1111111111111111111114oLvT2

[Jason Brendon]

until yesterday, https://www.blockchain.com/btc/address/1111111111111111111114oLvT2
Someone still sends bitcoin to that address.

That's what brings me to ask a question like this here. WTF. People these days are crazy. They could have... sent it to me.

[mocacinno]

I just noticed the transactions funding 1111111111111111111114oLvT2 always have an OP_RETURN output... I'm 99,99999% sure this is a burn address, but odds are they're burning funds to write data to the blockchain permanently. This being said, i have no idear why they'd also include outputs with a "significant" value aswell...

All in all, this is a "Meh" issue for me: people can do with their money whatever they want... If they burn it without any ulterior motive, that's fine for me... If they're burning it to leave permanent data on the blockchain: fine aswell

[NotATether]

so you're saying that there are a bunch of idiots sending money to the pit knowing the money is gone forever? Then again, why the fuck do they want to burn money for nothing?

That's right.

They are probably making an OP_RETURN message inside that transaction, given that you'll neber be able to spend an OP_RETURN output even if you have the address' private key, so they just send it to an unspendable address as well.

[o_e_l_e_o]

Then again, why the fuck do they want to burn money for nothing?

Why do people throw money in to fountains, down wells, or in to other water features? Bitcoin is yours and yours alone. No one can stop you from doing anything you want with it, even if everyone else thinks it's a stupid idea. But if someone else wants to make my bitcoin more valuable by burning some of their own, then who am I to argue?

Also there are some burn addresses serve a purpose, such as the CounterParty one which gave users a proportion number of XCP tokens based on how much bitcoin they burned. Or encoding data for other purposes as mentioned above. There are various other systems built on top of bitcoin which insert data in the bitcoin blockchain for their own purposes. Such as why many block rewards include and OP_RETURN output labelled "RSKBLOCK".

And of course, bitcoin sent to such burn addresses is not provably burned, and could be recovered in the future. The amount of provably burned bitcoin is quite low at 2,823 BTC.

[DaveF]

...The amount of provably burned bitcoin is quite low at 2,823 BTC.

The more interesting thing, that we will never know, is how much has been lost / burnt due to bad wallets and bad coding in general.
Eliminating the malware wallets, there have been a lot of coins lost over the years, and a lot in the early days of BTC, just due to bad programming and people just playing around.

Lets face it, when BTC was $0.50 and you were testing something and using the main chain instead of testnet, and you tried ten 1BTC transactions before you figured out the issue. Do you go back and waste hours of time to try to retrieve $5.00 or did you just move on to the next thing.

I have done that with some network equipment, yes I could have opened a ticket with the vendor and got something that was damaged due to a bad PoE situation replaced. But, the boards were under $30 each. Between the time to setup a RMA, and the cost to ship would have been a negative number to get them replaced at the time.

FYI, since they are long since discontinued and still needed at times they sell for $7500+ on ebay now. But, back then I would have justifiably gotten yelled at for wasting time. Even if I had passed them to a minimum wage intern to deal with.

-Dave

[o_e_l_e_o]

Eliminating the malware wallets, there have been a lot of coins lost over the years, and a lot in the early days of BTC, just due to bad programming and people just playing around.

True enough, but in the early days everyone was using P2PK, meaning that these coins will eventually be reclaimed and reenter circulation if/when the ECDLP is broken by quantum computers.

There are undoubtedly hundreds of thousands, if not millions, of coins which are effectively lost, in which the owner has sent to an address with no known private key, lost/deleted/thrown out their wallet, or something similar. But there is zero way to prove any of this, and even the famous ones like the guy who says he wants to search through a landfill for his hard drive may simply be lying. I personally lose all my private keys in an unfortunate boating accident several times a year. We also have no way of knowing that Satoshi's coins won't suddenly move tomorrow.

So yeah, the provably lost amount of bitcoin is significantly smaller than the probably lost amount of bitcoin. And if you want to burn some bitcoin, far better to do it to an OP_RETURN output than a burner address.

[WhyFhy]

How the fuck do you create an address like this?
Seems someone can crack the code so he can do what he wants?

http://gobittest.appspot.com/ProofOfBurn works but seems to break with trailing 1's

[PrivatePerson]

And if you want to burn some bitcoin, far better to do it to an OP_RETURN output than a burner address.

Can you explain how to do this?
Do I understand correctly that there are transactions that cannot be spent even knowing the private key?
How to define such transactions?

[o_e_l_e_o]

Can you explain how to do this?

