The only thing that matters is the checksum, because who cares if the destination address is not currently in the blockchain. It is obviously possible to send BTC to a new address which is not already there.
Kranar 6 hours ago [-]
Yeah this is a fairly poor article by an otherwise amazing blogger.
With that said the point stands that the likelihood of sending bitcoin to an unintended address due to a typo is very small. It's not as small as the article suggests, but it's still basically impossible (about 1 in 4.3 billion for a single character typo).
Perhaps the irony is that if you do happen to send bitcoin to an unintended address, you have a much greater chance of recovering it if that address belongs to a real person and is in use. If the address is not in use, then for all intents and purposes that bitcoin is lost forever.
pcthrowaway 5 hours ago [-]
There is functionally no chance of sending it to an address which is in use by accident.
The chance is about as high as the chance of generating the keys for a new wallet address and finding it has already been in use.
extraduder_ire 3 hours ago [-]
Since bitcoin "addresses" are just public key hashes, is there any way for them to even be "in the blockchain" without sending them a payment?
yieldcrv 2 hours ago [-]
No, it is just a namespace, and you can predict addresses that you control but haven’t generated yet
Or send to one that nobody has the key for
Additionally, you can prove you have the key completely offline if you want, which can suffice for collateral or pose authorizations
Most of these features of Bitcoin have been abstracted away for user friendliness, but are still accessible
if you know you know, solved problems (ratified protocols and standards) since 2012 or so
juujian 9 hours ago [-]
Are people typing Bitcoin addresses by hand? Aren't they far more likely to c&p a spoofed Bitcoin address?
johnisgood 6 hours ago [-]
People use this against cryptocurrencies. It should be an argument against stupidity instead. You get a confirmation popup as well asking if you are sure about the address in many wallets.
BobAliceInATree 6 hours ago [-]
No number of confirmation dialogs going to help anyone in determining that their 27+ digit address is mistyped.
johnisgood 6 hours ago [-]
Copy paste, and triple check the first and last 4 characters.
pants2 5 hours ago [-]
Not good enough, scammers will make copycat look-alike addresses that have the same first ~7 and last ~7 characters.
johnisgood 3 hours ago [-]
What does this mean in practice though? If you need to be certain, make sure you copy the right address.
johtso 4 hours ago [-]
What about something like VisualHostKey but for the bitcoin address?
nullc 52 minutes ago [-]
Bad advice scammers/malware have huge tables of addresses they've generated that agree in the first N and last N characters. If a user is going to compare a subset they should make an effort to make it be an unpredictable subset.
charcircuit 5 hours ago [-]
Bad actors can easily pregenerate adresses that mach those ahead of time.
bigfishrunning 6 hours ago [-]
People are stupid, and there's no way around that. If bitcoin can't protect stupid people against themselves, then that's a pretty major flaw.
6 hours ago [-]
6 hours ago [-]
giancarlostoro 6 hours ago [-]
Even when I copy and paste, I triple check the beginning and end of the addresses shown.
johnisgood 6 hours ago [-]
Same. I triple check the beginning and the end. Just like I am supposed to when handling money. In cases of many cryptocurrencies, you should focus more on the last characters instead of the first. In terms of Bitcoin, it usually begins with "bc1" (yes, depends) and ends with whatever. Triple check either way. Sometimes I would clear my clipboard and copy paste anew.
mr_mitm 5 hours ago [-]
Generating an evil wallet where the last six characters or so match the original is probably feasible. I heard of this being done to SSH host keys. Someone invented randomart images to make it easier for humans to compare binary strings [1], but I'm not sure how well they fare against similar attacks.
You are far more likely to paste the wrong address than to type it. When dealing with multiple wallets and recipients it's an easy mistake.
nullc 7 hours ago [-]
> Each is at least 20 bytes (160 bits) long, with at least 4 bytes (32 bits) of checksum.
Not quite. More modern addresses have 30 bit checksums (so not at least 32 bits!), but rather than being a truncated cryptographic hash the check digits are a BCH code that guarantees any 4 or fewer substitution or transposition errors will always be detected (or 5 bitflips IIRC)... along with one in a billion or better detection of other kinds of errors.
