Bitcoin Forum

How the fuck do you create an address like this?
Seems someone can crack the code so he can do what he wants?

No, that's 99,9999999% certainly a burn address... It's a valid address, but nobody has it's private key.

If you look at this address in a block explorer, you'll see that the value of the funding transactions is equal to the unspent value (so nobody has ever spent any funds from any transaction funding this addres) => burn address :)

EDIT: you can create your own burn address using a tool like this one: https://github.com/adamkrellenstein/unspendable (if you don't want to learn the technical details on how to do it yourself). Do realise that it's a BURN address, everything you sent to is is considered BURNED... if you generate one, fund it, those funds are now gone forever...

Nope, no one can crack Bitcoin code.

That's address is called as vanity wallet address or a customized Bitcoin address where you can create a wallet with specific letter, word or number as long as it can be created. You can't expect you can get a long customized address since it's hard to create, you need a long time to spend.

Here's the thread for the tutorial [Guide] How to create your customized Bitcoin-Address (vanitygen) – step by step (https://bitcointalk.org/index.php?topic=5096373.0)

The address OP is referring to isn't a vanity address. Vanity addresses are derived with testing a large number of private keys. So, the owner knows the private key.
No one knows the private key of the address mentioned in the OP and creating an address like that is very very easy. The only requirement is that the address must have the correct format of a bitcoin address and pass the checksum.
It may worth mentioning that creating an address like the one mentioned in the OP with a known private key is almost impossible.

Years ago, in 2015, someone created a list of such BTC burn addresses he was aware of in this post (https://bitcointalk.org/index.php?topic=917913.0). This other (https://www.bitcoinwhoswho.com/blog/2017/12/30/8-97-bitcoins-burned-in-2017/) end of 2017 external site includes a longer list, and indicates that 1111111111111111111114oLvT2 was identified as Blockstore’s burn address.

When I looked at this matter recently, I focused more on 1CounterpartyXXXXXXXXXXXXXXXUWLpVr, which is XCP cryptocurrency’s proof of burn address, and I believe is the largest holder of its nature. The story behind (https://counterparty.io/news/why-proof-of-burn/) this case is interesting, and well worth a read to understand why they burned those BTCs.

In terms of how these addresses are created, I found the following two posts to be rather clarifying:
https://bitcointalk.org/index.php?topic=5123840.msg50282766#msg50282766
https://bitcointalk.org/index.php?topic=5278431.msg55270386#msg55270386

As depicted in the above posts, these type of addresses are created to fit the structure and rules of a public address without being originated from a private key. They is therefore nobody that can actually access the burnt BTCs.

I do have the doubt though of how one can distinguish a vanity address from a burn address, whereby the former will be in control of somebody as (theoretically) opposed to the latter (perhaps the length of the legible part of the public address is part of the answer, but it seems like a simple non-exhaustive criteria).

AFAIK, there is no 100% certain way of telling which is a burn address and which is a vanity address...
This being said, it would take gazillions of years to create a vanity adress depicted above, the odds of finding an address like that within a lifetime are so close to zero that you can safely say it IS zero.

If you see an address like my vanity address: 1MocACiWLM8bYn8pCrYjy6uHq4U3CkxLaa you can easily see the "vanity" part is only 6 characters... If you have a GPU farm and a lot of time, you could probably go to 10 or 11 (i guess, not calculated tough), but more than that doesn't seem feasible.

A second thing you can look for is a block explorer: if an address looking like a burn address was funded with hundreds of BTC over many years, and not a single unspent output was ever spent, odds are big it's a burn address...

Last but not least: any address can be a burn address. If you generate an address without a private key, or you immediately destroy the private key after generation, it's a burn address... But it's kind of hard to prove a "normal" looking address is a burn address... Anybody could generate an address and just say it's a burn address.

You are wrong. If a person could really "crack the code and do what he wants" (which is very, very unlikely), then they would have already spent at least some of the funds from the given address. Or better yet, why not crack some of the addresses that contain thousands of bitcoins, like Binance's cold wallet or some of the other Bitcoin Rich List (https://bitinfocharts.com/top-100-richest-bitcoin-addresses.html) addresses?

No, what you are looking at is a "burn address" or "black hole" address. It's a valid address, but nobody has their private key to use in order to spend the funds from that address.

