How does BCH send wrong address lose money?


In the morning, I saw the microblog of a big V in a currency circle. He said that because Taking bitcoin cash wallet as the default wallet causes users to lose money. I quickly updated it The wallet tried it out.
How does BCH send wrong address lose money?

The change of wallet is very simple. Bitcoin cash wallets is the first choice, which will cause users to lose money
In fact, this matter has nothing to do with Roger ver. It is estimated that the V is still unclear how BCH was lost! (the big V also claimed that millions of BTCs were lost as a result)

The first question is, what kind of currency did you lose?

First, which currency is lost? BTC or BCH. If you don’t know this, it’s even more difficult to understand the later problems. Here, I’d like to state that we only consider the recent cases of losing money due to the wrong address, not including the loss of the user’s private key or the forgetting of the password.
We know that BCH removes the address of SW transaction, as well as block size and dynamic difficulty adjustment. There is no difference between BTC and BTC in address. Except for SW address, we can draw a conclusion that the address set of BTC including SW transaction is larger than that of BCH, which means that the address generated on BCH can be generated and used on BTC.
BTC and BCH use the same address coding technology. One possible situation is that the user will send the wrong address. Originally, they want to build a transaction and send BCH to address A. finally, it is found that the a address is BTC. In this case, as long as there is a corresponding private key, the currency can be recovered by generating the corresponding address on the BTC or BCH.
As we just said, the address set of BTC is larger than that of BCH. That is to say, if there is a private key on the BCH, it can be generated on the BTC, but not vice versa. The address of SW is not supported on BCH. The SW address BCH generated on BTC cannot be used. The coin loss problem is also related to the address of SW. If BCH is sent to SW address by mistake, BCH may be lost.

##The second question is what kind of address will cause the loss of money?
The above has said that the BCH to the SW address may lead to coin loss problems, here or to make a brief introduction.
The address can be divided into three types: ordinary address (beginning with 1), multiple signature address (starting with 3), and SW address. The currently used SW address is p2wpkh address embedded in p2sh, which is also the address beginning with 3.

P2sh (bip16) is a pay to script hash method proposed by Gavin Andresen, which allows the sender to construct more abundant transaction types.

Example of lock script for p2sh:

OP_HASH160 86107606107baa4d1fc6711e22de7f0ef2056766 OP_EQUAL

In the redemption script, a redeemscript needs to be provided. The conditions that the script can be executed must return true, and its hash value is the same as the following values. The final script is similar to:

redeemScript OP_HASH160 86107606107baa4d1fc6711e22de7f0ef2056766 OP_EQUAL

The multiple signatures we often use are actually a way of p2sh. Currently, the other way to use p2sh is SW address. The p2sh script in the above example is actually a SW address locking script. This address can send SW transaction unlock in BTC supporting SW transaction, while the address in BCH chain can only be identified as a p2sh address, which is legal (it can be simply considered as a multi signature address in BCH).
When someone sends the BCH to this SW address, the trouble arises. The BCH does not support SW transactions and cannot generate the corresponding unlock script.
So the wrong BCH to the SW address is not there is no way to recover it? The answer is No.

How does SW trade “cheat” old nodes

If you want to retrieve the BCH sent to the wrong address, you need to understand how SW transactions “cheat” the old node.
SW upgrade is a soft bifurcation, which means that the SW transaction also needs to be verified on the old version node. The SW transaction should “cheat” the old node, so that the old node can verify the transaction correctly without knowing the specific structure of the SW transaction. How to “cheat” the old node?
To put it simply, the address of the SW is actually a hash of the redeemscript. For example, let’s take a simple SW transaction as an example:c586389e5e4b3acb9d6c8be1c19ae8ab2795397633176f5a6442a261bbdefc3a

  • The input address of the transaction: 35segwitpiewkvhiexd97mnurni8o6cm73

  • Input script: OP_ HASH160 2928f43af18d2d60e8a843540d8086b305341339 OP_ EQUAL

  • WitnessScript:160014a4b4ca48de0b3fffc15404a1acdc8dbaae226955

  • Witness: 30450221008604ef8f6d8afa892dee0f31259b6ce02dd70c545cfcfed8148179971876c54a022076d771d6e91bed212783c9b06e0de600fab2d518fad6f15a2b191d7fbd262a3e01


You only need to analyze witness script, which is used to make the old version verify that the transaction is legal. The script can be divided into two parts

16 0014a4b4ca48de0b3fffc15404a1acdc8dbaae226955

Among them, 16 is the operator used to push the stack, and the hash of the later data (0014a4b4ca48de0b3ffffc15404a1acdc8dbaae226955) is the hash value of the lock script 2928f43af18d2d60e8a843540d8086b305341339. In this way, the script is sent to the old version, and the old version verifies that the script can pass. When the old version of the client runs, the unlock script can run correctly. The old version of the client does not care about the public key and signature data. This successfully “cheated” the old version of the node.

The above is about how the SW transaction “swindles” the old version of the client. What does this have to do with the BCH user’s wrong sending currency to the SW address?
Because the verification methods of BCH client and BTC old version client are the same, it can be said that SW transaction can be legally verified on the old version client, of course, it can also be verified on BCH client.
This is a BCH examples to help retrieve
The transaction details are as follows:

      "txid": "ac3db4411e1ce8cc76e3ebe2f7d0a538c6033fcf80484a97902eef7d6a5e34e6",
      "vout": 0,
      "scriptSig": {
        "asm": "00205c4b9ef7c8896cef0d2a8fd3693d3877e0f4d1d3904fbcaf9cac1bcfb324d9b2",
        "hex": "2200205c4b9ef7c8896cef0d2a8fd3693d3877e0f4d1d3904fbcaf9cac1bcfb324d9b2"
      "sequence": 4294967295

Its unlock script on BCH (used to make the old version client pass the verification) is: 2200205c4b9ef7c8896cef0d2a8fd3693d3877e0f4d1d3904fbcaf9cac1bcbfb324d9b2. The transaction has also been used in BTC chain: can find the unlock script:
How does BCH send wrong address lose money?


If you use a normal address transaction or a multi signature transaction, it is safe to send the wrong address and lose money. No matter on the BCH chain or BTC chain, even if you originally want to send BTC to the BCH address, it can be recovered, and vice versa. The premise here is that you have a way to find the private key that accepts the address.
When you send the BCH to the SW address, there is no way to use the corresponding private key to retrieve the currency. If the currency on the SW address has been used on the BTC chain, the sent BCH may be stolen by the hacker directly. As long as the hacker has sent the BCH, he can get the unlocking script and take away the BCH on the address. It is safe without sending the currency on the BTC chain.
If you accidentally send BCH to the SW address, the first thing to do is not to do any coin operation, you can go tobtc.comIf you ask for help, you can retrieve your BCH. If the currency of the SW address you sent has been used on the BTC chain, your BCH may be stolen by hackers.
In addition, the BCH community is ready to upgrade the address format, which seems to be very meaningful.

Reward address: 16uopajbfekcvxdwdsugxb7unyy1x1rmss