Pages:
Author

Topic: XPUB Debacle (Read 576 times)

HCP
legendary
Activity: 2086
Merit: 4361
January 07, 2021, 01:12:42 PM
#26
Seems like a good result all around. You've managed to secure your coins and the service is going to update their UI to hopefully prevent a similar situation from occurring for other users in the future.
newbie
Activity: 10
Merit: 4
January 07, 2021, 12:25:06 AM
#25
I was able to locate the address on Ian Coleman by using my YPUB in the BIP32 Root Key and then going to BIP 141 and changing the Script Semantics to P2WPKH and the address is there
In addition to the depth field as per the decoded key in pooya's post... When you put the YPUB in as the BIP32 Root Key, what is the "BIP32 derivation path" showing under the "BIP141" when you can see your address? Huh

So I cheated, I had a more technical friend help me out and ultimately as discussed he made me find it using the Bip 32 Root key derived from my YPUB and going to Bip 141 and then if we changed the script semantics to P2WPKH the address was there. He then had me upload my mnemonic offline and get the private key for that specific address and we imported it into Electrum and got it out.

According to the exchange "We convert the extended public key according to the user selection (3... or bc1...), because the x/y/z stuff is not set in stone but a loose convention. For example, some wallets produce "x"pubs even though they should by "z"pubs - so we can't rely on the "x" or "y" or "z" input. Therefore the user's selection is very important. Since you selected bc1 here, it impacted our derivation path."

They said they will make a change to their service and make users type and confirm the address prior to approving the Y/XPUB.
HCP
legendary
Activity: 2086
Merit: 4361
January 05, 2021, 03:24:39 PM
#24
I was able to locate the address on Ian Coleman by using my YPUB in the BIP32 Root Key and then going to BIP 141 and changing the Script Semantics to P2WPKH and the address is there
In addition to the depth field as per the decoded key in pooya's post... When you put the YPUB in as the BIP32 Root Key, what is the "BIP32 derivation path" showing under the "BIP141" when you can see your address? Huh
legendary
Activity: 3472
Merit: 10611
January 04, 2021, 02:27:21 AM
#23
I was able to locate the address on Ian Coleman by using my YPUB in the BIP32 Root Key and then going to BIP 141 and changing the Script Semantics to P2WPKH and the address is there, but when I put my mnemonic in to try and get the private key it changes the paths and I cannot pull of the private key for the address which I hoped to import into Electrum and get the BTC the hell out of there..I guess I am getting closer..
You are very close.
My guess is that you have a problem with the depth of the ypub itself, it may not have been the "master" pubkey at depth 0 but at some other depth that you used.
Use a tool to decode the ypub that shows you the depth, if you don't know any you could use an online base58 decoder and interpret the hex yourself. Like this one: https://www.appdevtools.com/base58-encoder-decoder Do NOT enter anything other than ypub here.

Example:
Code:
ypub6QqdH2c5z7967TFWm6bgcp1nxooAg5p1rwAngYcyiyWozfvvHGpJHfq9mwPy6AyDmr7QXdxFdQYgr2H2b7hWu9RDhusLx9kEXaLbDnZ9Anq
hex:
Code:
049d7cb2000000000000000000a222b3f337dd34b5129581402f2931902491ceceb6c9d38b10f4f1de92d1a4fc02ccab98f8e37f203b9f2d45886a2463d33d47d056c6d7c50d847b1cb8b448caa6680cae06
049d7cb2 is version, ignore that.
the next 2 characters (1 byte) is your depth. Here it is 00 so the depth is 0 and your paths are the same when you use your mnemonic

But
Code:
ypub6VLYPwH5724FUcGxDt4vNZBY9siFuTuXFQu2DC7LH2JVsYHyALB8d3c3aPCnrKuKKVYco41SCMw36pAYexRusZnruy2Ma86FJqgtNWrXfyT
Code:
049d7cb20264084c48000000006fd6f0d01ff8d8c2ee9bbf65f6e79f0ef8023cd76dcf1da44478c658e27e12f9020cc7fb0e5fd07d658a07f5bef431cb61ca89e6a76d125fe168298407f2b291a62f7009c2
049d7cb2 again is version, ignore it.
Depth is 02 so your depth is 2 and your paths are m/X/Y/{the_rest}.
So for example if you saw your address using your yprv at m/0/0/0 you have to change it to m/X/Y/0/0/0