As others have said it is obviously a burn address. The large number of 1 in the beginning just makes it easy to spot. I could just as easily install a new copy of core, copy the 1st address it gave me and then shut it down and delete my wallet.dat file. But it's impossible to prove that.


8 or 9 is about the limit, not counting the 1 at the beginning, that you can do with a sane sized GPU farm. The new 4xxx Nvidia stuff might do better, but it's so power hungry and overpriced at the moment that it's not a real option. Also, some addresses of even the same length are going to be more difficult and take longer to find then others.

Others have posted links to some guides here are the discussions about the actual code / software:

https://bitcointalk.org/index.php?topic=5112311.0
and
https://bitcointalk.org/index.php?topic=25804.0

If you want to pay someone to do it user WhyFly has a service: https://bitcointalk.org/index.php?topic=5397602

-Dave

This address - 1111111111111111111114oLvT2, created from RIPE160 hash with all zero bits "0000000000000000000000000000000000000000"
Because there is no known attacks on ripe160, it is nearly impossible that someone found such input, that will produce that hash, even if you do not take into account double hashing when generating an address.
To get this address, you have to find a such EC point, that will produce such SHA256 hash, which in turn will produce 160 zero-bits RIPEMD.
So, 1111111111111111111114oLvT2 is valid BTC address, but no one knows its key, and it may well be that such a key does not exist at all.

Exactly this is the main point.
While nobody will believe you that you've thrown away the private key for 1MocACiWLM8bYn8pCrYjy6uHq4U3CkxLaa, it's pretty much unlikely (heh 99.9999999%) that you or anyone can have the the private key of
1111111111111111111114oLvT2, 1BitcoinEaterAddressDontSendf59kuE or, why not, 1JasonBrendonHasMuchToLearnwzf2iV, simply because they are far too long to be vanity addresses.

You take any 160-bit number you can think of (from 0x00, to 0xFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF), add a version byte in front of it (0x00 for mainnet), double hash the result with SHA256, take the first 4 bytes of this hash (which is called the checksum), extend your version byte plus 160-bit number with the checksum, and pass this final result through Base58Check encoding (https://en.bitcoin.it/wiki/Base58Check_encoding).

It's highly likely that it's a burning address. However, any coin sent is not provably removed from supply. There are about 2^96 valid Bitcoin private keys that can unlock these outputs.

If you do that, you'll get an address with arbitrary characters not what you wanted to have like all ones similar to the one OP shared. In order to get that type of address with a large number of predefined characters you need to start backwards meaning from the address itself (the details were posted before).

You don't need to make a vanity address if you don't want the private key. Those characters on the right which are not 1, form the checksum - All that guy did is take the bytes that make the character sequence "11111.....", calculate its checksum and then stick it to the right of the address to make it valid. Anyone can do that, but of course those coins will be unspendable because nobody bothered to calculate the private key for it.

I don't understand. Isn't the OP asking how to make burning addresses, just like the address in title?

It is and the method you explained would create a burn address, however the example OP shared is like a subcategory of burn addresses with predefined characters/words like 1BitcoinEaterAddressDontSendf59kuE.

To create an address like that you have to use a bitcoin address validator tool And by creating it you will not have access to the privatekeys, so, all the coins send to that address will be lost.

The tool i use is: https://awebanalysis.com/en/bitcoin-address-validate/

And here the is example of how to use it.


If you find a valid address this way you can use it as a burning address.

Yes but since Base58 does not perfectly fit inside Base2/16, there will be some leftover just like how a single Base10 digit requires 1-5 digits of base2. So you can't just modify a few bits in the hash160 and expect it to change only a single character, it will have a knock-on effect on many Base58 characters.

so you're saying that there are a bunch of idiots sending money to the pit knowing the money is gone forever? Then again, why the fuck do they want to burn money for nothing?

Maybe because they think money can't buy happiness. Or, maybe they have lots of bitcoins, it's just like rich people who have a hobby to burn money at the party. So, as I know when someone sends bitcoin to op return that makes the bitcoin supply decrease, which makes the price to the moon if demand increases.

until yesterday, https://www.blockchain.com/btc/address/1111111111111111111114oLvT2
Someone still sends bitcoin to that address.

strange as this might sound, yes, that's what happening.


There are some reasons sometimes... For example there's counterparty: https://counterparty.io/news/why-proof-of-burn/

And you also have to realise 1 BTC wasn't always equal to $20.000. There were times a bitcoin was only worth a couple of cents. At this time people might have done stuff like this just because they felt like it.

