Hacking Question: Hiring a developer to run bitcoin core to process bitcoin payments on site

0

Hacking Question: First of all i am totally noob. I dont know much about bitcoins. I have an ecommerce website. I want to accept bitcoin payments for my products. I dont want to use 3rd party api's. I am hiring a developer to run bitcoin core on my server for my website to accept and process bitcoin payments.

  • Is it safe to use a freelance developer?

  • He'll have access to private keys?

  • Will he be able to hack it?

  • Is there a way to make my bitcoins safe from hacking in which insider job is involved?

Please kindly give me a serious, detailed and non technical answer

user33760

Posted 2016-03-09T13:22:19.663

Reputation:

1There are ways around it, but in general, yes he will have access to your private keys. You probably want to generate an HD wallet yourself and only give the XPUB key to the freelance developer. That way you keep control over the private keys. He should be able to help you set that up. – Jannes – 2016-03-09T13:55:55.533

Please don't use words such as "Important" in the title. Everybody thinks their own questions are important, and it just takes up space. – Nate Eldredge – 2016-03-09T15:00:59.973

1

@Jannes Not if he uses private key sharing and shares part of the key with you (cf. multisig).

– Geremia – 2016-06-09T23:08:52.210

@Geremia that doesn't make sense, the freelancer can't do anything with part of the private key, so might as well give him nothing at all then. Re-reading this question now, I think watch-only addresses should do the job, but to avoid address-reuse he would have to generate a lot of them in advance. Therefore the HD XPUB key might be better. – Jannes – 2016-06-10T10:10:36.477

Read this before you proceed any further: Running A Full Node https://bitcoin.org/en/full-node#what-is-a-full-node

– Aurigae – 2016-07-09T20:36:06.823

Answers

1

If you want to accept and hold bitcoins it is trivial to generate a large number of addresses offline and feed the public addresses (not the private keys) to the web developer. He would not have any access to the funds. Also as suggested in the comments you could use an HD wallet and provide the XPUB key to the developer. This would allow him to generate only the addresses that you have private keys for.

For example the electrum wallet is an HD wallet that would provide the required capabilities.

Mark S.

Posted 2016-03-09T13:22:19.663

Reputation: 2 540