Probability of Typing a Wrong Bitcoin Address
Original: Probability of typing a wrong Bitcoin address
Key topics
The likelihood of accidentally sending Bitcoin to the wrong address due to a typo is a topic of heated debate, with some commenters arguing it's extremely low due to the checksum mechanism. Others point out that the real risk lies not in typos, but in copy-pasting spoofed addresses, with one commenter quipping that it's "an argument against stupidity instead" of cryptocurrencies. A fascinating aside emerged when a commenter mentioned the Mimblewimble protocol, which eliminates the risk of typos altogether by requiring both sender and receiver to sign transactions. As the discussion unfolded, it became clear that the real challenge lies not in the probability of typos, but in user behavior and wallet security.
Snapshot generated from the HN discussion
Discussion Activity
Active discussionFirst comment
2h
Peak period
19
6-12h
Avg / period
6.4
Based on 45 loaded comments
Key moments
- 01Story posted
Aug 29, 2025 at 5:28 AM EDT
4 months ago
Step 01 - 02First comment
Aug 29, 2025 at 7:53 AM EDT
2h after posting
Step 02 - 03Peak activity
19 comments in 6-12h
Hottest window of the conversation
Step 03 - 04Latest activity
Sep 1, 2025 at 10:41 AM EDT
4 months ago
Step 04
Generating AI Summary...
Analyzing up to 500 comments to identify key contributors and discussion patterns
Want the full context?
Jump to the original sources
Read the primary article or dive into the live Hacker News thread when you're ready.
With that said the point stands that the likelihood of sending bitcoin to an unintended address due to a typo is very small. It's not as small as the article suggests, but it's still basically impossible (about 1 in 4.3 billion for a single character typo).
Perhaps the irony is that if you do happen to send bitcoin to an unintended address, you have a much greater chance of recovering it if that address belongs to a real person and is in use. If the address is not in use, then for all intents and purposes that bitcoin is lost forever.
The chance is about as high as the chance of generating the keys for a new wallet address and finding it has already been in use.
Or send to one that nobody has the key for
Additionally, you can prove you have the key completely offline if you want, which can suffice for collateral or pose authorizations
Most of these features of Bitcoin have been abstracted away for user friendliness, but are still accessible
if you know you know, solved problems (ratified protocols and standards) since 2012 or so
If I can physically see the inputs and outputs, it doesn’t take much to have a pretty good idea that it’s not bidirectonally compromising the cold wallet machine before sneakerneting them back and forth on a printed QR code.
I think armory wallet was the big thing for this? It’s been a while.
Meanwhile the best approach people commonly have today is a “hard wallet” that plugs into a usb port (yuck!)
I hope this doesnt become like email, where self hosting everything winds up blacklisting you in various ways
[1] https://bytes.zone/posts/what-is-the-randomart-image-for/
[1] https://github.com/CoinFabrik/ClipboardShield
Sure, but if someone can change your QR code, they could change the address just as easily. With websites you can see if the URL looks like something legitimate, so URLs are slightly better, but Bitcoin addresses are just a long random string, so being able to see the address wouldn't actually help anything.
When done correctly by a payment processor, the receiver's QR code for a Bitcoin payment varies for every transaction. It completely eliminates the risk of mistyping it. Granted, malware could replace it, but replacing it is a lot harder than replacing a simple address.
Not quite. More modern addresses have 30 bit checksums (so not at least 32 bits!), but rather than being a truncated cryptographic hash the check digits are a BCH code that guarantees any 4 or fewer substitution or transposition errors will always be detected (or 5 bitflips IIRC)... along with one in a billion or better detection of other kinds of errors.
So although the newer formats provides somewhat less protection against wildly incorrect, the protection against likely errors is much greater. The newer addresses are also case insensitive which was the biggest source of transcription errors in most contexts before.
Beyond being better for real errors the use of a error correction code also makes it impossible to intentionally generate 'fragile' addresses where there does exist a one character typo which is a valid address. It also makes it practical for wallet software to highlight the position of a likely typo, which can greatly speed things up when fixing a mistake. (The spec strenuously cautions against correcting errors, because any correction undermines detection strength).
And as hleszek's comment says, existing addresses don't help, generally addresses should not be reused-- they're not accounts, reusing addresses doesn't make the system work better. Early on in Bitcoin's life people created a scheme for shortened addresses where you used truncated addresses that were unmapped to the first user of that prefix. This obviously bad idea ran into immediate spoofing problems, and people quickly learned better.
> but address typos are not a major concern.
Yeah though malware that substitutes addresses in clipboards and copying the WRONG address are both real risks.
What you also might have heard is advice about _Ethereum_, which in spite of being created long after Bitcoin has addresses with no meaningful checksum and which has caused quite significant losses. (There is an optional very weak checksum using mixed case hex, but AFAICT it's not widely used).
In any case, a fork of Bitcoin with bigger blocks has existed for years and the market doesn't prefer it despite all the big names and companies hyping it up at the time of the split.
Satoshi left Bitcoin so there wouldn't be an appeal to authority so maybe your argument isn't as strong as you think it is.
GGP was CTO of Blockstream (https://blog.blockstream.com/en-blockstream-bids-farewell-to...)
In any case, what Satoshi remarks were you referring to? Perhaps his last related to the subject?
> Piling every proof-of-work quorum system in the world into one dataset doesn't scale. [...] Bitcoin users might get increasingly tyrannical about limiting the size of the chain so it's easy for lots of users and small devices
https://bitcointalk.org/index.php?topic=1790.msg28917#msg289...
I stopped working on some Bitcoin seven years ago after being burned out by harassment, threats, and an a literal trillion dollars worth hateful of vexatious litigation eating up my time. After all that I'm not intimidated by you. I reject your absurd accusations, but if they were true by this time you have only yourself to blame. If whatever you thought should have been done was doable and valuable, why didn't you do it and why isn't anyone using it? I certainly didn't stop you.
True, I've done nothing, but that's still a lot less damage than you have done. I only wish you had been as lazy.
We will never forget the censorship and gas-lighting that you orchestrated. You did stop good people from making positive change in the world. I won't appeal to your conscience - I don't believe it's there - so I'll settle for hoping that you are hounded rather than haunted for the rest of your life. You deserve that much and more.
https://www.reddit.com/r/ethereum/comments/6ettq5/statement_...
Was $13m at the time, 8y ago. US$288m today.