💡 The Plain-English Definition
An xpub — extended public key — is the master public key for a Bitcoin wallet. Anyone who has your xpub can derive every Bitcoin address your wallet has ever generated or will ever generate, and can see your complete transaction history — past and future — without being able to spend your Bitcoin.
🤔 But Why Though?
HD wallets (Hierarchical Deterministic wallets — the standard Bitcoin wallet architecture where a single seed phrase generates unlimited addresses through a mathematical tree structure) produce not just private keys but public key counterparts at every level of the derivation tree. The xpub sits at the account level of this tree — it’s the master public key from which all your receiving addresses are mathematically derived. From the xpub, software can generate every address you’ll ever use, without ever needing to touch your private key or seed phrase.
This is why xpub sharing is a significant privacy decision. When you connect a watch-only wallet (a wallet that can monitor but not spend) to a third-party service, or when you connect a hardware wallet to software like Electrum or Sparrow, that software typically receives your xpub to generate your addresses and monitor the blockchain for transactions to them. The service now has permanent, comprehensive visibility into your financial history — every payment you’ve ever received to any address derived from that xpub, and every payment you’ll ever receive in the future. Unlike sharing a single address (which reveals only that address’s history), sharing your xpub reveals everything derived from it — potentially dozens or hundreds of addresses and years of transactions.
Common situations where xpubs are shared: setting up a watch-only wallet for monitoring cold storage, connecting a hardware wallet to desktop wallet software, using a public blockchain explorer that derives addresses from your xpub, or using a custodial Lightning wallet that needs to watch your channels. The privacy-preserving alternative: run your own Bitcoin full node (a computer independently validating the blockchain) and connect your wallet software to it — the xpub stays on your own infrastructure and never reaches a third-party server.
🌍 The Real-World Analogy
Sharing your xpub is like giving someone the master key to your filing cabinet that can read (but not remove) every document — including all future documents you’ll ever file. They can see everything you’ve received, everything you’ve spent, every counterparty you’ve dealt with, and they’ll automatically see everything you do in the future. The key doesn’t let them steal anything, but the surveillance is complete. A regular Bitcoin address is just showing someone one folder. An xpub is showing someone the master filing system.
⚡ So What?
Be deliberate about where your xpub goes. Connecting your hardware wallet to trusted, open-source wallet software on your own computer is generally fine — the xpub stays local. Entering your xpub into a web-based blockchain explorer or a third-party portfolio tracking service means that service can permanently monitor your entire wallet history. For maximum privacy, use a personal Bitcoin node as the data source for your wallet software. For watch-only monitoring of cold storage, a local wallet application connected to your own node keeps the xpub off third-party servers entirely.