So although the newer formats provides somewhat less protection against wildly incorrect, the protection against likely errors is much greater. The newer addresses are also case insensitive which was the biggest source of transcription errors in most contexts before.
Beyond being better for real errors the use of a error correction code also makes it impossible to intentionally generate 'fragile' addresses where there does exist a one character typo which is a valid address. It also makes it practical for wallet software to highlight the position of a likely typo, which can greatly speed things up when fixing a mistake. (The spec strenuously cautions against correcting errors, because any correction undermines detection strength).
And as hleszek's comment says, existing addresses don't help, generally addresses should not be reused-- they're not accounts, reusing addresses doesn't make the system work better. Early on in Bitcoin's life people created a scheme for shortened addresses where you used truncated addresses that were unmapped to the first user of that prefix. This obviously bad idea ran into immediate spoofing problems, and people quickly learned better.
> but address typos are not a major concern.
Yeah though malware that substitutes addresses in clipboards and copying the WRONG address are both real risks.
What you also might have heard is advice about _Ethereum_, which in spite of being created long after Bitcoin has addresses with no meaningful checksum and which has caused quite significant losses. (There is an optional very weak checksum using mixed case hex, but AFAICT it's not widely used).
Deuter8 6 hours ago [-]
Early on in Bitcoin's life, Satoshi had a clear plan for increasing blocksize as necessary, but you went and screwed that up with your buddies. Hope it was worth it for you per$onally. OGs will never forget.
skeezyboy 6 hours ago [-]
Tell Satoshi hes a numpty. How could he not forsee the issues inherent in his design?
nullc 55 minutes ago [-]
What an interesting flashback-- as of the last three days I'm starting to see again this sort of strange offtopic harassment following me around the internet.
In any case, what Satoshi remarks were you referring to? Perhaps his last related to the subject?
> Piling every proof-of-work quorum system in the world into one dataset doesn't scale. [...] Bitcoin users might get increasingly tyrannical about limiting the size of the chain so it's easy for lots of users and small devices
I stopped working on some Bitcoin seven years ago after being burned out by harassment, threats, and an a literal trillion dollars worth hateful of vexatious litigation eating up my time. After all that I'm not intimidated by you. I reject your absurd accusations, but if they were true by this time you have only yourself to blame. If whatever you thought should have been done was doable and valuable, why didn't you do it and why isn't anyone using it? I certainly didn't stop you.
bloatedGoat 6 hours ago [-]
Source?
In any case, a fork of Bitcoin with bigger blocks has existed for years and the market doesn't prefer it despite all the big names and companies hyping it up at the time of the split.
Satoshi left Bitcoin so there wouldn't be an appeal to authority so maybe your argument isn't as strong as you think it is.
Hum, set aside anything who TYPE a BTC (or any crypto) address instead of mere copy/autoscanning it?
anonfordays 2 hours ago [-]
Reminds me lf that dev that sent $100k worth of coins to the wrong smart contract address and was never able to get them back.
OutOfHere 8 hours ago [-]
Scan a displayed QR code of the address whenever possible.
euLh7SM5HDFY 7 hours ago [-]
Isn't that actually worse option? I mean, I don't know about BTC but there are multiple instances of attacks with fake QR codes placed over parking meters. And last time I was looking for QR code generator for some random website the first one I found one "looked to be working", but actually quietly replaced the URL with own link shortening service.
gucci-on-fleek 7 hours ago [-]
> there are multiple instances of attacks with fake QR codes placed over parking meters.
Sure, but if someone can change your QR code, they could change the address just as easily. With websites you can see if the URL looks like something legitimate, so URLs are slightly better, but Bitcoin addresses are just a long random string, so being able to see the address wouldn't actually help anything.
OutOfHere 6 hours ago [-]
> Isn't that actually worse option?
When done correctly by a payment processor, the receiver's QR code for a Bitcoin payment varies for every transaction. It completely eliminates the risk of mistyping it. Granted, malware could replace it, but replacing it is a lot harder than replacing a simple address.