That's what brings me to ask a question like this here. WTF. People these days are crazy. They could have... sent it to me. ;D

I just noticed the transactions funding 1111111111111111111114oLvT2 always have an OP_RETURN output... I'm 99,99999% sure this is a burn address, but odds are they're burning funds to write data to the blockchain permanently. This being said, i have no idear why they'd also include outputs with a "significant" value aswell...

All in all, this is a "Meh" issue for me: people can do with their money whatever they want... If they burn it without any ulterior motive, that's fine for me... If they're burning it to leave permanent data on the blockchain: fine aswell :)

That's right.

They are probably making an OP_RETURN message inside that transaction, given that you'll neber be able to spend an OP_RETURN output even if you have the address' private key, so they just send it to an unspendable address as well.

Why do people throw money in to fountains, down wells, or in to other water features? Bitcoin is yours and yours alone. No one can stop you from doing anything you want with it, even if everyone else thinks it's a stupid idea. But if someone else wants to make my bitcoin more valuable by burning some of their own, then who am I to argue?

Also there are some burn addresses serve a purpose, such as the CounterParty one which gave users a proportion number of XCP tokens based on how much bitcoin they burned. Or encoding data for other purposes as mentioned above. There are various other systems built on top of bitcoin which insert data in the bitcoin blockchain for their own purposes. Such as why many block rewards include and OP_RETURN output labelled "RSKBLOCK".

And of course, bitcoin sent to such burn addresses is not provably burned, and could be recovered in the future. The amount of provably burned bitcoin is quite low at 2,823 BTC.

The more interesting thing, that we will never know, is how much has been lost / burnt due to bad wallets and bad coding in general.
Eliminating the malware wallets, there have been a lot of coins lost over the years, and a lot in the early days of BTC, just due to bad programming and people just playing around.

Lets face it, when BTC was $0.50 and you were testing something and using the main chain instead of testnet, and you tried ten 1BTC transactions before you figured out the issue. Do you go back and waste hours of time to try to retrieve $5.00 or did you just move on to the next thing.

I have done that with some network equipment, yes I could have opened a ticket with the vendor and got something that was damaged due to a bad PoE situation replaced. But, the boards were under $30 each. Between the time to setup a RMA, and the cost to ship would have been a negative number to get them replaced at the time.

FYI, since they are long since discontinued and still needed at times they sell for $7500+ on ebay now. But, back then I would have justifiably gotten yelled at for wasting time. Even if I had passed them to a minimum wage intern to deal with.

-Dave

True enough, but in the early days everyone was using P2PK, meaning that these coins will eventually be reclaimed and reenter circulation if/when the ECDLP is broken by quantum computers.

There are undoubtedly hundreds of thousands, if not millions, of coins which are effectively lost, in which the owner has sent to an address with no known private key, lost/deleted/thrown out their wallet, or something similar. But there is zero way to prove any of this, and even the famous ones like the guy who says he wants to search through a landfill for his hard drive may simply be lying. I personally lose all my private keys in an unfortunate boating accident several times a year. ;) We also have no way of knowing that Satoshi's coins won't suddenly move tomorrow.

So yeah, the provably lost amount of bitcoin is significantly smaller than the probably lost amount of bitcoin. And if you want to burn some bitcoin, far better to do it to an OP_RETURN output than a burner address.

http://gobittest.appspot.com/ProofOfBurn works but seems to break with trailing 1's

Can you explain how to do this?
Do I understand correctly that there are transactions that cannot be spent even knowing the private key?
How to define such transactions?

Depends on your wallet software. With Bitcoin Core, then createrawtransaction has a data field you can specify which will create an OP_RETURN output. In Electrum, you can simply write OP_RETURN followed by the hex encoding of whatever data you want in the address field.

OP_RETURN outputs do not have private keys associated with them. OP_RETURN is an opcode (a type of command used by the bitcoin network) which marks an output as invalid. There is no private key, and any funds sent to OP_RETURN outputs can never be spent. They are provably burned. You can create OP_RETURN outputs without burning any coins, though, just by paying the usual transaction fee.

In theory, it's possible that someone has the private key of those addresses or someone will be able to brute-force the private key of such addresses and can spend the bitcoin sent to them. There is no proof that the bitcoin sent to those addresses will be never spent.
In practice, it's very unlikely that someone will be able to spend them.

