How are popular bitcoin wallets implemented?



How are popular online bitcoin wallets, like blockchaininfo's implemented? Why aren't they open-source?

Kinnard Hockenhull

Posted 2012-11-08T01:55:21.330

Reputation: 2 335

Question was closed 2013-02-03T01:36:49.737

2This is too vague to be reasonably answerable, if you are asking for details of all "popular online wallets". Can you rephrase the question to something specific and answerable, such as just "How is the blockchaininfo eWallet system implemented?"? If not, I suspect this question will be closed – Highly Irregular – 2012-11-08T02:48:27.163

The client-side wallet code (e.g., Javascript) is open source. The server-side is not. – Stephen Gornick – 2012-11-08T05:09:20.397

-1 for asking why they aren't open source (just silly). You may remove that side-question, though. – o0'. – 2013-02-02T09:08:46.230



Accuracy not guaranteed

  • Wallets are json files. The json file is encrypted using AES (crypto-js) before the browsers asks that it be stored on the server.
  • The wallet file is embedded in the login page as a html data attribute, the browser decrypts the file with the provided password and extracts a list of private keys and addresses.
  • The browser then asks blockchain info the balance and list of recent transactions for the decrypted addresses.
  • Upon sending the browsers asks for a list of unspent outputs. Then selects the outputs constructs and signs the transaction itself (bitcoin-js). When ready the transaction is serialised and sent to bloackchain for broadcasting to the bitcoin network.
  • Authentication is done using a unique "Shared Key" contained within the wallet file rather than the users password.
  • Server side we use 4 servers running MySQL cluster and java. A modified bitcoind client is used to populate the database.

See How It Works


  • Similar to with client side encryption.
  • Private keys are stored individually on the server as a database entry rather than in a single wallet file.
  • Authentication is done server side using traditional Sessions.
  • Transaction construction and signing is all done in javascript.
  • Uses or to query balances of addresses. Uses to broadcast transactions.
  • Server side uses Ruby on Rails and Heroku


  • Server side uses Ruby on Rails and Heroku
  • Custom MongoDB database to query balance of addresses.
  • Server selects outputs, constructs and broadcasts transactions.
  • Authentication is done server side using traditional Sessions.
  • The web app directly connects to the bitcoin network using Bitcoin-Ruby to populate the database.

What are they not open source?

They are commercial enterprises with a large amount of development time invested. The code being open source would a) increase competition b) cause identical phishing sites to popup c) clones maybe be hacked or run by scammers damaging the reputation of the main site.

Parts of are open source. I personally hope the rest of the site will be fully open sourced one day but there is much to plan. If the code is just dumped it will not benefit anyone.


Posted 2012-11-08T01:55:21.330


how does blockchain info query recent transactions for a list of addresses. For example, if the wallet JSON file has 100 addresses, does that require making 100 separate calls to the blockchain info api for the recent transactions for each address? – samol – 2013-11-28T07:40:47.247


As someone that has implemented a small eWallet, I suppose I can answer this question from my perspective.

An implementation of an eWallet is fairly simple. Using the official API makes everything come down to issuing correct JSON RPC calls. You generally have a bitcoind instance running on a server, along with your website front. The main problem is making sure that your site can distinguish between various people and make sure they can't access each other's money. In practice, it's fairly simple.

There are a few implementation roads you can take with eWallets:

  • You can have one account per person, so as long as you can distinguish between people your website can be "stateless", as in not keeping any data at all. I have implemented that and it wasn't hard.
  • You can let each person have as many accounts as they wish. This requires some additional info to be stored on your website and to ensure your naming is unique. Also, not much of a problem, I have done it.
  • You can move everyone's money into a shared pool and keep track of how much does each person have. Your website server needs to have a separate database of balances. A bit more tricky, you have to keep in mind such problems like double-spends and so forth not to credit scammers. As far as I know this is the most popular model for eWallets.
  • Focus mainly on keeping user's private keys. This is an option used for example by StrongCoin. The website can fetch your balances from such services as Block Explorer, decrypt your keys on your computer and let you create transactions there as well. An interesting model as it doesn't store all the private keys in one easily accessible wallet.dat to steal.

There are a lot of concerns one needs to keep in mind when implementing an eWallet - mainly safety of your funds and so forth, but that's a topic for another question.

As for why they aren't open source, well, I personally want to earn some money from my work, so I keep the source code for myself and anyone that commissions me for creating one for them. Other reasons not to go open source can be to avoid competition, or not to expose some potential security flaws in one's system.


Posted 2012-11-08T01:55:21.330

Reputation: 42 235


If someone wishes to share their work with me, I am grateful. But I do not expect that others are obligated to share their work.

Stephen Gornick

Posted 2012-11-08T01:55:21.330

Reputation: 26 454