That depends on the derivation path which was used for the xpub and derived address, to which the funds were sent to.
The xprv "owner" can scan "standard" derivation paths to determine whether these keys where used (funds were sent to these), by parsing the blockchain transaction history. If a standard BIP44 key derivation path schema was used, it can scan the following addresses by incrementing the index.
Let's say, the owner shared the xpub key M/44'/0'/0'/0. It can then search the following derivation paths for example to determine which one received funds.
M/44'/0'/0'/0/0
M/44'/0'/0'/0/1
M/44'/0'/0'/0/2
M/44'/0'/0'/0/3
- ...
- If a significant number of consequent keys are unused, the wallet may decide to stop the scan.
If arbitrary derivation paths were used which are unknown to the "owner" instead of standard ones, the space to scan can be very large.
But actually, any string can be parsed to the path, if we use arbitrary query as the path, then we can generate counter less address. I have two concerns here 1) Some address might generated by someone, but the owner don't notice that. 2) There will be too many useless UXTO in memory in long term. – Carpemer – 2019-01-23T10:02:42.930
Yes if it is a nonstandard path it will be hard to recover the derived addresses. – James C. – 2019-01-23T10:27:05.607