pull down to refresh

In block 150,951 there are 23 transactions in which there are a total of 2609.363043 Bitcoins lost.
As the blockchain is a public ledger we can freely inspect what coins are unspendable aka lost. This is exactly what https://bitcoin-supply.com/ does. Burning coins on purpose is nothing new at all, but has regained popularity in very recent times as people started minting tokens on Bitcoin, but not all burned coins are burned on purpose, some are obviously done via human error.
In the grand scheme of things, it does not really matter, burned coins are burned coins and at the end of the day it makes the leftover coins more valuable.

How Bitcoin Script works - very high level

In this post we will focus on the biggest loss caused by human error, but before this lets explore how Bitcoin Transactions work.
When you give someone an address you are actually giving them a box, which ONLY you have a key that can unlock it. This is guaranteed by the fact that only the entity that has the private key corresponding to a public key can provide a signature to unlock the box.
These locks are called Bitcoin Scripts. They are small programs that sit on top of each Bitcoin, when you move Bitcoins you run these programs. You first run the program, and if it terminates with success, then the Bitcoins moves. The good part is that you can add very various conditions here.
Multi-sig is an example of such conditions.
But it is up to you to make sure you set the right conditions. One way to make an error would be to add someone's else address. Another way is to create some conditions that can never be fulfilled, and yes that is a possibility and it is allowed.
Bitcoin wallets/clients try to limit human error as much as possible, and Bitcoin addresses were designed with this scope in mind. Bitcoin addresses have a checksum at the end to avoid sending Bitcoin to the wrong address. This safety check is done at the wallet level. There are no such checks in the script!
The last step in obtaining an address is to hash it with RIPEMD160, this has the effect of shortening the address. The address is the public key hashed 2 times(SHA256 and then RIPEMD160) and with a checksum at the end.

In the script

It so happens that when you write these programs you can set the condition something like: If the public key that after I hash it with RIPEMD160 does this, then thing can happen. In case you were wondering what's the deal with RIPEMD160(read with Seinfeld voice), in the picture OP_HASH160
Now of course this Bitcoin Scripting Language it's in incredibly convoluted(quite frankly sucks, but we're stuck with it), and that's not enough, you also have to specify the amount of data you want to use.. That's what OP_PUSHBYTES_20 does. This says Hey, take 20 bytes (= 160 bits, the output of the RIPEMP160) when trying to check for the signature.
All of this is seen in the "GOOD SCRIPT" section of the photo.

Now the BAD SCRIPT

When we compare the two one thing stands out, there is no OP_PUSHBYTES_20 and instead there is an OP_0 and this is what makes the coins forever unspentable. The 2nd script pretty much say: These Bitcoins can be moved by the public key that when hashed with RIPE160 has a 1-byte-output of 0. But we know that's impossible, as the output of the RIPEMD160 is always 20 bytes, so the condition can never be meet, so coins are locke/lost for evaaaaar.
And in case is not clear, all the coins that are lost, all have the exact same bad script.

Who did it?

The Transactions in question were made by Mark Karpeles aka MagicalTux, the CEO of MtGox. Yes, this was MtGox money, and at the time of the incident, it represented 1 week of income, as Mark said himself. At the time the 2,609 Bitcoins were worth $10,957, today they are worth $120,200,000.
Hope you liked this little story :D

The TX IDs in 1st pic

In case you want to check the TXs yourself, here they are in a copy-paste format.
AmountTX hash
24.31111291fcf8ab84803d42ec59cb4eaceadd661185242a1e8f4b7e49b79ecbe5f3
10081f591582b436c5b129f347fe7e681afd6811417973c4a4f83b18e92a9d130fd
37ddddf9f04b4c1d4e1185cacf5cf302f3d11dee5d74f71721d741fbb507062e9e
98.48055305fbc2ec7f7f2bc5a21d2dfb01a5fc52ab5d064a7278e2ecbab0d2a27b8c392
39.81f0137a6b31947cf7ab367ae23942a263272c41f36252fcd3460ee8b6e94a84c1
65633acf266c913523ab5ed9fcc4632bae18d2a7efc1744fd43dd669e5f2869ce5
1005bd88ab32b50e4a691dcfd1fff9396f512e003d7275bb5c1b816ab071beca5ba
2164c01fedd5cf6d306ca18d85e842f068e19488126c411741e089be8f4052df09
35.7843be0ac3dc1c3b7fa7fbe34f4678037ed733a14e801abe6d3da42bc643a651401
1009edab6e7fadf1d6006315ff9394c08a7bf42e19cf61502200a1f73994f8da94b
100835d4dcc52e160c23173658de0b747082f1937d1184e8e1838e9394bc62c0392
143.62aebe39a99114f1b46fc5a67289545e54cbfec92d08fc8ffc92dc9df4a15ea05a
367.7584932aa62bdd690de061a6fbbd88420f7a7aa574ba86da4fe82edc27e2263f8743988
1006a86e6a5e8d5f9e9492114dafe5056c5618222f5042408ad867d3c1888855a31
35.787ad47a19b201ce052f98161de1b1457bacaca2e698f542e196d4c7f8f45899ab
1000ca7f7299dc8d87c26c82badf9a303049098af050698c694fbec35c4b08fc3df
1003ab5f53978850413a273920bfc86f4278d9c418272accddade736990d60bdd53
49703acfae47d1e0b7674f1193237099d1553d3d8a93ecc85c18c4bec37544fe386
10015ad0894ab42a46eb04108fb8bd66786566a74356d2103f077710733e0516c3a
2002d00ef4895f20904d7d4c0bada17a8e9d47d6c049cd2e5002f8914bfa7f1d27b
986d39eeb2ae7f9d42b0569cf1009de4c9f031450873bf2ec84ce795837482e7a6
10007d33c8c74e945c50e45d3eaf4add7553534154503a478cf6d48e1c617b3f9f3
45.826d5088c138e2fbf4ea7a8c2cb1b57a76c4b0a5fab5f4c188696aad807a5ba6d8
Very interesting post, thank you for taking the time
reply
reply
Nice post it's interesting about knowing something
reply
I do like the story, thanks for sharing. The ledger is open and transparent and immutable. A pretty interesting area of research. I am curious what other historical details of interest it holds. As just one example, a researcher could compute the total volume of Silk Road transactions ever done. Or inflows and outflows to the major exchanges like MtGox, Binance, Coinbase and now River. This is probably exactly the kind of work Chainalysis does, among other things...
reply
There has been research re both things you mentioned IIRC, but yeah I'm sure all Chainalytics companies also have this information.
reply
10 sats \ 1 reply \ @bilthon 12 Jan
It's still not clear to me what he was trying to do. He mentions something about limiting the number of inputs in a tx, but that has nothing to do with modifying the script
reply
Yeah, I could not figure that out myself. I spent like 5 hours yesterday trying to find some archive of #MtGox, but nowhere to be found on the internet.
Also it's not just that there OP_PUSHBYTES_20 is not there, bu also a pubkey is missing.
reply
Thanks for sharing this interesting and scary story!
reply
It's a shame that there are no more bitcoins lost forever. Good post.
reply
Cheers, bud.
reply