Very Secure

WARNING: Bitcoins stored in segwit addresses, i.e. addresses that start with a "3" or "bc1" are NOT safe. Please move your coins immediately before a miner "steals" them.

whaack: no hope, i guess, of getting a mass movement off of segwit - i.e. convincing all the well meanining bitcoiners without the werewithal to see the dangers of segwit to move their coins to a safe address while the current mining cartel is enforcing the new rule

Let it be known that we tried...

Tell your father, tell your mother,
tell your sister, tell your brother,
tell your uncle, tell your aunt,
tell your nephew, tell your niece,
tell your friend, tell your neighbor,
tell your husband, tell your wife...

If you store your bitcoins in a segwit address, then one day you will wake up to see they have suddenly disappeared from your wallet.

Let's go over how segwit came to be, why it leaves your coins vulnerable to the whim of miners, and what you can do to protect yourself.

Once upon a time, satoshi released the first working version of his bitcoin client. A copy of this version is stored at the real bitcoin foundation's website. If it's not obvious, the name the real bitcoin is tongue-in-cheek, as no one has the authority to own the bitcoin project or claim themselves the lead developer of bitcoin.

However, just like in the English language, where we have no Official Dictionary yet we have a consensus on word definitions, we must keep a consensus on bitcoin rules without Official Developers. And in the case of both language and bitcoin, history matters. With all else equal, when a word has two competing definitions, the definition that came first is the correct one. The same principle applies for the rules of bitcoin.

The first working version of bitcoin -i.e. the real and only bitcoin- contains a rule where outputs that go to an address starting with a "0" byte are treated as anyone-can-spend. The name is self explanatory, if you put coins in an anyone-can-spend address then anyone is allowed to use those coins as an input to their transaction. In a world with greedy miners running the real bitcoin, the miners would likely create transactions that send these coins to themselves and mine them in the next block. However...

At bitcoin block 481,824 miners were convinced to put a restriction on who could spend anyone-can-spend addresses. This extra restriction, a rule unbeknownst to the real bitcoin, prevents miners from mining transactions that use anyone-can-spend addresses as inputs unless the transaction being mined includes an auxiliary "segregated" piece of data that serves as a signature. This new rule -known to the layman as segwit- is backwards compatible, no problem for the real bitcoiners, and it works. ...Until it doesn't.

The problem is that this new rule has drastically reduced the security of the real bitcoin network by giving an insane amount of power to the miners.1 If the miners as a whole, or any miner with enough hashing power, defects from their promise that they made at block 481,824, chaos ensues and another fork war begins. The "defecting" miners (which, in the eyes of the real bitcoin, are not actually defecting, but instead taking what is rightfully theirs) will begin to mine anyone-can-spend transactions without requiring the segwit data. They will likely try to send the 5 million or so coins held in segwit addresses to themselves.

The economic consequence of this is unclear. The miners may choose to dump these coins on the market, crashing the real bitcoin's price, or they may choose to hoard the coins, sending the real bitcoin's price - not to the moon - but to the stars. I have expressed an optimistic view while trinque and others have perhaps the more realistic one.

signpost: this idea that trb has some kind of strategic advantage is complete nonsense.
signpost: as mats says, draining the segwitcoins would extinguish bitcoin, and some other network would take its place.
signpost: this isn't happening in a vacuum, and saint mp of lost causes is not watching over trb.
signpost: it's a piece of shoddy trash we never got finished decrufting.
whaack: signpost: so trb users are beholden to all new rules i.e. softforks that prb imposes?
signpost: no, they can fork off into a network of their own, pretending that trbcoin is a unit of account in their imaginary economy, I suppose
signpost: contrary to the teachings of mp, declaring victory is not all that is required.
whaack: my point in saying that trb has a 'massive technical advantage' is that if segwit coins get drained, trb still has an accounting system, whereas segwit users do not
signpost: so what?
whaack: so for the 98% of the world not involved in bitcoin, but have heard the term, trb users have a product to sell and segwit users do not
whaack: segwit users will say 'bitcoin is broken! it was hacked!' and trb users will say 'nah, just download this client'
whaack: i admit that the infrastructure of a huge number of wallets and exchanges collapsing does not bode well
signpost: that is utter nonsense. "bitcoin failed." is what will happen in that scenario.
signpost: if you want the economic phenomenon called bitcoin to proceed, you'd better hope the segwit piggy is *not* cracked open.
signpost: to give mp a small amount of credit, why do you suppose he chose "the darkening" to refer to this era?
signpost: it is quite likely from where I sit that what comes next is a chinese-style totalitarian "smart contract" system, much like while peripheral nerds can use p2p warez networks just like they did in the old days, the *economic phenomenon* of mp3/rar/etc was crushed.
signpost: and we'll recall the old days of real p2p.
whaack: i admit that the thought that bitcoin depends on the miner's continuing to enforce the softfork of segwit is so daunting that i may just have trouble swallowing that idea

