Definition
Watch-only wallet is a wallet that holds only public key material — typically an extended public key (xpub) or a full output descriptor — and no private keys whatsoever. Because Bitcoin addresses are derived from public keys, this is enough to generate receive addresses, scan the chain for incoming and outgoing payments, display balances, and even construct unsigned transactions. What it cannot do is sign, so it cannot move funds under any circumstances. That asymmetry is not a limitation; it is the entire design. A watch-only wallet lets you put full visibility on an internet-connected device while keeping spending power somewhere far safer.
Pairing watch-only with cold storage
The classic use is monitoring cold storage from an everyday device. You export the public key or descriptor from an offline signer — a hardware wallet or air-gapped machine — and import it into a watch-only wallet on your phone or desktop. Now you can confirm a payment arrived, check balances, and generate fresh receive addresses without ever bringing a private key near an online machine. When it is time to spend, the watch-only side drafts an unsigned transaction (a PSBT, in modern tooling) which travels to the offline signer — by SD card, QR codes, or USB — for approval, then returns for broadcast. This is the read side of the air-gapped signing workflow, and it is how a home node runner gets daily convenience without daily risk.
Descriptors make watch-only reliable
An xpub alone tells software which keys exist but not which address types to derive from them. Older watch-only setups regularly went wrong here: import an xpub under the wrong derivation assumptions and the wallet shows the wrong addresses or an empty balance despite a healthy stack. A modern output descriptor (BIP380) fixes this by encoding the script type, derivation path, and key-origin fingerprint in one unambiguous string, so a restored watch-only wallet reproduces exactly the right addresses — legacy, SegWit, or Taproot — every time. If your wallet offers descriptor export, prefer it over a bare xpub; see descriptor wallet for the details.
What watch-only does and does not protect
Understand the threat model honestly. A watch-only wallet cannot lose your coins — there is nothing on the device to steal. But the xpub itself is privacy-sensitive: anyone who obtains it can derive every address in the account and watch your entire balance and transaction history, past and future. Treat an xpub as confidential financial information, share it only with software you trust, and remember that pairing your watch-only wallet with someone else's server hands them exactly that visibility. The sovereign fix is to point the watch-only wallet at your own node, so balance queries never leave hardware you control.
Practical patterns
Common deployments: a phone wallet watching the family cold storage so either spouse can verify a deposit; a point-of-sale device generating fresh addresses for a shop without holding a single key on premises; a multisig coordinator that watches all cosigner keys while each signer stays offline. In every case the pattern is identical — visibility online, authority offline. It is one of the simplest architectural habits in Bitcoin self-custody, and one of the highest-value ones.
In Simple Terms
Watch-only wallet is a wallet that holds only public key material — typically an extended public key (xpub) or a full output descriptor — and…