Depends on your wallet software. With Bitcoin Core, then createrawtransaction has a data field you can specify which will create an OP_RETURN output. In Electrum, you can simply write OP_RETURN followed by the hex encoding of whatever data you want in the address field.

Do I understand correctly that there are transactions that cannot be spent even knowing the private key?

OP_RETURN outputs do not have private keys associated with them. OP_RETURN is an opcode (a type of command used by the bitcoin network) which marks an output as invalid. There is no private key, and any funds sent to OP_RETURN outputs can never be spent. They are provably burned. You can create OP_RETURN outputs without burning any coins, though, just by paying the usual transaction fee.

[Jason Brendon]

And of course, bitcoin sent to such burn addresses is not provably burned, and could be recovered in the future. The amount of provably burned bitcoin is quite low at 2,823 BTC.

What do you mean they can be recovered in the future? how?

[hosseinimr93]

And of course, bitcoin sent to such burn addresses is not provably burned, and could be recovered in the future. The amount of provably burned bitcoin is quite low at 2,823 BTC.

What do you mean they can be recovered in the future? how?

In theory, it's possible that someone has the private key of those addresses or someone will be able to brute-force the private key of such addresses and can spend the bitcoin sent to them. There is no proof that the bitcoin sent to those addresses will be never spent.
In practice, it's very unlikely that someone will be able to spend them.

[o_e_l_e_o]

What do you mean they can be recovered in the future? how?

Someone actually knowing or stumbling across the private key. Advances in computing managing to break the ECDLP and hash functions we use in order to reverse engineer the private key. Both of these things are incredibly unlikely to happen, but the chance is not zero.

There are ways to provably burn coins, by sending them to outputs which have invalid scripts and so can never be unlocked. We can say with 100% certainty that such coins will never be spent, because there is no way to unlock them. Coins sent to burn addresses are different - there is a way to unlock them, it's just that we assume nobody knows what it is.

[digaran]

Wow, look I found more of them. Do you want more? I can get you more if you want. For cheap price just 1$ per addy.( lol, have you seen opportunists taking advantage of less informed people?).

Code:

1111111111111111111114oLvT2
11111111111111111111BZbvjr
11111111111111111111HeBAGj
11111111111111111111QekFQw
11111111111111111111UpYBrS
11111111111111111111g4hiWR
11111111111111111111jGyPM8
11111111111111111111o9FmEC
11111111111111111111ufYVpS
1111111111111111111127DiY8B
111111111111111111112BEH2ro
111111111111111111112KWC9yd
111111111111111111112MbYeKK
111111111111111111112WhxnQF
111111111111111111112czxoHN
111111111111111111112kmzDG2
111111111111111111112xT3273
1111111111111111111135LjaTk
111111111111111111113BCNaZA
111111111111111111113MEMrbm
111111111111111111113UauxVS
111111111111111111113Vsgn16
111111111111111111113h6eYvj
111111111111111111113iqSWm1
111111111111111111113twUjvB
111111111111111111114gFexwh
111111111111111111114mA2k9d
111111111111111111114ry6XwB
111111111111111111114ysyUW1
111111111111111111115719xWh
111111111111111111115GZoCZK
111111111111111111115Jk6jSN
111111111111111111115Vdmk4z
111111111111111111115bqgQLs
111111111111111111115hA977A
111111111111111111116WGuH8i
111111111111111111116ayzEtU
111111111111111111116iBpJVP
111111111111111111116p9wW39
111111111111111111116xyhaXw
111111111111111111116zvHYMP
1111111111111111111178p8Uvz
111111111111111111117HhpFr4
111111111111111111117MncoQu
111111111111111111117TDMMQQ
111111111111111111118GEJCAf

[based52]

There are ways to provably burn coins, by sending them to outputs which have invalid scripts and so can never be unlocked. We can say with 100% certainty that such coins will never be spent, because there is no way to unlock them. Coins sent to burn addresses are different - there is a way to unlock them, it's just that we assume nobody knows what it is.

This right here is a fantastic security assumption when burning bitcoins.
If we really want people to be CONVINCED of the coins being burned IMMEDIATELY (not after the coins weren't moved for 20 years) then we need to burn them with a OP_CODE that makes the coins verifiably non-spendable.

Using the likeliness of the private-key not being recovered from the public key is really not enough as people can easily fool people by using keys which merely look like burn addresses. Users wont verify them and will end up sending money to a scam. If coins are consensus level non-spendable there would be no chance of this.

