What happens if I mistype the address when making a payment?

39

4

I sent bitcoins to an address, but I think I made a typo when I copied it. Where did these bitcoins go. Can I get them back?

44

Bitcoin is very resistant to typos because the addresses contain a built-in check code. So if you had simply mistyped a few of the letters or numbers in the address, it's unlikely the client would have let you send them. If, however, you pasted in a different and valid address, the coins are already transferred to it permanently. In this scenario, Bitcoin works pretty much like cash--there is no way to get it back after giving it away.

A note for anyone passing by : nowadays (2020) the usual address format (bech32) is even more resistant to typo. – darosior – 2020-06-27T10:12:13.283

24

It is highly unlikely, you made a typo and were still able to send coins. There is a difference between an invalid address and an incorrect address.

All bitcoin wallets/clients check if addresses are valid.
Bitcoin addresses are the PubKeyHash encoded in Base58 with a version value and a checksum. The checksum is the leftmost 32 bits of a double hash of the PubKeyHash. The format of the address is often referred to as Base58Checked in technical documents.

Since the checksum is 32 bits the probability of entering an incorrect address that will still decode to an incorrect but valid PubKeyHash is roughly 1 in 4.3 billion. So, on average, 4,294,967,295 out of 4,294,967,296 times a typo will produce an address that is incorrect AND invalid. When decoded the PubKeyHash will not produce the proper checksum, the error will be detected by the client/wallet, and the transaction won't be created.

To actually lose coins to a typo you would need to produce not just any invalid address, but one that is valid but incorrect and the odds of that happening are almost zero.

In that extremely unlikely event (1 in 4.3 billion is 10x less likely than winning the US PowerBall lottery), the transaction will be irreversible and only spendable by the person who has the private key for the incorrect address/pubkey. Given how many private keys are possible, it is almost certain that nobody ever has or ever will have that private keys and the funds will remain forever unspendable.

1So, is it correct to think that if you accidentally issued an invalid recipient, shouldn't it be possible to doublespend it back to yourself and get that verified quicker, since it will be rejected by most miners? Or is it actually impossible to send to an invalid address (I thought that was what people did to write messages to the blockchain?) – Murch – 2013-08-23T14:39:43.833

1@Murch, It is impossible to send to an invalid address. No (compliant) client will even create the transactions. No (compliant) node will relay the transaction and no (compliant) miner would include it in a block. If a miner did the block would be seen as invalid by all other nodes. When people want to send coins to an address where the key is unknown they make a valid address by computing the proper checksum for the "fake" address they want to send the coins to. – DeathAndTaxes – 2014-03-06T20:12:40.200

8

Bitcoin transactions are irreversible. If you were connected to the network when you made the transaction, your coins are lost.

If you weren't connected to the network, you can restore your wallet.dat and start bitcoin with the --rescan option. This will effectively undo the transaction (that hasn't been committed to the blockchain yet).

@ripper234 while that is true a miner could be running modified bitcoind and prioritize double spends by fee rather than by first seen the issue is getting that transaction to a miner (and one willing to reduce the security of the network for a small profit). The overwhelming majority of nodes are not directly connected to a miner and if all the peers you are connected to are running compliant code they will reject the double spend and not forward it. This means a greedy but willing miner will never even see the transaction to attempt to include the second one in a block. – DeathAndTaxes – 2013-07-13T04:58:32.567

What if I was connected to the network, but quickly (ie. before my transaction makes it into a block) restore my wallet.dat and --rescan, then spend the same coins again, but with a bigger transaction fee? Is there a chance the new transaction will get mined in preference to the old one? – Chris Moore – 2012-02-14T18:27:10.033

1no, highly unlikely. bitcoin given preference to first transaction seen, any conflicting transactions that come later are ignored and not relayed, even if they have higher fees. – nanotube – 2012-02-14T20:52:59.697

@ChrisMoore: What nanotube said, and of course, if this was possible, it would also be extremely easy to double-spend. – Meni Rosenfeld – 2012-02-15T06:28:28.717

1@ChrisMoore - as I understand it, miners are encouraged to give priority to first transactions, but this is not mandate by the protocol. – ripper234 – 2012-02-15T07:38:56.277

1If the transaction fee of the 'replacement' transaction was high enough, some miners might be tempted to ignore the first transaction and go for the higher reward I guess. Either way, it's best for recipients of Bitcoin payments to wait for a confirmation if the payment's amount is significant. – Chris Moore – 2012-02-15T07:56:46.100

4

But because transactions are irreversible, there is no way to "pull" them back or cancel the transaction.

