Retrieve your Airdropped Coins Without Exposing your Passphrase in the Clone’s Wallet
Difficulty – High Intermediate
Nxt and Ardor are released under the open-source JPL license.
This means that if anyone clones the Nxt blockchain or the Ardor Platform, s/he will have to distribute 10% of his/her newly issued crypto token to the people currently holding NXT (or IGNIS, in case they clone Ardor), among other requirements.
Sounds nice for NXT/IGNIS holders, doesn’t it?
Right, but first you have to understand how the airdrop procedure works.
A SNAPSHOT of the Nxt blockchain is recorded, the date for the snapshot is set by the cloning team. The snapshot documents the state of the blockchain, e.g. the NXT balances in all accounts. This is needed for the distribution of the clone coins.
Once the clone’s wallet has been released, you can use the same account number (or passphrase) that you use to log in to your Nxt wallet to log in to the clone’s wallet. There you’ll find the airdropped coins. But be careful! Your passphrase is the key to your Nxt account, remember?
Since you can log in to both wallets with the same credentials (using the same passphrase), if someone discovers your passphrase when you log in to the cloned blockchain’s wallet, they’ll also have discovered your Nxt/Ignis/Ardor credentials. So it’s understandable that some people may have concerns about entering their precious Nxt/Ignis/Ardor passphrase in to the clone’s wallet, because they don’t trust the wallet creator, maybe there is only an online web wallet available, so they can’t check the clone’s source code, or for any other reason.
Since the passphrase is everything you need to access an account (and spend all the funds there!), if someone discovers your secret passphrase when you enter it into a clone’s wallet, they will get access to the same account in the Nxt / Ardor blockchain, with your NXT and IGNIS/AEUR/ARDR (etc.) funds.
So how do we avoid this risk?
We already mentioned some ways to do so in our Weekly Newsletter, but in this post, I’m going to show you a practical example with Apollo, a Nxt clone that according to the JPL license, had to distribute 10% of the APL coins to NXT holders.
You’ll learn how to transfer your APL coins from the account you own to another account (e.g. an exchange’s account) without entering your passphrase into Apollo’s wallet.
Before starting the process, you should:
A- Make sure you have enough funds in your account to complete the transaction and pay for the transaction fee: 1APL (or, in other words, 10⁸ ATM)
B- Know the destination account number (APL-…-…-…-…)
C- Know the public key of the sender’s account (since you don’t want to enter your passphrase into the clone’s wallet or use their API).
Apollo’s (initial) supply was = 31B
Nxt supply = 1B
10% of the Apollo supply (to be distributed among Nxt holders according to the JPL license) = 3.1B
So 3.1/1 = 3.1 Apollo for every 1 NXT you held in your account at the time of the snapshot (14th of January, 2018).
Ok, What’s the Procedure?
The procedure would be as follows:
1- Make sure your Nxt client isn’t running on your device. If it is, stop it (right click on the Nxt icon in the notification area > Shutdown) before continuing. Running the Nxt client and the Apollo wallet at the same time on the same device could lead to some trouble since both wallets use the same ports for their connections.
2- Install the Apollo wallet on your local device and run it. You may want to use a VM.
No, you can’t just use the online web wallet because we’ll need access to the API, as you’ll see later. Unfortunately, this wallet UI has disabled the “Don’t broadcast function” that you can find in the Nxt wallet, so we’ll have to use the API for some steps instead of using the wallet UI.
Side note: Advanced users who don’t want to install any wallet on their local device for steps 3 to 7 could alternatively use Apollo’s web wallet to find peers with open API. Just create a new account (don’t use your real existing Nxt/Ignis/Ardor account) to log in to Apollo’s web wallet > Cockwheel icon at the top right corner of the wallet > “peers” and then manually connect to a peer with the API service active by typing in your webbrowser:
3- Once the wallet is launched, open the following address in your web browser: http://localhost:7876/test. This will give you access to Apollo’s API. Don’t freak out, the API might look complicated the first time you look at it, but it’s not that difficult.
4- In the API interface, in the “Search” box close to the top right corner, type sendMoney and press Enter. Two results will come up. We’ll use the “sendMoney” one to set up our transaction.
5- Just fill the following fields:
recipient: The destination address (APL-….-….-….-….)
amountATM: The amount of ATM you want to send (1 APL = 10⁸ ATM). For example, if you want to send 100 APL coins, you must type 10 000 000 000 ATM in this field (i.e. add eight zeros at the end of the APL amount you want to transfer)
publicKey: The public key of the sending account
feeATM: The fee (in ATM) for the transaction. 1 APOLLO = 10⁸ ATM, so to send coins, the fee would need to be 100 000 000 ATM (i.e. 1 APL)
deadline: 10 (max number of minutes for the transaction to be completed – You can’t enter a different figure here, but 10 is ok)
broadcast: in this field type “false” (we’ll broadcast the signed transaction later)
message: Some exchanges require you to attach a message when depositing funds there. You can type that message here
6- Once all the needed blanks are filled in, we scroll down and click on the Submit button
7- Now, in the “JSON Response” field, you’ll receive the answer that we’re looking for. Among all the data returned, we are interested in the “unsignedTransactionBytes”, which contents our unsigned and unbroadcasted transaction. We’ll copy the content of the unsignedTransactionBytes – withouth the ” “- to the clipboard. And we are finished with Apollo’s API.
8- Head to https://www.nxter.org/nxtbridge-offline/ to make use of this awesome app developed by scor2k and Nxter Magazine, that will allow us to sign any Nxt transaction in a safe way – it works with clones like Apollo, too!
9- We need to download “NxtBridge OFFLINE”, which is a small html file (index.min.html) and open it in a web browser (for maximum security we can open it on an offline device, as explained here)
10- We type our secret passphrase and paste the unsignedTransactionBytes bytes that we copied to the clipboard (step 7) into the proper fields. Then we click on the “Check transaction before signing” button, and check that everything is alright (don’t worry if it shows NXT-…-…-…-… formatted addresses instead of APL-…-…-…-… , the prefix isn’t taken into consideration by the wallets)
11- And there you go! We received the “Signed Transaction” bytes, signed with our Nxt/Apollo passphrase. Now we just have to broadcast it to the Apollo blockchain. To do this, we simply log in to the Apollo online wallet using any APL-…-…-…-… account number. And once logged in, click on the Cockwheel icon at the top right corner > “Transaction Operations” > “Broadcast transaction”
12- Once here, we can paste the “Signed Transaction” bytes we received in step 11 into the box and then click the blue “Generate” button. Our transaction has been successfully transmitted to the Apollo network without exposing our passphrase. Done!