Two BTC addresses with one seed - KYC/non-KYC

Hi, I would like to have two BTC addresses in my Trezor T and I know that it is possible, but I would like to have one address with KYC and a second with non-KYC (no transactions between them) bitcoin and I’m not sure if it is possible somehow see some connection between these two addresses in the blockchain (because of same seed?) - if so, non-KYC address would be compromised and this solution does not make sence at all. Thanks for advice, Roman :slight_smile:

Hi @roman_holomek

Technically you can just use two separate bitcoin addresses under one account and no one will ever be able to link those two addresses together from blockchain under the condition that these addresses would never be used together in a single transaction.

However these addresses can be linked together if someone will now your public key.

A public key is used as the basis for an address and it is derived from an associated private key. The private key allows the owner to spend the funds associated with its address. In hierarchical deterministic wallets such as Trezor, all private keys and addresses (public keys) are derived from the user’s recovery seed. The address derivation is as follow:

Recovery seed → Account private key → Private key → Public key-> Address

Public-key cryptography ensures that it is not possible to go backward - knowing the address does not make it possible to find the associated private key or recovery seed.

So all addresses derived from certain public key can be known to someone else only if you give away your xpub willingly.

Also, (as already mentioned couple paragraphs above) please note that two addresses ( the sum of whose balances is closest to what you want to spend) will be used in order to spend funds from the same account. Unless the wallet/app you are using has feature called CoinControl (for ecample Electrum wallet). Please note that Trezor Suite doesn’t have such feature yet.

So the easiest way for you how to separate the KYC and non-KYC addresses will be either using different types of bitcoin accounts:

or even better if you use different hidden (passphrase protected) wallets:


Hi @MichalZ, thanks for the exhaustive answer, it’s clear enough now :slight_smile:

Hello trezor suppport!
I am not sure if this is the same question but could you please help me to understand what happens once KYC coins are sent to wallet, then all coins are spent to 0, so no ballance is left on BTC account. Few months later, new non-kyc coins are sent to the same wallet, same btc account but to a new (fresh) address. Is wallet/btc account considered to be doxxed (KYC)? Even that new coins have never mixed with KYCed ones? Or can new non-kyc coins still to be considered to be clean?
Above I read that it these two addresses can be connected if somebody knows public keys {how can someone know my public keys/from where}?
Thank You.

Hi @David1

In such case only handling your account public keys (XPUBs) will doxx it.
When you expose these to a third party, you allow them to see your entire transaction history.

And as it was mentioned before it is not possible to go backwards in address derivation process (meaning that no-one can figure out your public key from the address) so the only option would be if you would expose it willingly.