[Jason Brendon]

There are ways to provably burn coins, by sending them to outputs which have invalid scripts and so can never be unlocked. We can say with 100% certainty that such coins will never be spent, because there is no way to unlock them. Coins sent to burn addresses are different - there is a way to unlock them, it's just that we assume nobody knows what it is.

This right here is a fantastic security assumption when burning bitcoins.
If we really want people to be CONVINCED of the coins being burned IMMEDIATELY (not after the coins weren't moved for 20 years) then we need to burn them with a OP_CODE that makes the coins verifiably non-spendable.

Using the likeliness of the private-key not being recovered from the public key is really not enough as people can easily fool people by using keys which merely look like burn addresses. Users wont verify them and will end up sending money to a scam. If coins are consensus level non-spendable there would be no chance of this.

gee, that makes a lot of sense here.

[o_e_l_e_o]

If we really want people to be CONVINCED of the coins being burned IMMEDIATELY (not after the coins weren't moved for 20 years) then we need to burn them with a OP_CODE that makes the coins verifiably non-spendable.

Correct. There are also other ways to provably burn coins, by sending them to invalid scripts which cannot be unlocked. The biggest such example of this is this transaction: https://blockchair.com/bitcoin/address/s-272edf45031dd498e7b3ae89e11ff21b. In this transaction, someone failed to use their pubkeyhash and instead locked the coins behind "0". Since there is no RIPEMD160 output which outputs a single "0", since the output is always 20 bytes, these coins are provably unspendable.

Users wont verify them and will end up sending money to a scam.

Not just that - users can't verify them. If I give you an address which "looks" like a burn address, such as 1BurnTheseCoinsNowgk38fLR5y3meHnE, there is absolutely no way for you to verify whether I know the private key to that address or whether I don't. Sure, it looks unlikely, but I have the exact same chance of randomly generating that address (or any other address which "looks" like a burn address) as I do any other possible address.

[digaran]

1BurnTheseCoinsNowgk38fLR5y3meHnE, there is absolutely no way for you to verify whether I know the private key to that address or whether I don't.

There is no hardware/ and software in the world capable of generating 17 character prefix address,  not gonna lie you could generate that after 2^80 key gen operations.
I believe there should be some sort of fail safe in place to avoid losing coins when you make a mistake sending to a wrong script, maybe miners/ nodes should never accept to relay such transactions?
Also do you know how many zeros could RIPEMD-160 algo produce for a 160 bit hash? I guess it's not generating a certain fixed value.

[o_e_l_e_o]

There is no hardware/ and software in the world capable of generating 17 character prefix address

Absolutely, but there is also absolutely nothing stopping me from generating that address (or a similar one) by random chance. The chance that I generate the private key for that address is exactly the same as the chance that I generate the private key for any other address. Any coins on that address are not provably burned.

Also do you know how many zeros could RIPEMD-160 algo produce for a 160 bit hash? I guess it's not generating a certain fixed value.

RIPEMD160 always outputs 160 bits, which is 20 bytes. If someone used the output 0000000000000000000000000000000000000000, then that would generate the address in this thread's subject - 1111111111111111111114oLvT2. Coins on this address are spendable - you just have to find the private key which gives the pubkeyhash 0000000000000000000000000000000000000000. But coins on the locking script I gave above are not spendable, because there is no RIPEMD160 output which will ever output 0.

[BlackHatCoiner]

I believe there should be some sort of fail safe in place to avoid losing coins when you make a mistake sending to a wrong script, maybe miners/ nodes should never accept to relay such transactions?

Absolutely not. First of all you can't send coins to a burning looking address by mistake. It's something you need to do deliberately. In fact, there are reasons sometimes to send coins there, like supposedly Proof-of-burn mechanisms like Counterparty. Secondly, not relaying such transactions would introduce censorship.

As for falsely written scripts, we already have non-standardness. Be cautious from that point on.

[based52]

I believe there should be some sort of fail safe in place to avoid losing coins when you make a mistake sending to a wrong script, maybe miners/ nodes should never accept to relay such transactions?

Only way of creating such a fail safe is to make the output a 2 of 2 multisig in which the sender can redeem before or after a specific lock time and the second signer can redeem otherwise. The problem is that this assumes you have properly formatted your script and are sending to the expected one. In the case that you send to the WRONG script, it's impossible to recover unless that wrong script has this time-lock recovery spending condition. Miners accept ANY valid transaction or else bitcoin would be censorship enforcing.