'%3e%3cpath%20d='M12.4997%201.33325C10.39%201.33325%208.32772%201.95884%206.5736%203.13091C4.81947%204.30298%203.4523%205.96888%202.64496%207.91796C1.83763%209.86704%201.62639%2012.0118%202.03797%2014.0809C2.44955%2016.15%203.46545%2018.0506%204.95721%2019.5424C6.44897%2021.0342%208.34959%2022.0501%2010.4187%2022.4616C12.4878%2022.8732%2014.6326%2022.662%2016.5816%2021.8546C18.5307%2021.0473%2020.1966%2019.6801%2021.3687%2017.926C22.5408%2016.1719%2023.1663%2014.1096%2023.1663%2011.9999C23.1663%209.17094%2022.0425%206.45783%2020.0422%204.45745C18.0418%202.45706%2015.3287%201.33325%2012.4997%201.33325ZM12.4997%2021.3333C10.6537%2021.3333%208.84922%2020.7859%207.31436%2019.7603C5.7795%2018.7347%204.58322%2017.2771%203.8768%2015.5716C3.17039%2013.8662%202.98555%2011.9896%203.34568%2010.1791C3.70581%208.36859%204.59473%206.70554%205.90002%205.40025C7.20531%204.09496%208.86835%203.20605%2010.6788%202.84592C12.4893%202.48579%2014.3659%202.67063%2016.0714%203.37704C17.7768%204.08346%2019.2345%205.27974%2020.2601%206.8146C21.2856%208.34945%2021.833%2010.154%2021.833%2011.9999C21.833%2014.4753%2020.8497%2016.8492%2019.0993%2018.5996C17.349%2020.3499%2014.975%2021.3333%2012.4997%2021.3333Z'%20fill='white'/%3e%3cpath%20d='M19.167%208.06667C19.042%207.9425%2018.8731%207.8728%2018.697%207.8728C18.5208%207.8728%2018.3519%207.9425%2018.227%208.06667L10.8269%2015.4333L6.82695%2011.4333C6.70495%2011.3016%206.53562%2011.2237%206.35621%2011.2169C6.1768%2011.21%206.00201%2011.2747%205.87028%2011.3967C5.73856%2011.5187%205.66069%2011.688%205.65382%2011.8674C5.64694%2012.0468%205.71162%2012.2216%205.83362%2012.3533L10.8269%2017.3333L19.167%209.01333C19.2294%208.95136%2019.279%208.87762%2019.3129%208.79638C19.3467%208.71514%2019.3642%208.62801%2019.3642%208.54C19.3642%208.45199%2019.3467%208.36485%2019.3129%208.28361C19.279%208.20237%2019.2294%208.12864%2019.167%208.06667Z'%20fill='white'/%3e%3c/g%3e%3cdefs%3e%3cclipPath%20id='clip0_2790_31187'%3e%3crect%20width='24'%20height='24'%20fill='white'%20transform='translate(0.5)'/%3e%3c/clipPath%3e%3c/defs%3e%3c/svg%3e)
Background
Think about how easy it is to put $10 in an envelope and give it to a friend. Why is doing the same with crypto so hard? Why do we have to ask for complex wallet addresses or force friends to set up seed phrases just to receive a gift?
I built MyBucks.online to make crypto as easy as a physical gift card.
The Magic: Send the Wallet, Not Just the Coins
Imagine creating a one-time wallet in seconds, loading it with USDT, and sending the entire wallet via a simple link on Telegram or WhatsApp. The recipient clicks the link and instantly takes full ownership.
No registration. No app installs. No seed phrase headaches.
Design Philosophy
mybucks.online is a seedless, disposable crypto wallet designed for speed, convenience, and decentralization. It does not require app installs, browser extensions, or seed phrases. It converts human-readable, traditional credentials into a wallet private key instantly using a one-way hash function in the browser.
mybucks.online is not intended to replace full-featured wallets such as MetaMask or Trust Wallet. It targets micro-transactions and URL-based gifting, and aims to foster a lightweight, accessible gifting culture in Web3.
Security Architecture
In mybucks.online, the passphrase and PIN are the primary credentials. It derives a private key from your passphrase and PIN using Scrypt and Keccak256. The Scrypt KDF was intentionally chosen to increase computational cost of key derivation and strengthen resistance to brute-force attacks.
Key derivation runs entirely in the browser — no storage, no third-party key-management APIs. There is no server, no storage, and no database. The wallet is generated and erased instantly.
1-Click Gifting: Wallet via URL
The passphrase, PIN, and active network ID are encoded into a URL hash fragment and shared. On the recipient side, the payload is parsed, key derivation runs automatically, and the wallet opens immediately.
There is no server-side link expiration — the derived on-chain address is fixed. For as long as funds remain at that address, they are accessible to anyone who holds the link.
This enables:
- One-time starter wallets for gifting without requesting wallet addresses
- Bulk distribution and massive airdrops through shareable links
Core Package Integration
Core functions are published as an independent package: @mybucks.online/core
https://www.npmjs.com/package/@mybucks.online/core
Browser-Level Hardening
mybucks.online uses strict Content Security Policy (CSP) to reduce risks from XSS and unauthorized script injection.
Credential data is encoded in a URL hash fragment (#wallet=...) so it stays browser-side and reduces exposure in server-side logs. The wallet parameter is removed immediately after parsing.
Vulnerabilities and Mitigation Strategy
Major Vulnerabilities
- Salt in key derivation is deterministically derived from passphrase/PIN, not a globally unique random salt
- Users can choose weak, compromised, or common passphrase/PIN combinations
- Anyone with a transfer link can extract passphrase/PIN (Base64-encoded for URL transport)
Our Response
- Added
zxcvbnvalidation to block common, compromised, and dictionary-based patterns - Password-chunking approach: both Passphrase and PIN required (not a single long password)
- Auto-fill feature generates ~130-bit entropy credentials
- Explicitly positioned for micro-gifting, not long-term storage of high-value assets
Networks & Token Display
Supported networks:
- EVM chains: Ethereum, BNB Chain, Polygon, Arbitrum, Avalanche C-Chain, Optimism, Base
- TRON
Token display is filtered against @uniswap/default-token-list to reduce scam/fake token visibility.
Trust & Verification
- Secure3 security audit — published findings
- HackenProof wallet cracking challenge — community stress-testing and follow-up improvements
Disclaimers & User Responsibility
mybucks.online is intended for micro-transactions and gifting, not long-term storage of high-value assets.
- No reset/recovery for the passphrase + PIN. If lost, funds are permanently inaccessible.
- Recipients need a small amount of native token to pay gas. Gift givers are encouraged to include this with the gift.
References
Conclusion
MyBucks.online provides an innovative and convenient bridge for both Web2 and Web3 users. By replacing unfamiliar seed phrases with a classic password-based format, users can create a crypto wallet in seconds — the perfect starting point for any Web3 journey.
Imagine preparing thousands of digital envelopes, each containing a $5 gift, distributing them to campaign visitors at a public event. That’s the power of 1-Click Gifting.