If that's the case then your other challenge would be figuring out what X and Y are.
newbie
Activity: 10
Merit: 4
January 04, 2021, 02:06:59 AM
#22
Is this only something that Swan can tell me because for me it’s a needle in a haystack scenario?
Yes, that is something that they can tell you easily by knowing how their platform works under the hood. Otherwise you will have to go through the most common derivation paths one by one to see if you can reproduce the same address. That is assuming their system didn't have any bugs and didn't give you a wrong key that can't be reproduced through conventional methods.


I was able to locate the address on Ian Coleman by using my YPUB in the BIP32 Root Key and then going to BIP 141 and changing the Script Semantics to P2WPKH and the address is there, but when I put my mnemonic in to try and get the private key it changes the paths and I cannot pull of the private key for the address which I hoped to import into Electrum and get the BTC the hell out of there..I guess I am getting closer..
newbie
Activity: 10
Merit: 4
January 03, 2021, 10:22:43 AM
#21
Is this only something that Swan can tell me because for me it’s a needle in a haystack scenario?
Yes, that is something that they can tell you easily by knowing how their platform works under the hood. Otherwise you will have to go through the most common derivation paths one by one to see if you can reproduce the same address. That is assuming their system didn't have any bugs and didn't give you a wrong key that can't be reproduced through conventional methods.

Got it. I’ll keep you posted they are looking into it Monday.
legendary
Activity: 3472
Merit: 10611
January 03, 2021, 01:55:37 AM
#20
Is this only something that Swan can tell me because for me it’s a needle in a haystack scenario?
Yes, that is something that they can tell you easily by knowing how their platform works under the hood. Otherwise you will have to go through the most common derivation paths one by one to see if you can reproduce the same address. That is assuming their system didn't have any bugs and didn't give you a wrong key that can't be reproduced through conventional methods.
newbie
Activity: 10
Merit: 4
January 03, 2021, 01:34:05 AM
#19
so I do not know how they got a bech32 from the YPUB ?

xpub, ypub, zpub strings don't add any kind of restriction on the type of address that can be derived from the extended key. They are more like guidelines, otherwise the actual data they contain (public key + chaincode) that is used in deriving keys is the same for all of them. The interpreter has to check the version int and decide which address type to derive from that data, which it fails in this case to check it.

Thank you. I didn’t really know that was possible. So my question is how’d I locate the BTC? That seems to be what they did they took my YPUB created a Bech32 series of addresses but I can’t recover it. Is this only something that Swan can tell me because for me it’s a needle in a haystack scenario?
legendary
Activity: 3472
Merit: 10611
January 02, 2021, 11:26:48 PM
#18
so I do not know how they got a bech32 from the YPUB ?

xpub, ypub, zpub strings don't add any kind of restriction on the type of address that can be derived from the extended key. They are more like guidelines, otherwise the actual data they contain (public key + chaincode) that is used in deriving keys is the same for all of them. The interpreter has to check the version int and decide which address type to derive from that data, which it fails in this case to check it.
newbie
Activity: 10
Merit: 4
January 02, 2021, 09:06:12 PM
#17
I was able to recreate what I did and it was the YPUB not an XPUB (Just like the sample posted), and it was all bech32 addresses that were produced for wallet addresses that the funds would be sent to.
This is indeed quite confusing....

XPUB = Legacy ("1" type) Addresses
YPUB = Nested SegWit ("3" type) Addresses
ZPUB = Native SegWit ("bc1" type) bech32 Addresses

Quite how you got bech32 addresses from a YPUB master public key is a mystery... it would point to some sort of issue within the code/library generating the addresses, as it is technically doing "non-standard" things Undecided


I must be screwing up the derivation path. I'm putting in m/84'/0'/X' (X representing the account # on my Trezor) but nothing.
Note that "X" should not be the same as the account # in the Trezor wallet... the derivation path is 0-indexed... so "Account #1" on the Trezor is actually m/84'/0'/0'... "Account #2" would be m/84'/0'/1' etc.

