diff --git a/src/hdwallet.js b/src/hdwallet.js
index 5432043..cfcc5fe 100644
--- a/src/hdwallet.js
+++ b/src/hdwallet.js
@@ -119,6 +119,9 @@ HDWallet.fromBuffer = function(buffer) {
     var decode = ECPointFp.decodeFrom(ecparams.getCurve(), data)
     assert.equal(decode.compressed, true, 'Invalid public key')
 
+    // When importing a serialized extended public key, implementations must verify whether the X coordinate in the public key data corresponds to a point on the curve. If not, the extended public key is invalid.
+    decode.Q.validate()
+
     hd = new HDWallet(decode.Q, chainCode, params.network)
   }
 
diff --git a/test/fixtures/hdwallet.json b/test/fixtures/hdwallet.json
index cf00869..7c93daa 100644
--- a/test/fixtures/hdwallet.json
+++ b/test/fixtures/hdwallet.json
@@ -203,6 +203,10 @@
       {
         "exception": "Could not find version 22222222",
         "hex": "222222220000000000000000007ffc03d4a1f2fb41ef93374c69e4d19e42e27c9a87ec8b799a205eecd3b43b5f02948d03e260a571e21bcf5bfd8e3b6602800df154906e06b2bc88eee410aee355"
+      },
+      {
+        "exception": "Point is not on the curve",
+        "hex": "0488b21e000000000000000000873dff81c02f525623fd1fe5167eac3a55a049de3d314bb42ee227ffed37d508020045400697100007000037899988826500030092003000016366806305909050"
       }
     ]
   }