Bitcoin sucked away by the "black hole", the actual total amount of BTC has been less than 21 million

Bitcoin's white paper has recently turned 11 and its content is very succinct, and the content of the paper on supply is only mentioned slightly:

“Once a predetermined amount of Bitcoin enters circulation, the incentives can be fully converted into transaction costs and there is no inflation at all.”

After delving into the earliest code backup of Bitcoin, we can find the legendary formula of the block reward set by Nakamoto. These simple codes effectively set the total supply of Bitcoin to 21 million BTC:


However, what many people don't know is that Bitcoin's code base does not contain any "BTC supply no more than 21 million" check. Instead, the software checks that the number of each block statement does not exceed the specified amount.

Using the supply formula to calculate the supply value for the 600,000th block on October 19, 2019, we can get a value of 18 million BTC:

“210,000 Blocks* 50 BTC + 210,000 Blocks* 25 BTC + 180,000 Blocks* 12.5 BTC = 18 million BTC”

The birth of this block was hailed by the community as a milestone in the end of the bitcoin inflation process. However, savvy observers commented at the time that Bitcoin's supply did not reach the 18 million BTC milestone when the block height reached 600,000.

According to Peter Wuille, developer of Bitcoin Core, the actual supply of Bitcoin should be 17,999,854.82192702 BTC as of 600,002 blocks .


So what is this all about?

In this article, we will delve into why bitcoin supply is lower than expected and calculate how many bitcoins are permanently lost. In addition, we analyzed the exact causes of the loss of these coins and explained what happened to them. We first check the coins that can prove to have been lost, and then analyze the coins that are assumed to be lost but may eventually be discovered.

1. Bitcoin that can prove permanent loss

1. Founding block bitcoin

Bitcoin's ledger consists of a set of "unused outputs" (UTXO). By summarizing the BTC values ​​of these outputs, we can get the bitcoin supply seen by all nodes.

The first block of Bitcoin (the origin of the book) contains a transaction that casts 50 BTC. However, the 50 BTC output of this transaction is not included in the UTXO concentration of Bitcoin. It is still unclear whether this is a negligence of Nakamoto or deliberately.

As a result, these 50 BTCs do not exist in the book of Bitcoin, even though they are visible in the main chain.

2. Duplicate Coinbase transactions

Another negligence of the Bitcoin designer is the handling of repeated transactions. At first glance, they seem unlikely (because they contain digital signatures and references to previous transactions, which makes them unique), but it is still possible to create duplicate transactions.

The easiest to copy transaction is the coinbase transaction, which is the first transaction in each block, allowing miners to claim their block rewards (the digital asset exchange Coinbase is named for this) because they do not contain digital signatures or pairs A reference to a previous transaction. If a miner creates a coinbase transaction, pays the same number of BTCs to the same address, and uses the same extra nonce, the transaction will be the same.

This happened twice in the early history of Bitcoin:

  1. The transaction d5d2..8599 is the coinbase output of block 91812 and block 91842;
  2. The transaction e3bf…b468 is the coinbase output of block 91722 and block 91880;

In each case, the second time it contains a transaction, its output will overwrite the previous output.

The result is that the two covered outputs are not in the UTXO set. In other words, this 100 BTC is not in the book of Bitcoin.

Although this seems to be a harmless oversight, Russell O'Connor still sees it as an attack vector in 2012 . With duplicate transactions, an attacker can delete past transactions of other users from the ledger.

In response to this, developers introduced BIP-30 in 2012 to prohibit the inclusion of new duplicate transactions before the output of the old transaction is fully used.

Later in 2012, the introduction of BIP-34 also made it more difficult to copy coinbases because they must now include the block height to which they belong.

3. Unclaimed rewards

Another group can prove the lost currency, which is related to verifying the coinbase transaction through the full node.

The Bitcoin agreement stipulates that an effective block of miners can receive the remuneration specified in the agreement plus the transaction fees included in the block. Each full node will check that the miners will not attempt to claim more than the allowed amount, however, The node does not care if the amount the miner receives is less than the amount he deserves.

Obviously, the situation of partial collection is very irrational for miners, but it has happened many times in history. The first occurred in the 124th, 724th block in May 2011, and the last occurred in the 564th, 959th block in late February 2019.

The most notable examples are listed in the table below:


In general, this behavior occurred in three different phases, with a total of 1221 anomalies. The figure below shows the number of blocks that have not applied for full rewards:


Near the block height of 162,000, we can see that there are many incidents where the full reward is not applied. The other phase occurs between 180,000 and 230,000 blocks, and the last phase occurs near the 530,000 block.

According to Bitcointalk user midnightmagic, the first incident that did not apply for a full reward was to pay tribute to Nakamoto. In other cases, considering the amount of miners lost, they may be caused by errors in the mining software.

4, OP_RETURN output

There is a special type of bitcoin transaction output called OP_RETURN that allows users to embed data in the OP_RETURN (currently up to 80 bytes per output) without exposing the UTXO set (these outputs are not added to the UTXO set) – They are considered unbearable).