So I emailed them to get this raised up because I am concerned that this point that this is just not operator error (me). I put in the derivation as you listed above and nothing. I used the Ian Coleman tool offline and generated the YPUB that I had uploaded to them and it only produces "Nested SegWit" (3 type) so I do not know how they got a bech32 from the YPUB ? I still created the ZPUB corresponding with my Trezor just to see and that address that they sent the BTC to was not produced. So I think I have a problem. I have emailed them and they are raising it but I really thank everyone who responded for at least confirming that I am not just making some obvious error.

The BTC is just sitting in the wallet.

Regardless of what happens I will update this thread with the outcome.
newbie
Activity: 10
Merit: 4
January 02, 2021, 08:53:00 PM
#16
They don't look like a scam to me.

Regardless of whether they have bad intentions or not.
I wouldn't trust a new exchange with no history, no security audits, nothing.

When trusting a centralized service with your money, i'd at least go for trusted ones with good security practices which exist longer than a year.

I understand. Ironically my intentions were pure to go with a smaller startup that is more grass roots bitcoin only. And the people behind it are reputable I just hope that my issue is not some type of their code/library issue like HCP indicated.
HCP
legendary
Activity: 2086
Merit: 4361
January 02, 2021, 02:02:24 PM
#15
I was able to recreate what I did and it was the YPUB not an XPUB (Just like the sample posted), and it was all bech32 addresses that were produced for wallet addresses that the funds would be sent to.
This is indeed quite confusing....

XPUB = Legacy ("1" type) Addresses
YPUB = Nested SegWit ("3" type) Addresses
ZPUB = Native SegWit ("bc1" type) bech32 Addresses

Quite how you got bech32 addresses from a YPUB master public key is a mystery... it would point to some sort of issue within the code/library generating the addresses, as it is technically doing "non-standard" things Undecided


I must be screwing up the derivation path. I'm putting in m/84'/0'/X' (X representing the account # on my Trezor) but nothing.
Note that "X" should not be the same as the account # in the Trezor wallet... the derivation path is 0-indexed... so "Account #1" on the Trezor is actually m/84'/0'/0'... "Account #2" would be m/84'/0'/1' etc.
legendary
Activity: 1624
Merit: 2481
January 02, 2021, 07:57:58 AM
#14
They don't look like a scam to me.

Regardless of whether they have bad intentions or not.
I wouldn't trust a new exchange with no history, no security audits, nothing.

When trusting a centralized service with your money, i'd at least go for trusted ones with good security practices which exist longer than a year.
legendary
Activity: 2534
Merit: 6080
Self-proclaimed Genius
January 01, 2021, 11:12:50 PM
#13
-snip- I must be screwing up the derivation path. I'm putting in m/84'/0'/X' (X representing the account # on my Trezor) but nothing.
In Electrum, if you didn't selected "native segwit" prior to editing the derivation path to m/84'/0'/x', it will still create a wallet with legacy/p2sh-segwit addresses depending on what's selected.
It's worth the try.
newbie
Activity: 10
Merit: 4
January 01, 2021, 10:33:22 PM
#12
Happy New year.

Thank you for the replies.

I was able to recreate what I did and it was the YPUB not an XPUB (Just like the sample posted), and it was all bech32 addresses that were produced for wallet addresses that the funds would be sent to. The first addresses listed is where the BTC was withdrawn to, but I still cannot locate the BTC via Electrum. I must be screwing up the derivation path. I'm putting in m/84'/0'/X' (X representing the account # on my Trezor) but nothing.
I used Swan because they are good to stack (daily/weekly) and just automatically have it sent to cold storage. Instead of selecting most compatible I chose cheapest transaction cost which is why it was sent to the bech32.

I will use the tools provided to see if I can sort out how to get my hands on the BTC. 

legendary
Activity: 2758
Merit: 6830
January 01, 2021, 06:52:20 PM
#11
Why do they ask for your xpub, but don't store it afterwards.