3

Bitcoin Addresses contain a check-value: extra data added on computed as a function of the rest so that mistakes are unlikely to be acceptable addresses. 1x and 3x addresses use a 32-bit cryptographic hash for their check value and as a result any given well formatted random address has roughly a 1 in 2^32 chance of being accepted.

But when users make mistakes they don't generally produce random strings they tend to make typos where a small number of characters are replaced with alternatives which are visually similar, audibly similar, keyboard-position similar, or case variations. Transposition of adjacent characters is also more likely than random errors. 1x/3x addresses are designed with one improvement to likely errors: the base58 charset excludes a number of visually similar characters.

On average one of these likely errors is also only going to be accepted 1 in 2^32 times, but sometimes a given address is more vulnerable since the detection performance is only an average. E.g. you could have an address where there are one or more different places where a likely mistake could be made. This isn't a practical concern, since these cases are unlikely, but it's an area that could be improved on.

BIP173 introduced BC1x style addresses (also called bech32). BC1 addresses use a smaller character set that doesn't have mixed case which completely eliminates one major cause of transcription errors. Like base-58 the bech32 character set also excludes some visually confusing characters (in addition to all the mixed case cases).

BC1 addresses also have a check value, but it is 30 bits instead of 32-bits. The 30-bit check in BC1 addresses, although shorter, is radically stronger than the old approach because it is constructed out of an error correcting code instead of a cryptographic hash.

The construction for BC1 addresses guarantees that up to 4 character errors or 4 transpositions in an address are always detected. 5 errors are also always detected if they're all made among the most visually similar remaining characters. For more errors than are guaranteed the false acceptance rate approaches 1 in 2^30 as the number of errors goes up.

The error correction code based design of bech32 also means that applications can hint to users what characters they got wrong without a computationally expensive brute force search.

When we designed BIP173 we felt that 30-bits of protection against random errors was probably overkill, but we didn't want to have error detection performance that was much worse than the old standard in any major respect.

If you model the user as making random mistakes and entering, say, 2.5% of the characters wrong on average (so one mistake expected per entered address) then bech32 gives that user protection better on average than a 39 bit random hash (so 1 in 2^39 wrong addresses they enter will be falsely accepted). Being more careful pays off too: if the user's error rate is reduced to 0.1% the rate of accepted bad addresses drops to 1 in 2^60).

This graph shows the effective protection level as a function of the user's error rate for Bech32, a 32-bit hash (like 1x addresses), and alternative error correcting code which we could have ended up with if we hadn't taken so much care in designing bech32:

BC1 address also avoid errors in another way: People sometimes lose funds because a number of reckless/scammy altcoins have copied Bitcoin address format, so you can accidentally send bitcoins to an altcoin address. For the moment this doesn't apply to BC1 address, and the prefix beginning with 'BC' hopefully will reduce the odds of it in the future. (Though sadly, it's become trendy for more scammy cryptocurrencies to call themselves 'bitcoin' now, so perhaps not.)

Improved error detection is just one of many reasons users should prefer BC1 addresses these days.

0

If a service like BitUndo can get enough miners supporting it, it could have a chance (probably not a large one, but some chance) of undoing transactions if you submit your undo request within minutes of the original transaction. This works because if they are able to successfully mine the next block, they can choose to exclude the original transaction and include their refund transaction instead.

Urgh. Bitcoin is what it is for a reason, don't support services like this. The fact that they advertise some random gambling site right in the first bit of text is a huge red flag too. – George – 2014-11-20T15:56:45.720

0

A merchant could offer their own local bitcoin processor to connect a client to, if the transaction is innaccurate, they could "undo" it and simply not transmit the transaction to the Bitcoin Network.