Although most of these outputs are created with a value of 0, some are not. As of the 600,000th block, a total of 3.723039BTCs were sent to the OP_RETURN output so that they could never be used, that is, they are no longer part of the bitcoin supply.

5, summary

In general, we can calculate the actual supply of Bitcoin at 600,000 blocks by subtracting the identifiable lost coins from the expected 18 million BTC.


As of the 600,000th block, the actual display supply of Bitcoin should be 17,999,817 BTC, which is the exact value of the technology. This result can be obtained by querying the whole node. However, we can do even better, let us look at more bitcoin "black holes".

Second, assume the lost bitcoin

1, a fake address

Before the OP_RETURN output standardization appeared, we did not have an easy-to-obtain, provable way to burn Bitcoin. As a result, some users use a "fake address", that is, an address without a known private key.

When creating a bitcoin address, we usually start with a known private key and then convert it to get its corresponding public key address. This process makes it very difficult to generate a custom "vanity prefix" (ie, a vanity public key).

However, in the case of a fake address, no one knows what the private key of the address is. Therefore, a fake address can begin with any prefix (if it can be written using the Base58 alphabet). However, the last character will be random (according to the design, the last character of the address is a checksum to prevent typing errors).

Although it is not possible to draft a complete list of fake addresses, we can list some notable false addresses:


Only 2 of these addresses lost 221.193.53012 BTC.

In theory, these coins are not lost forever (someone can find a private key for them). However, the only known way to find a private key by giving only one address is to randomly guess until the correct combination is found. In fact, the likelihood of this happening in our cosmic life is small.

2, vulnerability

Under the beautiful appearance of the wallet, there are some key codes responsible for making, signing and broadcasting our transactions to the Bitcoin network. Today, we rarely find vulnerabilities in them, but this is not always the case.

In November 2011, MtGox encountered a vulnerability in its wallet software. They sent the 2609.36343319 BTC to a fake script, but did not know how to use it. This fake script is like if you are trying to send money to an "empty" public key, and the software is not programmed to detect this is not advisable.

There are similar vulnerabilities in other assets that make the currency unusable. The most famous example is Ethereum Parity (loss of 513,000 ETH).

3. "Zombie coins"

Another source of lost coins is coins that have not been moved for many years. Since it is impossible to know whether their owners still have a private key, these coins are often referred to as "zombie coins", that is, in a state of immortality. With this class, we leave the quasi-deterministic field in which the currency is really lost.

For conservative estimates, we will only count coins that have not been moved before July 2010. The reason is simple: because (at the time) the perceived value of Bitcoin is very low, people don't have much motivation to back up their wallets.

As of the 600,000th block, the currency that has not been moved before July 2010 has a total of 1,496,907.88000 BTC. According to various estimates, Nakamoto has more than half of these coins, because in the early history of Bitcoin, it was the main miner.

The most recent move in the old currency before July 2010 was in July 2019, when the mobile currency was 150 BTC.


Overall, since the bull market in 2013, these ancient times have rarely been used. Given the skyrocketing price of Bitcoin from 2013 to the present, the owners of these currencies are either very long-term holders or they are unable to obtain them.

4, the burden of the currency

The last category of coins may be considered to be in a lost state, or at least temporarily not circulated: known stolen coins. Until the emergence of better coin solutions, they will be difficult to enter circulation, especially in very large quantities.

In the history of Bitcoin, there have been many major hacking and theft incidents, and two of them have been considered “non-circulating” events. In 2011, MtGox’s stolen 80,000 BTCs and the 2016 Bitfinex were stolen. The 120,000 BTC.

In March 2011, hackers stole 79,956 BTC from MtGox's wallet. So far, they have not touched these bitcoins. Today, this address has become the sixth richest address on the whole network.


Jeb McCaleb and Mark Karpelès talk after the theft

Why is the money stolen ($73,000 at the time of theft and the current value of $700 million) never been moved? The reason behind this is not known. It is very likely that thieves cannot access the private keys of these Bitcoins. .

In August 2016, Bitfinex lost 119,756 BTC due to hacking. Until today, these stolen coins were rarely moved and only 22 BTCs were found. As of the 600,000 blocks, there are still 117,091.31922097 BTCs in the hacker's address.

Third, summary

We often say that the total amount of bitcoin is only 21 million BTC. This is actually not accurate. Over time, strange things, errors and other events will affect the actual existence of Bitcoin.



This analysis is just one of many ways to evaluate the true supply of Bitcoin. We can consider, ignore or expand different categories as needed. It also uses a top-down approach that starts with the largest possible supply and removes various types of lost coins. Another way to estimate the supply of bitcoin is to decompose Bitcoin by the time of the last activity, and then predict that bitcoin that has not been moved for many years may be lost. We will continue to monitor the lost Bitcoin and update our findings in the future.