Blog
Most crypto payment platforms quietly hold their merchants' funds. mio.money doesn't. Here's how xpub derivation lets us generate a fresh address for every invoice while the merchant keeps every key — and why that one design choice changes the entire risk profile of accepting crypto.
Most crypto payment platforms have a custody problem they don't talk about. The merchant signs up, gets a wallet address from the platform, and customers send payments to that address. The platform holds the keys. The platform decides when — and whether — the merchant gets their money. mio.money was built around a different primitive: the merchant's own hardware wallet, and a cryptographic technique called extended public key (xpub) derivation that turns a single cold-storage device into an unlimited supply of fresh receiving addresses. The merchant keeps the keys. We never touch them. And yet every invoice still gets its own clean, traceable address. This is the quiet piece of infrastructure that makes "we see but don't touch" more than a tagline. Here's how it works and why it matters. T…