The existence of transactions that attempt to take the coins held in anyone-can-spend addresses is not a theoretical concern, the transactions exist today, waiting to be mined. All it takes for segwit to fall apart is for the miners to return to using OG bitcoin.

whaack: !e push 01000000014a61d44f3c13a1fdeec587c3d6dc22975758e3e88873e330855741304c12e7a20000000000ffffffff0270281200000000001976a9146c560e9d65f3daf56e44d7c4c6b6bb39c4c120b188ac70281200000000001976a9146c560e9d65f3daf56e44d7c4c6b6bb39c4c120b188ac00000000
trbexplorer: txid 8a5385db0d79f61964047eb73801fb5d052f2dda6da4213120982c59434080d4
whaack: alright, bomb planted
thimbronion: whaack: terrorist!

Save yourself from being a victim of Segwit Armageddon, move your coins to a proper p2pkh address. Even if you believe it's best that the segwit softfork stays enforced, keeping your coins in p2pkh addresses is the safer and more economical action. Should there ever be a hardfork war, those storing their bitcoins in proper p2pkh addresses will have coins on both forks, whereas those storing them in segwit addresses will have coins in only 1 of them.

  1. This power wasn't created out of thin air - it was taken from all of the "bitcoin" users who were duped into using segwit. []

4 Responses to “WARNING: Bitcoins stored in segwit addresses, i.e. addresses that start with a "3" or "bc1" are NOT safe. Please move your coins immediately before a miner "steals" them.”

  1. Jacob Welsh says:

    > contains a rule where outputs that go to an address starting with a "0" byte are treated as anyone-can-spend

    A technicality perhaps, but this sounds confused. Isn't it the proper p2pkh addresses that start with a zero byte, which translates to 1 in base58 encoding? And the original bitcoin doesn't have "anyone can spend" as any kind of expressed concept or special rule. You could argue it's latent in the "script" system since it allows creating trivially-true scripts, but that isn't even necessary - simply publishing a private key would have the effect of creating an "anyone can spend" address.

    > signpost: contrary to the teachings of mp, declaring victory is not all that is required.

    FTR, that doesn't sound like anything I ever heard from MP or saw implicit in his actions. Perhaps it was what certain students wanted to hear. In declarations, as any other text, who's saying it makes all the difference. There's also MP's comment on sitting around thinking you've won as a strategy.

  2. whaack says:

    @Jacob Welsh

    > A technicality perhaps, but this sounds confused. Isn't it the proper p2pkh addresses that start with a zero byte, which translates to 1 in base58 encoding?

    Argh yes that is a good point and makes what I'm say confusing. I mean to say that the bitcoin client allows addresses that start with a 0 byte once decoded to be treated as anyone-can-spend. (The base58 p2pkh addresses, once decoded, start with 0x76a914)

    And I was unaware that this anyonecanspend idea was not an explicit concept, thank you for that clarification.

  3. Jacob Welsh says:

    That's what I thought you meant, so I'm sticking with "confused" not "confusing".

    Addresses have version 0 (as implemented), and that version field becomes the first byte in the binary string to be encoded.

    See also re 'anyonecanspend'.

  4. whaack says:

    Indeed, I was confused. The core of my confusion was mixing up terminology. I was describing what is found in the scriptPubkey as the 'address' which is not exactly correct. The discussion where I had this clarified can be found here. This confused terminology usage shows up in the prototype of my block explorer, which must be fixed.

Leave a Reply


MANDATORY: Please prove that you are human:

If x^2 + 6 = 87, then what is the result of x!, when x is the positive solution to the previous equation ? (Note that ! refers to factorial, 3! = 3*2*1, 4! = 4*3*2*1, etc, so 5! = 120.)


Answer the riddle correctly before clicking "Submit", or comment will NOT appear! Not in moderation queue, NOWHERE!