Two BTC addresses with one seed - KYC/non-KYC

Hi, I would like to have two BTC addresses in my Trezor T and I know that it is possible, but I would like to have one address with KYC and a second with non-KYC (no transactions between them) bitcoin and I’m not sure if it is possible somehow see some connection between these two addresses in the blockchain (because of same seed?) - if so, non-KYC address would be compromised and this solution does not make sence at all. Thanks for advice, Roman :slight_smile:

Hi @roman_holomek

Technically you can just use two separate bitcoin addresses under one account and no one will ever be able to link those two addresses together from blockchain under the condition that these addresses would never be used together in a single transaction.

However these addresses can be linked together if someone will now your public key.

A public key is used as the basis for an address and it is derived from an associated private key. The private key allows the owner to spend the funds associated with its address. In hierarchical deterministic wallets such as Trezor, all private keys and addresses (public keys) are derived from the user’s recovery seed. The address derivation is as follow:

Recovery seed → Account private key → Private key → Public key-> Address

Public-key cryptography ensures that it is not possible to go backward - knowing the address does not make it possible to find the associated private key or recovery seed.

So all addresses derived from certain public key can be known to someone else only if you give away your xpub willingly.

Also, (as already mentioned couple paragraphs above) please note that two addresses ( the sum of whose balances is closest to what you want to spend) will be used in order to spend funds from the same account. Unless the wallet/app you are using has feature called CoinControl (for ecample Electrum wallet). Please note that Trezor Suite doesn’t have such feature yet.

So the easiest way for you how to separate the KYC and non-KYC addresses will be either using different types of bitcoin accounts:

or even better if you use different hidden (passphrase protected) wallets:


Hi @MichalZ, thanks for the exhaustive answer, it’s clear enough now :slight_smile:

Hello trezor suppport!
I am not sure if this is the same question but could you please help me to understand what happens once KYC coins are sent to wallet, then all coins are spent to 0, so no ballance is left on BTC account. Few months later, new non-kyc coins are sent to the same wallet, same btc account but to a new (fresh) address. Is wallet/btc account considered to be doxxed (KYC)? Even that new coins have never mixed with KYCed ones? Or can new non-kyc coins still to be considered to be clean?
Above I read that it these two addresses can be connected if somebody knows public keys {how can someone know my public keys/from where}?
Thank You.

Hi @David1

In such case only handling your account public keys (XPUBs) will doxx it.
When you expose these to a third party, you allow them to see your entire transaction history.

And as it was mentioned before it is not possible to go backwards in address derivation process (meaning that no-one can figure out your public key from the address) so the only option would be if you would expose it willingly.

I want to revisit this thread to make it more clear. My goal will is also to seperate my KYC wallet and my future non KYC wallet, im very unsure to get started and i have been on the sideline regarding this issue for about 3months. Im not that technical when it comes to this so help would be much appricited. So i found 2 different ways of creating a new wallet

  1. I can create a new bitcoin account within the same seedphrase+within the same passphrase. In doing so i now have 2 bitcoin wallets within the same passphrase, makes sence? in one of those it shows that i have made transactions and in the other there is no transactions at all since its new generated wallet. I also checked the public key, also known as the xPUB, and even this is different. So lets say i as mentioned in this thread i somehow made my KYC xPUB public, wouldnt it just make one of these wallets public and not the other? Or can you by revealing this also reaveal your other wallet somehow and that way see your non KYC bitcoin?
  2. The other way of creating a new wallet which is more perferable is to create a new wallet with a NEW passphrase which also is mentioned in this thread and which Trezor themself is advocating for. This in my head seems like the right approach but is it really?
    So lets say you create another new passphrase (no.2), but you want this to be coins with non KYC. You allready have KYC coins on your other passphrase (no.1). The gov, the companies you bought these KYC coins from and the companies buying these informations from the companies you bought from allready knows where your KYC coins is.

To make it easier… My Q is simply if it is enough to either create a new wallet withing the same passphrase or create a new wallet with a new passphrase (both these methods create a new xPUB) to seperate KYC coins with non KYC coins. If you never mix these coins toghether, is there any way these wallets can be linked or should i… idk buy a new hardware wallet? im confused


As far as I know, you can’t create two different Hidden wallets with the same Passphrase. If that was possible, it’d point to the same wallet on the blockchain. You must use an unique Passphrase for each new Hidden wallet.

However, you can put your KYC BTC in your Standard wallet or a Hidden wallet, and your non-KYC BTC in another Hidden wallet. They will be separate, each with its own xPUB key and receive addresses.

You may send BTC from one wallet to another at any time. You can even send BTC from one wallet and back to itself, thereby consolodating the account by getting rid of some/all UTXO’s.

After reading through the responses, I’m still a little unclear … I’ll try to rephrase the question(s) in as simple a way as I can.

  1. If you create two Bitcoin accounts (#1 & #2) on the same Trezor model one, does each account have a distinct private key?

  2. And if #1 is true, then is it possible to place KYC bitcoin in one and non-KYC bitcoin in the other such that the non-KYC privacy is not ruined by having both accounts on the same cold wallet?

Thanks in advance.