With that said the point stands that the likelihood of sending bitcoin to an unintended address due to a typo is very small. It's not as small as the article suggests, but it's still basically impossible (about 1 in 4.3 billion for a single character typo).
Perhaps the irony is that if you do happen to send bitcoin to an unintended address, you have a much greater chance of recovering it if that address belongs to a real person and is in use. If the address is not in use, then for all intents and purposes that bitcoin is lost forever.
The chance is about as high as the chance of generating the keys for a new wallet address and finding it has already been in use.
Or send to one that nobody has the key for
Additionally, you can prove you have the key completely offline if you want, which can suffice for collateral or pose authorizations
Most of these features of Bitcoin have been abstracted away for user friendliness, but are still accessible
if you know you know, solved problems (ratified protocols and standards) since 2012 or so
[1] https://bytes.zone/posts/what-is-the-randomart-image-for/
[1] https://github.com/CoinFabrik/ClipboardShield
Not quite. More modern addresses have 30 bit checksums (so not at least 32 bits!), but rather than being a truncated cryptographic hash the check digits are a BCH code that guarantees any 4 or fewer substitution or transposition errors will always be detected (or 5 bitflips IIRC)... along with one in a billion or better detection of other kinds of errors.
So although the newer formats provides somewhat less protection against wildly incorrect, the protection against likely errors is much greater. The newer addresses are also case insensitive which was the biggest source of transcription errors in most contexts before.
Beyond being better for real errors the use of a error correction code also makes it impossible to intentionally generate 'fragile' addresses where there does exist a one character typo which is a valid address. It also makes it practical for wallet software to highlight the position of a likely typo, which can greatly speed things up when fixing a mistake. (The spec strenuously cautions against correcting errors, because any correction undermines detection strength).
And as hleszek's comment says, existing addresses don't help, generally addresses should not be reused-- they're not accounts, reusing addresses doesn't make the system work better. Early on in Bitcoin's life people created a scheme for shortened addresses where you used truncated addresses that were unmapped to the first user of that prefix. This obviously bad idea ran into immediate spoofing problems, and people quickly learned better.
> but address typos are not a major concern.
Yeah though malware that substitutes addresses in clipboards and copying the WRONG address are both real risks.
What you also might have heard is advice about _Ethereum_, which in spite of being created long after Bitcoin has addresses with no meaningful checksum and which has caused quite significant losses. (There is an optional very weak checksum using mixed case hex, but AFAICT it's not widely used).
In any case, what Satoshi remarks were you referring to? Perhaps his last related to the subject?
> Piling every proof-of-work quorum system in the world into one dataset doesn't scale. [...] Bitcoin users might get increasingly tyrannical about limiting the size of the chain so it's easy for lots of users and small devices
https://bitcointalk.org/index.php?topic=1790.msg28917#msg289...
I stopped working on some Bitcoin seven years ago after being burned out by harassment, threats, and an a literal trillion dollars worth hateful of vexatious litigation eating up my time. After all that I'm not intimidated by you. I reject your absurd accusations, but if they were true by this time you have only yourself to blame. If whatever you thought should have been done was doable and valuable, why didn't you do it and why isn't anyone using it? I certainly didn't stop you.
In any case, a fork of Bitcoin with bigger blocks has existed for years and the market doesn't prefer it despite all the big names and companies hyping it up at the time of the split.
Satoshi left Bitcoin so there wouldn't be an appeal to authority so maybe your argument isn't as strong as you think it is.
GGP was CTO of Blockstream (https://blog.blockstream.com/en-blockstream-bids-farewell-to...)
Sure, but if someone can change your QR code, they could change the address just as easily. With websites you can see if the URL looks like something legitimate, so URLs are slightly better, but Bitcoin addresses are just a long random string, so being able to see the address wouldn't actually help anything.
When done correctly by a payment processor, the receiver's QR code for a Bitcoin payment varies for every transaction. It completely eliminates the risk of mistyping it. Granted, malware could replace it, but replacing it is a lot harder than replacing a simple address.