Welcome to the inaugural edition of our support team’s monthly update! Each month we’ll tackle trending user concerns and shed light on them in an insightful and educational way. If you missed it (and in this case, we hope you did!) watch-only scams have been making waves throughout the last month. We started debunking this scam by explaining watch-only addresses and making some changes to our web wallet. Now let’s dive further into the details of this scam, private keys, and importing watch-only addresses with your Blockchain wallet!
April showers bring.. Watch-only scams?
A new type of scam made the rounds last month involving the misuse of watch-only addresses. All versions of this scam used the watch-only feature to make it seem as if a wallet had a particular balance when, in fact, it did not. In reality, a user can import any bitcoin address in existence into their wallet as watch-only. They can monitor its transaction activity and balance, but without having the corresponding private key, the one thing they can never do is spend that address’ balance.
A recent update to our web wallet has made it easier to see your total spendable balance. Watch-only balances will no longer show in your total wallet balance but can still be viewed in Settings -> Addresses. This update has not been rolled out to mobile users yet.
We know there’s nothing more satisfying than throwing a wrench in a scammer’s plans or outsmarting them from the get-go. To help you call their bluff from right out of the gate, we’ll start by shedding a little light on private keys.
The (not so) elusive private key
This scam lead to users asking questions like, “where is my private key?” or “what is my private key?” Well, we’re glad you asked.
Bitcoin and other digital assets use a method known as public key cryptography to help prevent fraud and manipulation of transactions. This method involves the use of a public key and a private key. The public key is the bitcoin address you can share with a third party to receive incoming transactions. The private key, on the other hand, is the corresponding tidbit that tells the Bitcoin network you are authorized to spend those funds. You never want to share an address’ private key; anyone possessing it can spend those funds.
In your Blockchain wallet, we have the more technical underpinnings (including your private keys) working under the hood for an experience that is as seamless and user friendly as possible, without compromising on security. Each time you click on Request and see a new bitcoin address display, the private key, although not visible, is generated along with it. All of these addresses and corresponding private keys are tied to your 12-word backup phrase, which should be written down and stored as a wallet backup.
Addresses that are not generated within your Blockchain wallet will be found under your Imported Addresses. These are addresses that are not stored by your backup phrase, which is why their private keys must also be imported to spend from them.
It’s time for a test drive
Now that we’ve explained private keys, there’s no better way to demystify watch-only addresses further than to take you along on a test drive of this wallet feature. Seat belts are optional.
- Head to Blockchain.info
- Click on a block height under Latest Blocks
- Scroll down to see all the bitcoin transactions mined in that block
- Click on any address to view its current balance & transaction details
- Copy the address of choice to your clipboard
When you’re ready, log in to your wallet and navigate to Settings -> Addresses, then scroll down until you see Imported Addresses. This is where you can find any watch-only addresses you’ve imported.
Next, you’ll want to click Import Bitcoin Address, paste that address in the text field, and click Import. Give the warning a read, which explains a bit about how watch-only addresses work, then click OK.
And there you have it – that address and its balance will display under Imported Addresses with a Watch Only indicator to the right.
Any incoming or outgoing transaction activity for watch-only addresses will show up in your bitcoin transaction feed. You can monitor this address to your heart’s delight, but if you click Send and choose the watch-only address from the dropdown, a field will display right below asking for that address’ private key.
And in case someone told you otherwise, there is no magical formula that will help you acquire that private key if you didn’t already have it from the get-go.
Once you’ve given the watch-only process a test run, you can delete that address from your wallet by heading back to Imported Addresses, click More Options -> Archive, then show your Archived Bitcoin Addresses -> More Options -> Delete.
To ensure smooth sailing for all our users, we recommend clicking Request to get a new bitcoin address each time you transact. Never attempt to receive via a watch-only address, especially not at the request of a third party.
We hope this exercise helped you understand a bit more about how watch-only addresses work. If you have a specific topic you’d like us to cover, send us your feedback here, or get in touch with us @AskBlockchain.