when you can see your address? 
I was able to locate the address on Ian Coleman by using my YPUB in the BIP32 Root Key and then going to BIP 141 and changing the Script Semantics to P2WPKH and the address is there, but when I put my mnemonic in to try and get the private key it changes the paths and I cannot pull of the private key for the address which I hoped to import into Electrum and get the BTC the hell out of there..I guess I am getting closer..
You are very close.My guess is that you have a problem with the depth of the ypub itself, it may not have been the "master" pubkey at depth 0 but at some other depth that you used.
Use a tool to decode the ypub that shows you the depth, if you don't know any you could use an online base58 decoder and interpret the hex yourself. Like this one: https://www.appdevtools.com/base58-encoder-decoder Do NOT enter anything other than ypub here.
Example:
Code:
ypub6QqdH2c5z7967TFWm6bgcp1nxooAg5p1rwAngYcyiyWozfvvHGpJHfq9mwPy6AyDmr7QXdxFdQYgr2H2b7hWu9RDhusLx9kEXaLbDnZ9Anq
hex:Code:
049d7cb2000000000000000000a222b3f337dd34b5129581402f2931902491ceceb6c9d38b10f4f1de92d1a4fc02ccab98f8e37f203b9f2d45886a2463d33d47d056c6d7c50d847b1cb8b448caa6680cae06
049d7cb2 is version, ignore that.the next 2 characters (1 byte) is your depth. Here it is 00 so the depth is 0 and your paths are the same when you use your mnemonic
But
Code:
ypub6VLYPwH5724FUcGxDt4vNZBY9siFuTuXFQu2DC7LH2JVsYHyALB8d3c3aPCnrKuKKVYco41SCMw36pAYexRusZnruy2Ma86FJqgtNWrXfyT
Code:
049d7cb20264084c48000000006fd6f0d01ff8d8c2ee9bbf65f6e79f0ef8023cd76dcf1da44478c658e27e12f9020cc7fb0e5fd07d658a07f5bef431cb61ca89e6a76d125fe168298407f2b291a62f7009c2
049d7cb2 again is version, ignore it.Depth is 02 so your depth is 2 and your paths are m/X/Y/{the_rest}.
So for example if you saw your address using your yprv at m/0/0/0 you have to change it to m/X/Y/0/0/0
If that's the case then your other challenge would be figuring out what X and Y are.
Is this only something that Swan can tell me because for me it’s a needle in a haystack scenario?
Yes, that is something that they can tell you easily by knowing how their platform works under the hood. Otherwise you will have to go through the most common derivation paths one by one to see if you can reproduce the same address. That is assuming their system didn't have any bugs and didn't give you a wrong key that can't be reproduced through conventional methods.I was able to locate the address on Ian Coleman by using my YPUB in the BIP32 Root Key and then going to BIP 141 and changing the Script Semantics to P2WPKH and the address is there, but when I put my mnemonic in to try and get the private key it changes the paths and I cannot pull of the private key for the address which I hoped to import into Electrum and get the BTC the hell out of there..I guess I am getting closer..
Is this only something that Swan can tell me because for me it’s a needle in a haystack scenario?
Yes, that is something that they can tell you easily by knowing how their platform works under the hood. Otherwise you will have to go through the most common derivation paths one by one to see if you can reproduce the same address. That is assuming their system didn't have any bugs and didn't give you a wrong key that can't be reproduced through conventional methods.Got it. I’ll keep you posted they are looking into it Monday.
Is this only something that Swan can tell me because for me it’s a needle in a haystack scenario?
Yes, that is something that they can tell you easily by knowing how their platform works under the hood. Otherwise you will have to go through the most common derivation paths one by one to see if you can reproduce the same address. That is assuming their system didn't have any bugs and didn't give you a wrong key that can't be reproduced through conventional methods. so I do not know how they got a bech32 from the YPUB ?
xpub, ypub, zpub strings don't add any kind of restriction on the type of address that can be derived from the extended key. They are more like guidelines, otherwise the actual data they contain (public key + chaincode) that is used in deriving keys is the same for all of them. The interpreter has to check the version int and decide which address type to derive from that data, which it fails in this case to check it.
Thank you. I didn’t really know that was possible. So my question is how’d I locate the BTC? That seems to be what they did they took my YPUB created a Bech32 series of addresses but I can’t recover it. Is this only something that Swan can tell me because for me it’s a needle in a haystack scenario?
so I do not know how they got a bech32 from the YPUB ?
xpub, ypub, zpub strings don't add any kind of restriction on the type of address that can be derived from the extended key. They are more like guidelines, otherwise the actual data they contain (public key + chaincode) that is used in deriving keys is the same for all of them. The interpreter has to check the version int and decide which address type to derive from that data, which it fails in this case to check it.