Someone actually knowing or stumbling across the private key. Advances in computing managing to break the ECDLP and hash functions we use in order to reverse engineer the private key. Both of these things are incredibly unlikely to happen, but the chance is not zero.

There are ways to provably burn coins, by sending them to outputs which have invalid scripts and so can never be unlocked. We can say with 100% certainty that such coins will never be spent, because there is no way to unlock them. Coins sent to burn addresses are different - there is a way to unlock them, it's just that we assume nobody knows what it is.

Wow, look I found more of them. Do you want more? I can get you more if you want. For cheap price just 1$ per addy.( lol, have you seen opportunists taking advantage of less informed people?).

This right here is a fantastic security assumption when burning bitcoins.
If we really want people to be CONVINCED of the coins being burned IMMEDIATELY (not after the coins weren't moved for 20 years) then we need to burn them with a OP_CODE that makes the coins verifiably non-spendable.

Using the likeliness of the private-key not being recovered from the public key is really not enough as people can easily fool people by using keys which merely look like burn addresses. Users wont verify them and will end up sending money to a scam. If coins are consensus level non-spendable there would be no chance of this.

gee, that makes a lot of sense here.

Correct. There are also other ways to provably burn coins, by sending them to invalid scripts which cannot be unlocked. The biggest such example of this is this transaction: https://blockchair.com/bitcoin/address/s-272edf45031dd498e7b3ae89e11ff21b. In this transaction, someone failed to use their pubkeyhash and instead locked the coins behind "0". Since there is no RIPEMD160 output which outputs a single "0", since the output is always 20 bytes, these coins are provably unspendable.

Not just that - users can't verify them. If I give you an address which "looks" like a burn address, such as 1BurnTheseCoinsNowgk38fLR5y3meHnE, there is absolutely no way for you to verify whether I know the private key to that address or whether I don't. Sure, it looks unlikely, but I have the exact same chance of randomly generating that address (or any other address which "looks" like a burn address) as I do any other possible address.

There is no hardware/ and software in the world capable of generating 17 character prefix address,  not gonna lie you could generate that after 2^80 key gen operations.

---

I believe there should be some sort of fail safe in place to avoid losing coins when you make a mistake sending to a wrong script, maybe miners/ nodes should never accept to relay such transactions?
Also do you know how many zeros could RIPEMD-160 algo produce for a 160 bit hash? I guess it's not generating a certain fixed value.

Absolutely, but there is also absolutely nothing stopping me from generating that address (or a similar one) by random chance. The chance that I generate the private key for that address is exactly the same as the chance that I generate the private key for any other address. Any coins on that address are not provably burned.

RIPEMD160 always outputs 160 bits, which is 20 bytes. If someone used the output 0000000000000000000000000000000000000000, then that would generate the address in this thread's subject - 1111111111111111111114oLvT2. Coins on this address are spendable - you just have to find the private key which gives the pubkeyhash 0000000000000000000000000000000000000000. But coins on the locking script I gave above are not spendable, because there is no RIPEMD160 output which will ever output 0.

Absolutely not. First of all you can't send coins to a burning looking address by mistake. It's something you need to do deliberately. In fact, there are reasons sometimes to send coins there, like supposedly Proof-of-burn mechanisms like Counterparty. Secondly, not relaying such transactions would introduce censorship.

As for falsely written scripts, we already have non-standardness. Be cautious from that point on.

Only way of creating such a fail safe is to make the output a 2 of 2 multisig in which the sender can redeem before or after a specific lock time and the second signer can redeem otherwise. The problem is that this assumes you have properly formatted your script and are sending to the expected one. In the case that you send to the WRONG script, it's impossible to recover unless that wrong script has this time-lock recovery spending condition. Miners accept ANY valid transaction or else bitcoin would be censorship enforcing.

Sorry to raise this question again, but I see that Bitcoin Developer lists this as a required field in the second parameter (which is also required). If I do not want to make an OP_RETURN output, should I just pass a {"data": ""} argument? Or will I get away with leaving the object out, as I've seen Bitcoin Developer examples over here (https://developer.bitcoin.org/reference/rpc/createrawtransaction.html) do?

Just leave it out. It is "required" only if you want to create a data output. If you don't want a data output, it isn't required and can be left out entirely.