How to create a Bitcoin black hole
It is surprisingly easy to construct a new Bitcoin address that can accept payments, which will be immediately and forever lost. Such addresses are called “provably unspendable,” meaning that you can prove beyond all doubt that no one ever can transfer a single sathoshi out from them.
In this example, we will be creating a so-called P2SH address, in which “SH” means “script hash.” Keep in mind that every bitcoin address is, in fact, a wrapped script, and for its owner to spend from it, he or she must create a valid transaction from it.
Valid transactions, in turn, contain scripts that must – somewhat over-simplified – satisfy two criteria: First, they must run without errors. Second, they must return “TRUE” (technically: the top item in the stack must be a positive integer).
Since P2SH addresses give away only the hash of the script, and not the script itself, it is not possible to determine beforehand whether a given script hash corresponds to code that is able to run without errors. Therefore, it is impossible to enforce any sort of new standard that would disallow dysfunctional scripts – as we shall demonstrate. In other words, creating a “catastrophic P2SH address” is fairly straightforward.
The magic ingredient is the opcode OP_RETURN. If we look it up, we see that:
Marks transaction as invalid. Since bitcoin 0.9, a standard way of attaching extra data to transactions is to add a zero-value output with a scriptPubKey consisting of OP_RETURN followed by data. Such outputs are provably unspendable and specially discarded from storage in the UTXO set, reducing their cost to the network.
This means that a script that contains OP_RETURN and nothing else can never satisfy the criteria, as when they are executed they will always return “FALSE.” Put differently, such scripts are provably unspendable. Any output to such an address is forever stuck and non-retrievable.
Let’s create such an address! First, we need a few bytes of gibberish data to create a unique address, so why not “6274636c65616b2e636f6d”, which happens to be the hexadecimal representation of the ASCII string “btcleak.com” (cheesy?).
Our script is thus:
OP_RETURN 11 0x6274636c65616b2e636f6d
A few short comments about it. The “11” in it is simply the number of bytes that follow, and somewhat confusingly, they are written as a “normal” decimal number, which is followed by a hexadecimal string. (Since 1 byte is 8 bits, and hexadecimal is a 16-digit format, the byte-size of a hexadecimal string is its number of characters divided by 2.)
This script is then converted – or rather serialized, which is the correct term – into the hexadecimal string
6a0b6274636c65616b2e636f6d
which we will use. Now, there are a million ways to convert a serialized script to its corresponding P2SH address, but this is not a tutorial for that, so we will simply provide you with a few uncommented lines of Python that do the job:
>>> script = ‘6a0b6274636c65616b2e636f6d’
>>> base58.b58encode_check(binascii.unhexlify(’05’+ hashlib.new(‘ripemd160’, hashlib.sha256(binascii.unhexlify(script)).digest()).hexdigest())).decode()
‘3JM8v96QvZ17jjcH2hDa81BSdMt2yqER56’
Hereby, we have shown that 3JM8v96QvZ17jjcH2hDa81BSdMt2yqER56 is a valid Bitcoin address that anyone can send to, and we have also proven that no one can ever redeem it.
Bitcoins are fragile. Anyone who owns them has the capacity to burn them – with indisputable evidence. We take the liberty to call 3JM8v96QvZ17jjcH2hDa81BSdMt2yqER56 a Bitcoin black hole. Whatever you send to it is forever lost.
(If we define “forever” until the time for a Bitcoin hard-fork that will allow spending from such scripts; it can theoretically happen, but in that case, Bitcoin is no longer Bitcoin.)
The existence of Bitcoin black holes opens up a few interesting possibilities. One such option is that someone who controls a large amount of Bitcoin can burn them and prove it. Since the total amount of Bitcoin is written in stone, this will lead to fewer Bitcoins in circulation – and thus an increase in value for those that are.
Comments or questions?
One more thing!
Consider the donation address at the bottom of the page. We re-invest all contributions into new projects for btcleak.com. Help us create new content and remain ad-free forever. Thank you.
Wait wtf, did someone actually send coins there?!
https://www.blockchain.com/btc/address/3JM8v96QvZ17jjcH2hDa81BSdMt2yqER56
We plead guilty 🙂 We transferred 666 satoshi – a suitable sum – straight into the black hole. Check if it’s still there tomorrow and then in ten years. We cannot take it back. No one can ever touch them. They are lost forever…
How can one tell if a script hash is invalid? For example, using your python script above I found a few other used addresses with trivial script hashes, but appear invalid:
3Dnnf49MfH6yUntqY6SxPactLGP16mhTUq
Script: 0e0020
3MiHYymaFeSj6B2oMQivWPgqhqHYmUyea3
Script: 5200ae
3GVNBg3RYR6N7xhUAQnm7vWyvUY8eSninM
Script: 494e46
3QQxH91WgXDpi6QAQcjV3uif8WTbMtfZu4
Script: 93545887
These are all unspendable? Is there a tool to debug script hashes?
Guys we need to donate to this guy to keep the forum update I see a lot of guys who teach specific vulnerabilities do not keep it up
ALL YOU NEED TO KNOW ABOUT SCAM RECOVERY is that; the only organization capable of retrieving your lost funds from online scams, fraud and scam investment websites are Team of PROFESSIONAL HACKERS & CYBER FORENSIC EXPERTS, they are the ones who knows various Retrieval Techniques and Strategies that suits different scenarios of Scams such as cryptocurrency scam, Investment scam, Trading scam, Binary Options scam, Real-Estate scam etc .You have to take a SMART step by consulting a team of Highly Ranked Hackers and Cyber Forensic Experts At FUNDS RETRIEVAL PANEL
w w w . fundsretrievalpanel . c o m
WERE YOU SCAMMED THROUGH FAKE CRYPTO INVESTMENTS?
I was lucky to come across AstraWeb Cyber Security Network, which was able to recover my stolen Bitcoin worth $704,000 after I was scammed by a fake cryptocurrency investment platform.
I was very naive and was taken advantage of when I was contacted by a scammer who told me I could earn huge profits from my investment, I started with an initial investment of $1,500 and it went on and on until it was time to withdraw my profits and I discovered I have been scammed.
I was depressed and hurt but I’m glad I came across AstraWeb Cyber which was able to trace and recover my stolen Bitcoin.
If you ever wondered if it was possible to recover lost or stolen cryptocurrencies, yes it is possible with the right resources and information. I’m truly grateful AstraWeb that they were able to help me get my money back. They are very professional and their service is excellent.
Their contact information is written below
E-mail: AstraWeb@cyberdude . com
Website: www . astrawebcybersecurity . net
I’m hugely indebted to their excellent team and magnificent work. The best cryptocurrency recovery team and I’m highly recommending their services.
Numerous choices made by eminent investors caused many of them to end up in the wrong hands. I was previously a victim as well after being convinced to deposit $90,000 in an untrue investment website. However, after learning that everything was a hoax, I was in disbelief. Since all of this cash was my own hard-earned money, I nearly gave up. The real truth was a recommendation of Pro Wizard Gilbert Recoveryfrom a companion. In a matter of 72 hours, I was able to get my money back. The Pro Wizard Gilbert Recovery team deserves the utmost praise since they were fantastic. Pro Wizard Gilbert Recovery is accessible to help you the most if you need a collaborative hacking team. Here is a contact information: Contact: prowizardgilbertrecovery(@)engineer.com also, visit their website: prowizardgilbertrecovery.xyz