Interesting addresses on the blockchain

Ten years ago I occasionally wrote posts for a blog I ran about Bitcoin. This is the most popular article on it, which has been read about two thousand times, so I thought it might be interesting here on LinkedIn.

It was originally written in March 2014.

The technical bit

A quick recap:

• Your bitcoin wallet consists of pairs of private/public keys.
• Each private key is a 256 bit number between 1 and about (1.15 times 10 to the power of 77). Note that this is slightly lower than 2 to the power of 256.
• The public key is generated from the private key using the "Eliptic Curve Digital Signature Algorithm", or ECDSA.
• The Bitcoin address is generated by a series of hashes (called SHA256 and RIPEMD-160), a checksum and finally encoding into Base58.
• The private key is used to sign any transaction transferring bitcoins from the bitcoin address associated with it to any other valid bitcoin address.
• The public key can be used to check that the private key signature of the transfer is valid; this is done by the bitcoin miners before adding the transaction to the blockchain.
• Once a transaction is added to a block in the blockchain it's finalized and can be spent (okay, in practice you need a few more blocks to add on afterwards to really finalize it - the block could be invalidated shortly afterwards. 6 further blocks is considered rock-solid confirmation).

So here is where the fun begins - lets take a test engineer approach to analyzing it.

What happens if you send bitcoins to a random address

If you simply invent a bitcoin address, like?1NyUkGNxZ1RoKmRUPYJBgouS1nJneDX6, the checksum shows that it's invalid, so the coins won't be sent.

If you accidentally pick a valid address, the coins are gone - no one will ever be able to spend them. The odds of someone having the private key to a random valid public bitcoin address are lower than you finding a specific grain of sand that was briefly stuck to your foot on the first day of your first beach holiday abroad.

The bitcoin address associated with a private key of 0

If you pick 0 as your private key (e.g. through programmer error) then the ECDSA algorithm returns a public key of 0400000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000. The bitcoin address generating algorithm, when applied to this public key returns an address of?16QaFeudRUt8NYy2yzjm3BMvG4xBbAsBFM?which at the time of writing this post has a balance of 0.01 bitcoins (now 0.01024130).

This sum can never be redeemed, as 0 isn't a valid private key and can't be used to sign the transfer transaction.

The blank bitcoin address

If you apply the bitcoin address generating algorithm to a public key that is null (i.e. the empty string), it returns a valid address. This could happen if there's an error in your software that doesn't pass the correct public key on to the bitcoin address generating algorithm in your code. The valid address returned is?1HT7xU2Ngenf7D4yocz2SAcnNLW7rK8d4E.

This currently has nineteen transactions paid into it to a sum of almost 70 bitcoins - worth nearly 45,000 USD at the moment (72.22 bitcoins now, worth 2.1 million USD).

Unfortunately these coins can never be redeemed - there is no private key that returns a blank public key.

Obvious private keys

Here are some private keys with addresses that had a balance at some point, that I found:

Key 1, address?1EHNa6Q4Jz2uvNExL497mE43ikXhwF6kZm?has had about 4.2 bitcoins over the years. There are several people monitoring it and transferring any balance within seconds if any is paid in.

Key 126, address?163bgHt747rfMKf7tM6XEoCzhKbvrYgZ6N?had a small fraction of bitcoin paid into it once.

Key 22??-1, address?12M4QznuNZH2BRVbLK8SKvNqGTPJpCpST7?has had about 0.005 bitcoin. Technically speaking the key is invalid - it's too big, but in practice all code performs a modulo operation on it to reduce it's size.

Key (biggest valid ECDSA key), address 1JPbzbsAx1HyaDQoLMapWGoqf9pD5uha5m?has also been used a few times.

Brain wallets

Some bright spark noticed that if you take a SHA256 hash of some text you get a 256 bit number, which can be used as a private key. So people started using phrases as passwords to "carry" their bitcoins around in their head. Unfortunately brute-forcing these kinds of passphrases is far too easy, so I wouldn't recommend it. Here are some passphrases that have addresses which had balances at some point:

Key SHA256("password")

Key SHA256 ("password1")

Key SHA256("correct horse battery staple")

Key SHA256("you don't win friends with salad!")

Key SHA256("bitcoin is awesome") - 500 bitcoins taken from this one, that's a third of a million dollars today

Key SHA256("satoshi nakamoto")

And that's it for today.