O'Reilly logo
  • Arun Sasidharan thinks this is interesting:

Gabriel’s HD wallet offers a much better solution through the ability to derive public child keys without knowing the private keys. Gabriel can load an extended public key (xpub) on his website, which can be used to derive a unique address for every customer order. Gabriel can spend the funds from his Trezor, but the xpub loaded on the website can only generate addresses and receive funds. This feature of HD wallets is a great security feature. Gabriel’s website does not contain any private keys and therefore does not need high levels of security.

From

Cover of Mastering Bitcoin, 2nd Edition

Note

This is not true. What if someone swaps your pub key with their own ?