How to create a Bitcoin black hole

It is surprisingly easy to construct a new Bitcoin address that can accept payments, which will be immediately and forever lost. Such addresses are called “provably unspendable,” meaning that you can prove beyond all doubt that no one ever can transfer a single sathoshi out from them.

In this example, we will be creating a so-called P2SH address, in which “SH” means “script hash.” Keep in mind that every bitcoin address is, in fact, a wrapped script, and for its owner to spend from it, he or she must create a valid transaction from it.

Valid transactions, in turn, contain scripts that must – somewhat over-simplified – satisfy two criteria: First, they must run without errors. Second, they must return “TRUE” (technically: the top item in the stack must be a positive integer).

Since P2SH addresses give away only the hash of the script, and not the script itself, it is not possible to determine beforehand whether a given script hash corresponds to code that is able to run without errors. Therefore, it is impossible to enforce any sort of new standard that would disallow dysfunctional scripts – as we shall demonstrate. In other words, creating a “catastrophic P2SH address” is fairly straightforward.

The magic ingredient is the opcode OP_RETURN. If we look it up, we see that:

Marks transaction as invalid. Since bitcoin 0.9, a standard way of attaching extra data to transactions is to add a zero-value output with a scriptPubKey consisting of OP_RETURN followed by data. Such outputs are provably unspendable and specially discarded from storage in the UTXO set, reducing their cost to the network.

This means that a script that contains OP_RETURN and nothing else can never satisfy the criteria, as when they are executed they will always return “FALSE.” Put differently, such scripts are provably unspendable. Any output to such an address is forever stuck and non-retrievable.

Let’s create such an address! First, we need a few bytes of gibberish data to create a unique address, so why not “6274636c65616b2e636f6d”, which happens to be the hexadecimal representation of the ASCII string “btcleak.com” (cheesy?).

Our script is thus:

OP_RETURN 11 0x6274636c65616b2e636f6d

A few short comments about it. The “11” in it is simply the number of bytes that follow, and somewhat confusingly, they are written as a “normal” decimal number, which is followed by a hexadecimal string. (Since 1 byte is 8 bits, and hexadecimal is a 16-digit format, the byte-size of a hexadecimal string is its number of characters divided by 2.)

This script is then converted – or rather serialized, which is the correct term – into the hexadecimal string

6a0b6274636c65616b2e636f6d

which we will use. Now, there are a million ways to convert a serialized script to its corresponding P2SH address, but this is not a tutorial for that, so we will simply provide you with a few uncommented lines of Python that do the job:

Hereby, we have shown that 3JM8v96QvZ17jjcH2hDa81BSdMt2yqER56 is a valid Bitcoin address that anyone can send to, and we have also proven that no one can ever redeem it.

Bitcoins are fragile. Anyone who owns them has the capacity to burn them – with indisputable evidence. We take the liberty to call 3JM8v96QvZ17jjcH2hDa81BSdMt2yqER56 a Bitcoin black hole. Whatever you send to it is forever lost.

(If we define “forever” until the time for a Bitcoin hard-fork that will allow spending from such scripts; it can theoretically happen, but in that case, Bitcoin is no longer Bitcoin.)

The existence of Bitcoin black holes opens up a few interesting possibilities. One such option is that someone who controls a large amount of Bitcoin can burn them and prove it. Since the total amount of Bitcoin is written in stone, this will lead to fewer Bitcoins in circulation – and thus an increase in value for those that are.

Comments or questions?

• Category: Scripts
• Tag: blockchain, python, transaction