The only explanation i could imagine is, that they derive X addresses and afterwards delete the xpub. But this doesn't make that much sense IMO.

Quote
[...] We use your extended public key to generate a list of addresses in your browser. We only store this list of addresses, not your extended public key.
https://help.swanbitcoin.com/hc/en-us/articles/360060455013-How-do-I-connect-my-wallet-s-extended-public-key-xpub-ypub-zpub-to-my-Swan-account-

They don't look like a scam to me. Most of the guys listed on the website are active on social media and are followed by a bunch of people I know. It's not the first time someone comes with a wallet that buys a fixed amount of BTC per week/month or round your purchases on your credit/debit card (to buy BTC). It's a cool idea if you want to stack sats while DCA'ing and not worring about logging into an exchange every week.

Your coins also go to Prime Trust, according to their FAQ.
sr. member
Activity: 1680
Merit: 379
Top Crypto Casino
January 01, 2021, 06:45:31 PM
#10
They are 100% legit. [...]
https://www.swanbitcoin.com/

Well, i don't know:
Code:
Domain Name: swanbitcoin.com
Registry Domain ID: 2466272308_DOMAIN_COM-VRSN
Updated Date: 2020-12-13T13:53:04Z
Creation Date: 2019-12-12T18:25:25Z

Why would you trust and use such an exchange if there are way better options available? I don't get it.
Even if it is an legit exchange, why use this one with no proven security or trust?


If you look at their team that is listed on their website it is all mostly well-known bitcoiners. I think the reason why somebody would choose them over a more established exchange is because of convenience. It is not like a traditional trading exchange. It is intended for people who want to set up a Bitcoin savings plan.
legendary
Activity: 3374
Merit: 3095
Playbet.io - Crypto Casino and Sportsbook
January 01, 2021, 11:17:33 AM
#9
Actually never heard of that website but there are some users here on the forum who mention this.
Here are the two posts that I found:
- https://bitcointalksearch.org/topic/m.54964867
- https://bitcointalksearch.org/topic/m.55565738

It means it's not a well-known website so there is a high chance that this site is a scam.

Anyway, if it's YPUB it starts with a "3".

What I think is if you have the XPUB from Trezor try to use this tool https://www.blockonomics.co/views/segwit_xpub_convert.html
And then try to convert it to segwit(Starts with "3") and check the result if it's the same as what you saw from swanbitcoin.

Adding this tool https://blockpath.com/wallets/local/101?action=appxpub
Use this to scan if you have addresses from your xPub/yPub with funds.



Why not check your Trezor again and maybe you don't remember that you copied the yPub instead of xPub?

Use this image below as a reference.
legendary
Activity: 1624
Merit: 2481
January 01, 2021, 10:31:17 AM
#8
They are 100% legit. [...]
https://www.swanbitcoin.com/

Well, i don't know:
Code:
Domain Name: swanbitcoin.com
Registry Domain ID: 2466272308_DOMAIN_COM-VRSN
Updated Date: 2020-12-13T13:53:04Z
Creation Date: 2019-12-12T18:25:25Z

Why would you trust and use such an exchange if there are way better options available? I don't get it.
Even if it is an legit exchange, why use this one with no proven security or trust?

Anyways..
They have their address derivation library available on github.


You said, you saw a bech32 address?
In this case the path should be m/84'/0'/0'/0/X with X being the index (0 = first address; 1 = second address; ...).
legendary
Activity: 3472
Merit: 10611
December 31, 2020, 11:59:30 PM
#7
Go to https://iancoleman.io/bip39/ and enter your ypub in the "BIP32 Root Key" textbox then scroll down to "Derivation Path" section and play around with the options (it is probably the last one, BIP141, that you are looking for) to try and find the address they generated. The list of addresses are found at the bottom under "Derived Addresses".
If you found your derivation path you can then go back to your wallet and see if you can find a way to change it there. If not you can always import your mnemonic into another wallet that lets you set the derivation path such as Electrum (or even the site above BUT only offline after cloning its repository and running it on an airgap computer). Keep in mind to verify Electrum's signature if went that direction.
Pages:
Jump to: