April showers bring.. Watch-only scams?
A new type of scam made the rounds last month involving the misuse of watch-only addresses. All versions of this scam used the watch-only feature to make it seem as if a wallet had a particular balance when, in fact, it did not. In reality, a user can import any bitcoin address in existence into their wallet as watch-only. They can monitor its transaction activity and balance, but without having the corresponding private key, the one thing they can never do is spend that address’ balance.
A recent update to our web wallet has made it easier to see your total spendable balance. Watch-only balances will no longer show in your total wallet balance but can still be viewed in Settings -> Addresses. This update will be rolled out to mobile users in the near future.
We know there’s nothing more satisfying than throwing a wrench in a scammer’s plans or outsmarting them from the get-go. To help you call their bluff from right out of the gate, we’ll start by shedding a little light on private keys.The (not so) elusive private key
This scam lead to users asking questions like, “where is my private key?” or “what is my private key?” Well, we’re glad you asked.
Bitcoin and other digital assets use a method known as public key cryptography to help prevent fraud and manipulation of transactions. This method involves the use of a public key and a private key. The public key is the bitcoin address you can share with a third party to receive incoming transactions. The private key, on the other hand, is the corresponding tidbit that tells the Bitcoin network you are authorized to spend those funds. You never want to share an address’ private key; anyone possessing it can spend those funds.
If you’re confused by how the concept of private keys relate to your Blockchain wallet, it’s helpful to understand the difference between addresses that you manually import vs. those which are generated when you click on Request. Each time you click on Request and see a new bitcoin address displayed, the private key, although not visible, is generated along with it. All of these addresses and corresponding private keys are tied to your 12-word backup phrase, which should be written down and stored safely as a wallet backup.
Any address that is not generated within your Blockchain wallet will be found under Imported Addresses. These addresses are manually imported and are not stored by your backup phrase, which is why their private keys must also be imported to spend from them.
Like we've touched on earlier, users can also manually import addresses as watch-only addresses. These could be addresses from another digital currency wallet that you want to keep track of. By importing an address, you are able to monitor it from within your Blockchain wallet, without needing to import that private key.It’s time for a test drive
Now that we’ve explained private keys, there’s no better way to demystify watch-only addresses further than to take you along on a test drive of this wallet feature. Seat belts are optional.
Before navigating to your Blockchain wallet, the first step is to find a bitcoin address. We’ll do you a solid and find one for you. If you’re feeling adventurous, here’s how to choose your own:
1. Head to Blockchain.info
2. Click on a block height under Latest Blocks
3. Scroll down to see all the bitcoin transactions mined in that block
4. Click on any address to view its current balance & transaction details
5. Copy the address of choice to your clipboard
When you’re ready, log in to your wallet and navigate to Settings -> Addresses, then scroll down until you see Imported Addresses. This is where you can find any watch-only addresses you’ve imported.
Next, you’ll want to click Import Bitcoin Address, paste that address in the text field, and click Import. Give the warning a read, which explains a bit about how watch-only addresses work, then click OK.
And there you have it - that address and its balance will display under Imported Addresses with a Watch Only indicator to the right.
Any incoming or outgoing transaction activity for watch-only addresses will show up in your bitcoin transaction feed. You can monitor this address to your heart’s delight, but if you click Send and choose the watch-only address from the dropdown, a field will display right below asking for that address’ private key.
And in case someone told you otherwise, there is no magical formula that will help you acquire that private key if you didn’t already have it from the get-go.
Once you’ve given the watch-only process a test run, you can delete that address from your wallet by heading back to Imported Addresses, click More Options -> Archive, then show your Archived Bitcoin Addresses -> More Options -> Delete.
To ensure smooth sailing for all our users, we recommend clicking Request to get a new bitcoin address each time you transact. Never attempt to receive via a watch-only address, especially not at the request of a third party.
We hope this exercise helped you understand a bit more about how watch-only addresses work. If you have a specific topic you’d like us to cover, send us your feedback here, or get in touch with us @AskBlockchain.
Don’t miss our previous post on drafting a golden support ticket and getting the most out of our Support Center.
Congratulations @r4kb4r! You received a personal award!
Click here to view your Board
Congratulations @r4kb4r! You received a personal award!
You can view your badges on your Steem Board and compare to others on the Steem Ranking
Vote for @Steemitboard as a witness to get one more award and increased upvotes!