Sending BTC to the wrong address is a one-way ticket. No support chat, no chargebacks, no “undo.” The upside is you can catch most bad addresses in seconds if you know what to check. Here’s a fast, practical guide.
Table of Contents
The 10-second pre-flight check
- Look at the first character(s).
- 1…is legacy P2PKH
- 3…is P2SH
- bc1q…is SegWit (bech32)
- bc1p…is Taproot (bech32m)
If it starts with something else on the mainnet, slow down and verify.
- Scan the length.
Base58 is usually 26–35 characters. Bech32 is longer, often 42–62. Outliers deserve attention. - Check for weird characters.
Base58 excludes 0 O I l. If you see those in a Base58 address, it isn’t valid. - Watch for font tricks.
Scams use look-alike glyphs or narrow fonts. Enlarge the text and eyeball a few positions against the source. - Run a validator.
A proper tool will catch typos, wrong networks, and broken checksums in one go.
Checksum and formats – the quick way
Bitcoin addresses include a checksum – a built-in typo alarm. It’s a small piece of data computed from the rest of the address. Change even one character and the checksum usually fails, which is why wallets and validators can flag bad copies instantly.
You don’t need to write code. Paste the address into a checker that understands Base58, Bech32, and Bech32m and it will verify the prefix, network, and checksum in one pass. A quick option is the Bitcoin Address Validator – drop the string in, get a pass or fail, then proceed.
What the checksum actually does
Base58Check (addresses starting with 1… or 3…)
Inside the encoded text there’s a version byte, payload, and a 4-byte checksum. That checksum is taken from a double SHA-256 of the preceding bytes. If any character is wrong, the chance it still “passes” is about 1 in 2³² – effectively zero for normal use. It’s great at catching random typos, but it wasn’t designed to detect every possible permutation of characters, so extremely contrived errors can slip by in theory.
Bech32 / Bech32m (addresses starting with bc1q… or bc1p…)
These use a different scheme called polymod. The last 6 characters encode roughly 30 bits of checksum. Bech32 was built for human use: it reliably catches single-character mistakes, most swaps of adjacent characters, and even multiple independent errors. It also includes the human-readable part (“hrp”) – e.g., bc for mainnet – in the calculation, so mixing networks is usually caught immediately.
What a checksum does not do
- It never proves ownership. A scammer can give you a validaddress they control.
- It doesn’t reveal balance or history. It only tests whether the string is well-formed.
- It can’t help if malware replaces your pasted text with a different, valid address.
How to use this without overthinking it
- Paste the address – your wallet will usually validate automatically.
- If anything feels off, run a quick external check with the validator above.
- As a sanity test, change one character on purpose: the validator should fail. Paste the original again and confirm it passes.
- For bech32, glance at the hrp: bc1…is mainnet, tb1… is testnet.
Mainnet vs testnet – a common trap
Testnet addresses are for play money. Sending mainnet BTC there is a loss. Quick cues: mainnet bech32 starts with bc1…; testnet bech32 starts with tb1…. Some wallets warn you, others don’t. When in doubt, validate.
QR codes are handy – verify the text
QRs skip typing, which is great, but they add two risks:
- Overlay swaps.A site can swap a QR after a delay.
- Old cached codes.Printed codes from years ago might point to rotated or abandoned addresses.
What to do: scan the QR, then compare a few characters at the start, middle, and end with the on-screen text. If you’re scanning with your phone from a desktop, run the validator on the scanned text before you send.
Clipboard hijackers exist
Malware can swap a copied address for an attacker’s. Protect yourself: paste, then compare the first 4 and last 6 characters with the source. As a quick test, change one character on purpose and make sure the validator fails. If both “pass,” your system might be compromised.
Short test sends save nerves
New payee? Send a tiny amount first. Wait for a confirmation, then send the rest. It adds a few minutes and removes the worst-case scenario.
Don’t mix address types mid flow
Some services show one format on desktop and a different one on mobile. If you start with bc1p… and on another screen you suddenly see 3…, pause. It might be a cached page, a stale QR, or a different payment request. Pick one screen, refresh it, copy the address once, and run a quick validation. Compare the first 4 and last 6 characters with the original source before you send.
If you have to copy by hand
Write in clear block letters. Mark 1 so it can’t be mistaken for l. Split the string into short chunks and read them back slowly. When you finish, run a checksum check – people slip, checksums don’t.
Good to remember
A valid address only proves the string is well-formed – it doesn’t prove who controls it. If you got the address from chat or a screenshot, confirm the source. Reusing the same address makes you easier to track, too. Most wallets give you a fresh one for each payment – use it and your future self will thank you.
Pocket checklist
- Prefix looks right: 1…, 3…, bc1q…, or bc1p…
- Length feels normal for the format
- Base58 has no 0 O I l
- Bech32 hrp fits the network (bcfor mainnet)
- Last look before sending – run the validator and match the first 4 and last 6 characters against the source.