| Wallet author here, thanks @vessenes for the comment. Yes, as with all HD wallets, an attacker with a single private key and the the extended public key can derive all child private keys. You can read more about that aspect of HD wallets in this blog post here (https://bitcoinmagazine.com/articles/deterministic-wallets-a...). What's important to keep in mind, is that the child keys never leave your computer. In fact, they aren't even stored in the file system. Transactions are signed locally, and only the signature (which by definition doesn't reveal the private key) is broadcast. If you dump your private keys using the wallet (option 0 for advanced users only after booting the wallet), you will see a big warning to this effect. The app won't let you dump your private keys before confirming you understand the risks. This only matters of course if you're going into the wallet internals. If you're just using the wallet, you never have to think about this attack. Do keep in mind from a privacy perspective though that because you're revealing your extended public key to BlockCypher, BlockCypher is able to calculate all your public bitcoin addresses. You can read more in the FAQs here:
https://github.com/blockcypher/bcwallet#faqs Feel free to ask more questions anytime! Edits: minor grammar tweaks. |
I think the attack vector that seems very likely here is an e-mail like this:
User: Initiates Support Request around a transaction that's funky
Naughty BlockCypher Employee: "Let's try to debug this. Can you get me a private key from an early address you sent from, one which you WON'T USE AGAIN? I want to check that we're doing our math correctly. Make sure it's not an address with an existing balance!"
I propose that well over 99% of developers would think "Will I use this address again? If not, should be fine to pass on this private key."