I was able to recreate what I did and it was the YPUB not an XPUB (Just like the sample posted), and it was all bech32 addresses that were produced for wallet addresses that the funds would be sent to.
This is indeed quite confusing....XPUB = Legacy ("1" type) Addresses
YPUB = Nested SegWit ("3" type) Addresses
ZPUB = Native SegWit ("bc1" type) bech32 Addresses
Quite how you got bech32 addresses from a YPUB master public key is a mystery... it would point to some sort of issue within the code/library generating the addresses, as it is technically doing "non-standard" things
I must be screwing up the derivation path. I'm putting in m/84'/0'/X' (X representing the account # on my Trezor) but nothing.
Note that "X" should not be the same as the account # in the Trezor wallet... the derivation path is 0-indexed... so "Account #1" on the Trezor is actually m/84'/0'/0'... "Account #2" would be m/84'/0'/1' etc.So I emailed them to get this raised up because I am concerned that this point that this is just not operator error (me). I put in the derivation as you listed above and nothing. I used the Ian Coleman tool offline and generated the YPUB that I had uploaded to them and it only produces "Nested SegWit" (3 type) so I do not know how they got a bech32 from the YPUB ? I still created the ZPUB corresponding with my Trezor just to see and that address that they sent the BTC to was not produced. So I think I have a problem. I have emailed them and they are raising it but I really thank everyone who responded for at least confirming that I am not just making some obvious error.
The BTC is just sitting in the wallet.
Regardless of what happens I will update this thread with the outcome.
They don't look like a scam to me.
Regardless of whether they have bad intentions or not.
I wouldn't trust a new exchange with no history, no security audits, nothing.
When trusting a centralized service with your money, i'd at least go for trusted ones with good security practices which exist longer than a year.
I understand. Ironically my intentions were pure to go with a smaller startup that is more grass roots bitcoin only. And the people behind it are reputable I just hope that my issue is not some type of their code/library issue like HCP indicated.
I was able to recreate what I did and it was the YPUB not an XPUB (Just like the sample posted), and it was all bech32 addresses that were produced for wallet addresses that the funds would be sent to.
This is indeed quite confusing....XPUB = Legacy ("1" type) Addresses
YPUB = Nested SegWit ("3" type) Addresses
ZPUB = Native SegWit ("bc1" type) bech32 Addresses
Quite how you got bech32 addresses from a YPUB master public key is a mystery... it would point to some sort of issue within the code/library generating the addresses, as it is technically doing "non-standard" things
I must be screwing up the derivation path. I'm putting in m/84'/0'/X' (X representing the account # on my Trezor) but nothing.
Note that "X" should not be the same as the account # in the Trezor wallet... the derivation path is 0-indexed... so "Account #1" on the Trezor is actually m/84'/0'/0'... "Account #2" would be m/84'/0'/1' etc. 
They don't look like a scam to me.
Regardless of whether they have bad intentions or not.
I wouldn't trust a new exchange with no history, no security audits, nothing.
When trusting a centralized service with your money, i'd at least go for trusted ones with good security practices which exist longer than a year.
-snip- I must be screwing up the derivation path. I'm putting in m/84'/0'/X' (X representing the account # on my Trezor) but nothing.
In Electrum, if you didn't selected "native segwit" prior to editing the derivation path to m/84'/0'/x', it will still create a wallet with legacy/p2sh-segwit addresses depending on what's selected.It's worth the try.
Happy New year.
Thank you for the replies.
I was able to recreate what I did and it was the YPUB not an XPUB (Just like the sample posted), and it was all bech32 addresses that were produced for wallet addresses that the funds would be sent to. The first addresses listed is where the BTC was withdrawn to, but I still cannot locate the BTC via Electrum. I must be screwing up the derivation path. I'm putting in m/84'/0'/X' (X representing the account # on my Trezor) but nothing.
I used Swan because they are good to stack (daily/weekly) and just automatically have it sent to cold storage. Instead of selecting most compatible I chose cheapest transaction cost which is why it was sent to the bech32.
I will use the tools provided to see if I can sort out how to get my hands on the BTC.
Thank you for the replies.
I was able to recreate what I did and it was the YPUB not an XPUB (Just like the sample posted), and it was all bech32 addresses that were produced for wallet addresses that the funds would be sent to. The first addresses listed is where the BTC was withdrawn to, but I still cannot locate the BTC via Electrum. I must be screwing up the derivation path. I'm putting in m/84'/0'/X' (X representing the account # on my Trezor) but nothing.
I used Swan because they are good to stack (daily/weekly) and just automatically have it sent to cold storage. Instead of selecting most compatible I chose cheapest transaction cost which is why it was sent to the bech32.
I will use the tools provided to see if I can sort out how to get my hands on the BTC.
Why do they ask for your xpub, but don't store it afterwards.
The only explanation i could imagine is, that they derive X addresses and afterwards delete the xpub. But this doesn't make that much sense IMO.
The only explanation i could imagine is, that they derive X addresses and afterwards delete the xpub. But this doesn't make that much sense IMO.
Quote
[...] We use your extended public key to generate a list of addresses in your browser. We only store this list of addresses, not your extended public key.
https://help.swanbitcoin.com/hc/en-us/articles/360060455013-How-do-I-connect-my-wallet-s-extended-public-key-xpub-ypub-zpub-to-my-Swan-account-They don't look like a scam to me. Most of the guys listed on the website are active on social media and are followed by a bunch of people I know. It's not the first time someone comes with a wallet that buys a fixed amount of BTC per week/month or round your purchases on your credit/debit card (to buy BTC). It's a cool idea if you want to stack sats while DCA'ing and not worring about logging into an exchange every week.
Your coins also go to Prime Trust, according to their FAQ.
Well, i don't know:
Code:
Domain Name: swanbitcoin.com
Registry Domain ID: 2466272308_DOMAIN_COM-VRSN
Updated Date: 2020-12-13T13:53:04Z
Creation Date: 2019-12-12T18:25:25Z
Why would you trust and use such an exchange if there are way better options available? I don't get it.
Even if it is an legit exchange, why use this one with no proven security or trust?
If you look at their team that is listed on their website it is all mostly well-known bitcoiners. I think the reason why somebody would choose them over a more established exchange is because of convenience. It is not like a traditional trading exchange. It is intended for people who want to set up a Bitcoin savings plan.
Actually never heard of that website but there are some users here on the forum who mention this.
Here are the two posts that I found:
- https://bitcointalksearch.org/topic/m.54964867
- https://bitcointalksearch.org/topic/m.55565738
It means it's not a well-known website so there is a high chance that this site is a scam.
Anyway, if it's YPUB it starts with a "3".
What I think is if you have the XPUB from Trezor try to use this tool https://www.blockonomics.co/views/segwit_xpub_convert.html
And then try to convert it to segwit(Starts with "3") and check the result if it's the same as what you saw from swanbitcoin.
Adding this tool https://blockpath.com/wallets/local/101?action=appxpub
Use this to scan if you have addresses from your xPub/yPub with funds.
Why not check your Trezor again and maybe you don't remember that you copied the yPub instead of xPub?
Use this image below as a reference.
Here are the two posts that I found:
- https://bitcointalksearch.org/topic/m.54964867
- https://bitcointalksearch.org/topic/m.55565738
It means it's not a well-known website so there is a high chance that this site is a scam.
Anyway, if it's YPUB it starts with a "3".
What I think is if you have the XPUB from Trezor try to use this tool https://www.blockonomics.co/views/segwit_xpub_convert.html
And then try to convert it to segwit(Starts with "3") and check the result if it's the same as what you saw from swanbitcoin.
Adding this tool https://blockpath.com/wallets/local/101?action=appxpub
Use this to scan if you have addresses from your xPub/yPub with funds.
Why not check your Trezor again and maybe you don't remember that you copied the yPub instead of xPub?
Use this image below as a reference.
Well, i don't know:
Code:
Domain Name: swanbitcoin.com
Registry Domain ID: 2466272308_DOMAIN_COM-VRSN
Updated Date: 2020-12-13T13:53:04Z
Creation Date: 2019-12-12T18:25:25Z
Why would you trust and use such an exchange if there are way better options available? I don't get it.
Even if it is an legit exchange, why use this one with no proven security or trust?
Anyways..
They have their address derivation library available on github.
You said, you saw a bech32 address?
In this case the path should be m/84'/0'/0'/0/X with X being the index (0 = first address; 1 = second address; ...).
Go to https://iancoleman.io/bip39/ and enter your ypub in the "BIP32 Root Key" textbox then scroll down to "Derivation Path" section and play around with the options (it is probably the last one, BIP141, that you are looking for) to try and find the address they generated. The list of addresses are found at the bottom under "Derived Addresses".
If you found your derivation path you can then go back to your wallet and see if you can find a way to change it there. If not you can always import your mnemonic into another wallet that lets you set the derivation path such as Electrum (or even the site above BUT only offline after cloning its repository and running it on an airgap computer). Keep in mind to verify Electrum's signature if went that direction.
If you found your derivation path you can then go back to your wallet and see if you can find a way to change it there. If not you can always import your mnemonic into another wallet that lets you set the derivation path such as Electrum (or even the site above BUT only offline after cloning its repository and running it on an airgap computer). Keep in mind to verify Electrum's signature if went that direction.
Jump to: