The key difficulties of cryptocurrencies are:
Until those problems are solved, the only real applications of cryptocurrency will by illegal activities, notably buying drugs, paying for ransomware. But also paying for anti-censorship services from inside dictatorships. It is for this reason that Ciro Santilli believes that privacy coins are the best investments until then. People concerned with their privacy are likely to more naturally make fewer larger payments to reduce exposure, and therefore transaction fees matter less, and can be seen as a reasonable privacy tax. Also drugs are expensive, just have a look at any uncensored Onion service search engine, so individual transactions tend to be large.
If crypto really takes off, 99.99% of people will only ever use it through some cryptocurrency exchange (unless scalability problems are solved, and they replace fiat currencies entirely), so the experience will be very similar to PayPal, and without "true" decentralization.
For those reasons, Ciro Santilli instead believes that governments should issue electronic money, and maintain an open API that all can access instead. The centralized service will always be cheaper for society to maintain than any distributed service, and it will still allow for proper taxation.
Ciro believes that it is easy for people to be seduced by the idealistic promise that "cryptocurrency will make the world more fair and equal by giving everyone equal opportunities, away from the corruption of Governments". Such optimism that new technologies will solve certain key social problems without the need for constant government intervention and management is not new, as shown e.g. at HyperNormalisation by Adam Curtis (2016) when he talks about the cyberspace (when the Internet was just beginning): Technologies can make our lives better. But in general, some of them also have to be managed.
In any case, cryptocurrencies are bullshit, the true currency of the future is going to be Magic: The Gathering cards. And Cirocoin.
One closely related thing that Ciro Santilli does think could be interesting exploring right now however, notably when having Monero-like anonymity in mind, would be anonymous electronic voting.
TODO evaluate the possible application of cryptocurrency for international transfers:Of course, the ideal solution would be for governments to just allow for people from other countries to create accounts in their country, and use the centralized API just like citizens. Having an account of some sort is of course fundamental to avoid money laundering/tax evasion, be it on the API, or when you are going to cash out the crypto into fiat. So then the question becomes: suppose that governments are shit and never make such APIs, are international transfers just because traditional banks are inneficient/greedy? Or is it because of the inevitable cost of auditing transfers? E.g. how does Transferwise compare to Bitcoin these days? And if cryptocurrency is more desirable, why wouldn't Transferwise just use it as their backend, and reach very similar fees?
While the idea that inflation due to money creation in fiat currencies does feel kind of bad, it could also be seen as a form of taxation, which is something Ciro Santilli sometimes thinks we should have more of. Ciro hasn't fully researched/rationalized how they compare, and would be open for arguments, see also: Section "Money creation vs tax".
Notable ones:
  • buy some at a cryptocurrency exchange. This is the only viable way of obtaining crypto nowadays, since basically all cryptocurrencies require specialized hardware to mine.
  • send it to a self hosted Bitcoin wallet without a full node, e.g. Electrum
  • then send something out of the wallet back to the exchange wallet!
  • convert the crypto back to cash
Official website:
Reference implementation: Bitcoin Core.
Here is a very direct description of the system:
  • each transaction (transaction is often abbreviated "tx") has a list of inputs, and a list of outputs
  • each input is the output of a previous transaction. You verify your identity as the indented receiver by producing a digital signature for the public key specified on the output
  • each output specifies the public key of the receiver and the value being sent
  • the sum of output values cannot obvious exceed the sum of input values. If it is any less, the leftover is sent to the miner of the transaction as a transaction fee, which is an incentive for mining.
  • once an output is used from an input, it becomes marked as spent, and cannot be reused again. Every input uses the selected output fully. Therefore, if you want to use an input of 1 BTC to pay 0.1 BTC, what you do is to send 0.1 BTC to the receiver, and 0.9 BTC back to yourself as change. This is why the vast majority of transactions has two outputs: one "real", and the other change back to self.
Code 1. "Sample Bitcoin transaction graph" illustrates these concepts:
  • tx0: magic transaction without any inputs, i.e. either Genesis block or a coinbase mining reward. Since it is a magic transaction, it produces 3 Bitcoins from scratch: 1 in out0 and 2 in out1
  • tx1: regular transaction that takes:
    • a single input from tx0 out0, with value 1
    • produces two outputs:
      • out0 for value 0.5
      • out1 for value 0.3
    • this means that there was 0.2 left over from the input. This value will be given to the miner that mines this transaction.
    Since this is a regular transaction, no new coins are produced.
  • tx2: regular transaction with a single input and a single output. It uses up the entire input, leading to 0 miner fees, so this greedy one might (will?) never get mined.
  • tx3: regular transaction with two inputs and one output. The total input is 2.3, and the output is 1.8, so the miner fee will be 0.5
                   tx1                     tx3
  tx0            +---------------+       +---------------+
+----------+     | in0           |       | in0           |
| out0     |<------out: tx0 out0 |  +------out: tx1 out1 |
| value: 1 |     +---------------+  |    +---------------+
+----------+     | out0          |  |    | in1           |
| out1     |<-+  | value: 0.5    |  | +----out: tx2 out0 |
| value: 2 |  |  +---------------+  | |  +---------------+
+----------+  |  | out1          |<-+ |  | out1          |
              |  | value: 0.3    |    |  | value: 1.8    |
              |  +---------------+    |  +---------------+
              |                       |
              |                       |
              |                       |
              |    tx2                |
              |  +---------------+    |
              |  | in0           |    |
              +----out: tx0 out1 |    |
                 +---------------+    |
                 | out0          |<---+
                 | value: 2      |
Code 1. Sample Bitcoin transaction graph.
Since every input must come from a previous output, there must be some magic way of generating new coins from scratch to bootstrap the system. This mechanism is that when the miner mines successfully, they get a mining fee, which is a magic transaction without any valid inputs and a pre-agreed value, and an incentive to use their power/compute resources to mine. This magic transaction is called a "coinbase transaction".
The key innovation of Bitcoin is how to prevent double spending, i.e. use a single output as the input of two different transactions, via mining.
For example, what prevents me from very quickly using a single output to pay two different people in quick succession?
The solution are the blocks. Blocks discretize transactions into chunks in a way that prevents double spending.
A block contains:
  • a list of transactions that are valid amongst themselves. Notably, there can't be double spending within a block.
    People making transactions send them to the network, and miners select which ones they want to add to their block. Miners prefer to pick transactions that are:
    • small, as less bytes means less hashing costs. Small generally means "doesn't have a gazillion inputs/outputs".
    • have higher transaction fees, for obvious reasons
  • the ID of its parent block. Blocks therefore form a linear linked list of blocks, except for temporary ties that are soon resolved. The longest known list block is considered to be the valid one.
  • a nonce, which is an integer chosen "arbitrarily by the miner"
For a block to be valid, besides not containing easy to check stuff like double spending, the miner must also select a nonce such that the hash of the block starts with N zeroes.
For example, considering the transactions from Code 1. "Sample Bitcoin transaction graph", the block structure shown at Code 2. "Sample Bitcoin blockchain" would be valid. In it block0 contains two transactions: tx0 and tx1, and block1 also contains two transactions: tx2 and tx3.
 block0           block1             block2
+------------+   +--------------+   +--------------+
| prev:      |<----prev: block0 |<----prev: block1 |
+------------+   +--------------+   +--------------+
| txs:       |   | txs:         |   | txs:         |
| - tx0      |   | - tx2        |   | - tx4        |
| - tx1      |   | - tx3        |   | - tx5        |
+------------+   +--------------+   +--------------+
| nonce: 944 |   | nonce: 832   |   | nonce: 734   |
+------------+   +--------------+   +--------------+
Code 2. Sample Bitcoin blockchain.
The nonces are on this example arbitrary chosen numbers that would lead to a desired hash for the block.
block0 is the Genesis block, which is magic and does not have a previous block, because we have to start from somewhere. The network is hardcoded to accept that as a valid starting point.
Now suppose that the person who created tx2 had tried to double spend and also created another transaction tx2' at the same time that looks like this:
| in0           |
| out: tx0 out1 |
| out0          |
| value: 2      |
Clearly, this transaction would try to spend tx0 out1 one more time in addition to tx2, and should not be allowed! If this were attempted, only the following outcomes are possible:
  • block1 contains tx2. Then when block2 gets made, it cannot contain tx2', because tx0 out1 was already spent by tx2
  • block1 contains tx2'. tx2 cannot be spent anymore
Notably, it is not possible that block1 contains both tx2 and tx2', as that would make the block invalid, and the network would not accept that block even if a miner found a nonce.
Since hashes are basically random, miners just have to try a bunch of nonces randomly until they find one that works.
The more zeroes, the harder it is to find the hash. For example, on the extreme case where N is all the bits of the hash output, we are trying to find a hash of exactly 0, which is statistically impossible. But if e.g. N=1, you will in average have to try only two nonces, N=2 four nonces, and so on.
The value N is updated every 2 weeks, and aims to make blocks to take 10 minutes to mine on average. N has to be increased with time, as more advanced hashing hardware has become available.
Once a miner finds a nonce that works, they send their block to the network. Other miners then verify the block, and once they do, they are highly incentivized to stop their hashing attempts, and make the new valid block be the new parent, and start over. This is because the length of the chain has already increased: they would need to mine two blocks instead of one if they didn't update to the newest block!
Therefore if you try to double spend, some random miner is going to select only one of your transactions and add it to the block.
They can't pick both, otherwise their block would be invalid, and other miners wouldn't accept is as the new longest one.
Then sooner or later, the transaction will be mined and added to the longest chain. At this point, the network will move to that newer header, and your second transaction will not be valid for any miner at all anymore, since it uses a spent output from the first one that went in. All miners will therefore drop that transaction, and it will never go in.
The goal of having this mandatory 10 minutes block interval is to make it very unlikely that two miners will mine at the exact same time, and therefore possibly each one mine one of the two double spending transactions. When ties to happen, miners randomly choose one of the valid blocks and work on top of it. The first one that does, now has a block of length L + 2 rather than L + 1, and therefore when that is propagated, everyone drops what they are doing and move to that new longest one. domain registration: 2008-08-18 by, an American company. But using a privacy oriented registrar: It is unknown how he could have paid anonymously, so it seems likely that the true identity could be obtained by law enforcement if needed.
2008-08-22: private Wei Dai email. Reproduced at on from address Email provider shutting down entirely on 2021-09-30 as per, homepage now juts contains useless Bitcoin stuff.
Bitcoin whitepaper announcement: 2008-10-31 linking to, email sent from from Claimed one year and a half development time. Provider apparently closed in 2014:, as of 2021 just reads:
Once upon a time a man paid me a visit in cyberspace, at this very domain. He planted a seed in our heads that would become the path we are walking today.
Replies in November: under claims source code shared privately by request at that point.
First open source release: 9 January 2009. Announcement: "Windows only for now. Open source C++ code is included" Arghhhhhh how can those libertarians use Microsoft Windows??? Had a GUI already.
2011-04-23 Satoshi sent his last email ever, it was to Martti Malmi. mentions:
May 2011 was also the last time Satoshi communicated privately with other Bitcoin contributors. In an email that month to Martti Malmi, one of the earliest participants, Satoshi wrote, "I've moved on to other things and probably won't be around in the future."
Hal Finney:
Released by Satoshi Nakamoto on the early mailing list discussions where Bitcoin was announced.
More conveniently available at: nowadays.
Interesting ones:
  • 77822fd6663c665104119cb7635352756dfc50da76a92d417ec1a12c518fad69 0 OP_IF OP_INVALIDOPCODE None None OP_ENDIF. The second constant contains an ASCII patch Remove (SINGLE|DOUBLE)BYTE so presumably this is a proof of concept.
+ duscusses what happens if there is an invalid opcode in a branch that is not taken. + Discussed at:
  • 4373b97e4525be4c2f4b491be9f14ac2b106ba521587dad8f134040d16ff73af 0 OP_ADD OP_ADD None OP_EQUAL OP_NOTIF OP_RETURN OP_ENDIF OP_FROMALTSTACK None OP_DROP is provably unspendable because it always falls on OP_FROMALTSTACK but nothing is ever placed in the ALTSTACK
They appear to be included, with rationale that you can already include syntactically valid crap in an unprovable way: Better then have syntactically invalid crap that is provable.
The outputs of this transaction seem to be the first syntactically incorrect scripts of the blockchain:, found by parsing everything locally. The transaction was made in 2013 for 0.1 BTC, which then became unspendable.
The first invalid script is just e.g. "script":"01", which says will push one byte into the stack, but then ends prematurely.
Reference implementation?
Executables provided:
  • bitcoin-qt
There are apparently two methods:
Specific implementations:
TODO: it would be cool to have something like but including the actual transactions:
TODO who owns it? Are they reliable?
This helper dumps a transaction JSON to a binary:
bitcoin-tx-out-scripts() (
    # Dump data contained in out scripts. Remove first 3 last 2 bytes of
    # standard transaction boilerplate.
    echo curl "${h}?format=json" |
    jq '.out[].script' tmp.json |
    sed 's/"76a914//;s/88ac"//' |
    xxd -r -p > "${h}.bin"
Set of scripts b Ciro Santilli, primarily created while researching Cool data embedded in the Bitcoin blockchain. has all strings -n20 strings, we can obtain the whole thing and clean it up a bit with:
wget -O all.html
cp all.html all-recode.html
recode html..ascii all-recode.html
awk '!seen[$0]++' all-recode.html > all-uniq.html
awk to skip the gazillion "mined by message" repeats.
A lot of in that website stuff appears to be cut up at the 20 mark. As shown in Force of Will, this is possibly because they didn't use -w in strings -n20, and the text after the newlines was less than 20 characters.
That website can be replicated by downloading the Bitcoin blockchain locally, then:
cd .bitcoin/blocks
for f in blk*.dat; do strings -n20 -w $f | awk '!seen[$0]++' > ${f%.dat}.txt; done
tail +n1 *.txt
Remove most of the binary crap:
head -n-1 *.txt | grep -e '[. ]' | grep -iv 'mined by' | less
By "Satoshi uploader" we mean the data upload script present in tx 4b72a223007eab8a951d43edc171befeabc7b5dca4213770c88e09ba5b936e17 of the Bitcoin blockchain.
The uploader, and its accompanying downloader, are Python programs stored in the blockchain itself. They are made to upload and download arbitrary data into the blockchain via RPC.
These scripts were notably used for: illegal content of block 229k. The script did not maintain its popularity much after this initial surge up loads, likely all done by the same user: there are very very few uploads done after block 229k with the Satoshi uploader.
Our choice of name as "Satoshi uploader" is copied from A Quantitative Analysis of the Impact of Arbitrary Blockchain Content on Bitcoin by Matzutt et al. (2018) because the scripts are Copyrighted Satoshi Nakamoto on the header comment, although as mentioned at Hidden surprises in the Bitcoin blockchain by Ken Shirriff (2014) this feels very unlikely to be true.
A more convenient version of those scripts that can download directly from without the need for a full local node can be found at: by using the --satoshi option. E.g. with it you can download the uploader script with:
./ --satoshi 4b72a223007eab8a951d43edc171befeabc7b5dca4213770c88e09ba5b936e17
mv 4b72a223007eab8a951d43edc171befeabc7b5dca4213770c88e09ba5b936e17.bin
The scripts can be found in the blockchain at:
The uploader script uses its own cumbersome data encoding format, which we call the "Satoshi uploader format". The is as follows:
  • ignore all script operands and constants less than 20 bytes (40 hex characters). And there are a lot of small operands, e.g. the uploader itself uses format has a OP_1, data, OP_3, OP_CHECKMULTISIG pattern on every output script, so the OP_1 and OP_3 are ignored
  • ignore the last output, which contains a real change transaction instead of arbitrary data. TODO why not just do what with the length instead?
  • the first 4 bytes are the payload length, the next 4 bytes a CRC-32 signature. The payload length is in particular useful because of possible granularity of transactions. But it is hard to understand why a CRC-32 is needed in the middle of the largest hash tree ever created by human kind!!! It does however have the adavantage that it allows us to more uniquely identify which transactions use the format or not.
This means that if we want to index certain file types encoded in this format, a good heuristic is to skip the first 9 bytes (4 size, 4 CRC, 1 OP_1) and look for file signatures.
Let's try out the downloader to download itself. First you have to be running a Bitcoin Core server locally. Then, supposing .bitcon/bitoin.conf containing:
we run:
git clone git://
git -C python-bitcoinrpc checkout cdf43b41f982b4f811cd4ebfbc787ab2abf5c94a
pip install python-bitcoinrpc==1.0
BTCRPCURL=http://asdf:qwer@ \
  PYTHONPATH="$(pwd)/python-bitcoinrpc:$PYTHONPATH" \
  python3 \
worked! The source of the downloader script is visible! Note that we had to wait for the sync of the entire blockchain to be fully finished for some reason for that to work.
Other known uploads in Satoshi format except from the first few:
  • tx 89248ecadd51ada613cf8bdf46c174c57842e51de4f99f4bbd8b8b34d3cb7792 block 344068 see ASCII art
  • tx 1ff17021495e4afb27f2f55cc1ef487c48e33bd5a472a4a68c56a84fc38871ec contains the ASCII text e5a6f30ff7d43f96f61af05efaf96f869aa072b5a071f32a24b03702d1dcd2a6. This number however is not a known transaction ID in the blockchain, and has no Google hits.
tx 243dea31863e94dc2f293489db02452e9bde279df1ab7feb6e456a4af672156a contains another upload script. The help reads:
Publish text in the blockchain, suitably padded for easy recovery with strings
This is likely a system that uploads text to the blockchain.
One example can be seen on the marijuana plant.
Messages are uploaded one line per transaction, and thus may be cut up on the blk.txt, and possibly even out of order.
But because each line starts with j( you can generally piece things up regardless.
TODO identify. The first occurrence seems to be in tx e8c61e29c6b829e289f8d0fc95f9eb2eb00c89c85cfa3a9c700b15805451ae6a:
Claims provably fair. clarifies what that means: they prove fairness by releasing a hash of the seed before the bets, and the actual seed after the bets.
As mentioned in, it functions basically as cryptocurrency tumbler in practice.
This is a list of cool stuff found using techniques mentioned at: Section "How to extract data from the Bitcoin blockchain".
Notably, Ciro Santilli developed his own set of scripts at to find some of this data. This article was originally based on data analyzed going up to around block 668k (2021).
Hidden surprises in the Bitcoin blockchain by Ken Shirriff (2014) is a mandatory precursor to this article, and potentially contains some of the most interesting examples already. An attempt is made to not repeat stuff that is already said in that article. Some repetition happened by accident, as we explored and only later noticed it was already mentioned there. But this also managed to add some new aspects to points previously covered by Ken. This analysis is also a bit more data oriented through our scripting. And there are somethings that only showed up after that post was originally written in 2014, this being originally written in 2021.
As of 2023:
Cool stuff in other sections:
These can be viewed at and are mostly commented on the "Wikileaks cablegate data" section of Hidden surprises in the Bitcoin blockchain by Ken Shirriff (2014).
Soon after block 229991 uploaded the Satoshi uploader, several interesting files were added to the blockchain using the uploader, and notably some containing content that might be illegal in certain countries, as a test to see if this type of content would make the Bitcoin blockchain illegal or not:
So basically, this was the first obviously illegal block attempt.
None of this content is particularly eye-popping for Ciro Santilli's slightly crazy freedom of speech standards, and as of 2021, the Bitcoin blockchain likely hasn't become illegal anywhere yet due to freedom of speech concerns.
Furthermore, it is likely much easier to find much worse illegal content by browsing any uncensored Onion service search engine for 2 minutes.
Ciro Santilli estimates that perhaps the uploader didn't upload child pornography, which is basically the apex of illegality of this era, because they were afraid that their identities would one day be found.
There are a few dozen ASCII arts in the blockchain.
To be honest, almost all of them are copy pastes of stuff present elsewhere, or boring high resolution ones auto-generated from images. But hey, it's still fun to see.
ASCII porn, all of them also reproduced at: therefore not blockchain original. Self-censored from bitcoin-strings-with-txids because GitHub does not accept porn:
  • tx 9206ec2a41846709a59cafb406dd7b07082bfc27664bbc5c6d4df310c1e1b91f: sexually aroused naked woman sitting looking forward with legs open showing her vagina. Vagina row as an identifier for Ctrl + F:
    .     `.    .\x./-`--...../'   ;   :
    A bit bellow tx 8367a48e4a863e37b3749bc9c111327b07a7c383ec9b3e7ce8d41949e71e1c10 has a large hand showing the middle finger
  • tx 0aab36554c2ac5ec23747e7f21f75dbe3f16739134cf44953ad7ac98927146d6: naked woman laying on her side showing her vagina from under her legs, signed fsc. TODO full author name?
Transaction inputs with ASCII art, some miners went all the way:
Tribute to computer security researcher Len Sassaman, who killed himself on 2011-07-03, starting with an ASCII art portrait followed by text.
Because it comes so early in the blockchain, and because it is the first ASCII art on the blochain as far as we can see, and because is so well done, this is by far the most visible ASCII art of the Bitcoin blockchain.
Created by famous computer security researcher Dan Kaminsky and Travis Goodspeed, presumably this other security researcher, evidence:
"Bernanke" is a reference to Ben Bernanke, who was one of the economists in power in the US Government during the financial crisis of 2007-2008, and much criticized by some, as shown for example in the documentary Inside Job (2010). As hinted in the Genesis block message, the United States Government bailed out many big banks that were going to go bankrupt with taxpayer money, even though it was precisly those banks that had started the crisis through their reckless investment, thus violating principles of the free market and business accountability. This was one of the motivations for the creation Bitcoin, which could reduce government power over economic policy.
It is worth mentioning that there do exist some slightly earlier "artistic" inscriptions in the form Punycode inscription in the Namecoin blockchain, but as far as we've seen, the are all trivial compared to BitLen in terms of artistic value/size.
:.: :.' ' ' ' ' : :
:.:'' ,,xiW,"4x, ''
:  ,dWWWXXXXi,4WX,
' dWWWXXX7"     `X,
 lWWWXX7   __   _ X
:WWWXX7 ,xXX7' "^^X
lWWWX7, _.+,, _.+.,
:WWW7,. `^"-" ,^-'
 WW",X:        X,
 "7^^Xl.    _(_x7'
 l ( :X:       __ _
 `. " XX  ,xxWWWWX7
  )X- "" 4X" .___.
,W X     :Xi  _,,_
WW X      4XiyXWWXd
"" ,,      4XWWWWXX
, R7X,       "^447^
R, "4RXk,      _, ,
TWk  "4RXXi,   X',x
lTWk,  "4RRR7' 4 XH
:lWWWk,  ^"     `4
::TTXWWi,_  Xll :..
Len was our friend.
A brilliant mind,
a kind soul, and
a devious schemer;
husband to Meredith
brother to Calvin,
son to Jim and
Dana Hartshorn,
coauthor and
cofounder and
Shmoo and so much
more.  We dedicate
this silly hack to
Len, who would have
found it absolutely
--Dan Kaminsky,
Travis Goodspeed
P.S.  My apologies,
BitCoin people.  He
also would have
LOL'd at BitCoin's
new dependency upon
: :.: ' ' ' ' : :':
:.:     _.__    '.:
:   _,^"   "^x,   :
'  x7'        `4,
 XX7            4XX
 XX              XX
 Xl ,xxx,   ,xxx,XX
( ' _,+o, | ,o+,"
 4   "-^' X "^-'" 7
 l,     ( ))     ,X
 :Xx,_ ,xXXXxx,_,XX
   4XXi,_   _iXX7'
  , `4XXXXXXXXX^ _,
  Xx,  ""^^^XX7,xX
W,"4WWx,_ _,XxWWX7'
Xwi, "4WW7""4WW7',W
TXXWw, ^7 Xk 47 ,WH
:TXXXWw,_ "), ,wWT:
Figure 1. Len Sassaman (2010) Source. For comparison with the ASCII art.
Figure 2. Official portrait of Ben Bernanke (2008) Source. For comparison with the ASCII art.
Video 1. Black OPS of TCP/IP by Dan Kaminsky (2011) Source. Presented at the BlackHat 2011 conference. Dan unveils the Len memorial at the given timestamp around 8:41. The presentation was done on 2011-08-03 or 04, so very few days after the upload to the blockchain.
From the JSON transaction we understand the encoding format:
So it is really encoded one line at a time in the script of the transaction outputs.
j(-> 1EGa1izEFDHzEobDDQny73re9BwXdzhZvH <-
j(                 ,
j(                dM
j(                MMr
j(               4MMML                  .
j(               MMMMM.                xf
j(              "M6MMM               .MM-
j( h..          +MM5MMM            .MMMM
j( .MM.         .MMMMML.          MMMMMh
j( )MMMh.        MM5MMM         MMMMMMM
j(  3MMMMx.     'MMM3MMf      xnMMMMMM"
j(  '*MMMMM      MMMMMM.     nMMMMMMP"
j(    *MMMMMx    "MMM5M\    .MMMMMMM=
j(        MMMMMM  "MMMM  .MMMMM(        .n
j(         *MMMMx  MMM"  dMMMM"    .nnMMMM
j(Mn...     'MMMMr 'MM   MMM"   .nMMMMMMM*
j(4MMMMnn..   *MMM  MM  MMP"  .dMMMMMMM""
j( ^MMMMMMMMx.  *ML "M .M*  .MMMMMM**"
j(    *PMMMMMMhn. *x > M  .MMMM**""
j(       ""**MMMMhx/.h/ .=*"
j(                .3P"%....
j(              nP"     "*MMnx
The transaction before the ASCII art tx 9b08c00ced2bca4525d74e82db9af2aec8ef213eb1c1bf68a48b6be929968332 starts with what is likely a "Legalize" and must be a Tor Onion service:
j(-> 1EGa1izEFDHzEobDDQny73re9BwXdzhZvH <-
but that address as is + .onion is invalid, TODO find the correct one.
ASCII art of a Force of Will, a famous and powerful Magic: The Gathering card first printed in 1996.
This is Ciro Santilli's personal favorite ASCII art he has found in the blockchain so far. Also Ciro could not find any other previous source of this, so there is some chance it is original. One can dream.
The choice of card is probably linked to the function of the card in the game of Magic: The Gathering. This card essentially prevents the opponent from casting a spell they are about to cast. The presumed intended meaning of this art is further accentuated by the old card type term "interrupt" (late renamed to "instant"), which suggests that "this ASCII art is an interruption to the normal monetary transactions of the blockchain".
One of also reminded of the prayer wars interruption attempts. We could not however identify anything specific that this ASCII art might have tried to interrupt besides the normal flow of monetary transactions.
If one goes full art critic mode, it is also tempting to draw a parallel between the card's "You may pay 1 life" alternative casting cost (as opposed to 5 mana, 3 and two blue, which is a very large cost for most games) as being a reference to the money spent by the uploader of the art to upload it.
TODO understand exactly how it was encoded and why it is so weird. The UUUU has a slightly weird encoding which we fixed by hand here TODO understand.
|  Force of Will               3 U U  |
|  ---------------------------------  |
| |                  ////////////   | |
| |                ////() ()\////\  | |
| |               ///_\ (--) \///\  | |
| |        )      ////  \_____///\\ | |
| |       ) \      /   /   /    /   | |
| |    ) /   \     |   |  /   _/    | |
| |   ) \  (  (   /   / /   / \     | |
| |  / ) ( )  / (    )/(    )  \    | |
| |  \(_)/(_)/  /UUUU \  \\\/   |   | |
| .---------------------------------. |
| Interrupt                           |
| ,---------------------------------, |
| | You may pay 1 life and remove a | |
| | blue card in your hand from the | |
| | game instead of paying Force of | |
| | Will's casting cost.  Effects   | |
| | that prevent or redirect damage | |
| | cannot be used to counter this  | |
| | loss of life.                   | |
| | Counter target spell.           | |
| `---------------------------------` |
|                                     l
| Illus.  Terese Nelsen               |
Figure 1. Force of Will Magic: The Gathering card (Alliances) Source. A high resolution scan of the original card depicted in the ASCII art for comparison.
The following two ASCII transactions:
tx 0f05c47a8caafadecc10d70ba3bf010eaf6bb416b5e1ad7b01cf3445f5fb7a1c
I am. Therefore, I have come to be.

-- Hyena

tx e6d48f6912929a58a2ee30c13768058777d8547215c27109b5cb0724e7abaaba
Bro, this looks excellent!!
suggest this ASCII art might have been uploaded by Figure "Erich Erstu", AKA Hyena, creator of, a service which would have allowed uploading ASCII content to the blockchain.
The only other mention of "Duriel" in the blockchain is tx 140562ceb42fc8943fa52ccc0ddbb11ca2d88dae9b5240d7a4b46864538c515a which has some freedom of speech comments and gives the email: = 1HcuhfTAiQCt6KdMG2rZLXsTcKYj9nLDhS was some other blockchain service from circa 2015:
The huge majority of images is encoded with the AtomSea & EMBII system/format. All images in that system will be documented in that section.
Figure 1. bitcoin.jpg. Source.
A bitcoin logo, block 123,573 (2011-05-13).
This is the very first ASCII string to show up at after only the Genesis block message.
This version of the image was just ripped from Hidden surprises in the Bitcoin blockchain by Ken Shirriff (2014).
Reconstructing it should likely be a simple matter of copy pasting the ASCII yEnc encoding present in the two transactions from tx ceb1a7fb57ef8b75ac59b56dd859d5cb3ab5c31168aa55eb3819cd5ddbd3d806 into a text file and decoding the yEnc, but after searching for 20 minutes Ciro couldn't find a working yEnc decoder on Ubuntu 21.10. How can a format be so dead, even after considerable extensive use in the Usenet??? It makes you think about life.
As mentioned by Ken, the logo is split across two transactions: ceb1a7fb57ef8b75ac59b56dd859d5cb3ab5c31168aa55eb3819cd5ddbd3d806 and 9173744691ac25f3cd94f35d4fc0e0a2b9d1ab17b4fe562acc07660552f95518.
There appears to be nothing strictly linking the two transactions, besides that they are very close by and the only ASCII strings around back in those pre-infinite-spam days, as can be seen at:, so you could just see both of them by eye.
Also the first one starts with:
=ybegin line=128 size=8776 name=bitcoin.jpg
and the second one ends in:
=yend size=8776 crc32=a7ac8449
so this is likely clearly part of the yEnc format for someone who knows it, and the filename bitcoin.jpg gives the file format.
They are not even in the same block:both from 2011-05-13. Also note that they ended up being committed reverse order, since you don't have a strict order control over the final blockchain.
Figure 2. v27sSra.jpg.
An image of a dozen people siting at a dinner table, with each person identified by a Twitter handle that was edited in.
This image is present tx 4be3a833ee83b4ca7d157d60fbf7411f7528314ce90df8a844f855118bc6ca11 from block 357239 (2015-05-20), an input transaction.
It contains a base 64 encoded image:

By manually copy pasting that into a file v27sSra.base64 we can obtain the image with:
base64 -d <v27sSra.base64 >v27sSra.jpg
The exact same content appears to be present on the next input transaction 56d23a230042c094bc54bb72fc4c10a3f26750030b9927994e741d3689f5c09e on the same block.
Google reverse image search leads to The story behind the picture of Nick Szabo with other Bitcoin researchers and developers by Arvind Narayanan (2015), in which Arvind (@random_walker) who attended the meeting clearly lists all names and handles, and talks about the background of gathering of Bitcoin devs that happened in March 2014. The article also contains a higher resolution version of the image uploaded to the blockchain.
It also links to a popular Reddit thread that contains the image from May 2015:
Googling v27sSra.jpg leads to;wap "New York Times identifies Nick Szabo as Satoshi Nakamoto" which links to so this is a Satoshi Nakamoto-real-identity thing.
A text/file upload system. an indexer website which interprets the format. Each page has an "abuse report" button to unindex presumably. TODO website source? Local indexer/extraction script? Ciro's indexer and its generated index can be found at:
Each AtomSea payload has a toplevel transaction which links to other transactions. All the linked transactions together make up the payload. The most common payload type is a text plus image, as is the case of Nelson-Mandela.jpg, which can be seen at where 78f0e6de0ce007f4dd4a09085e649d7e354f70bc7da06d697b167f353f115b8e is the toplevel transaction ID:
See Section "Nelson-Mandela.jpg (2013-12-07)" for a detailed reverse engineering of the format, and Section "AtomSea & EMBII data format" for a summary of it. is the system to upload/index locally, and therefore likely part of the backend of bitfossil:
The system shows the messages and the images on a single page: It is basically a blockchain-based Twitter.
Somewhat related projects:
These are of course likely all made by AtomSea & EMBII themselves while developing/testing their upload system.
They are also artsy peoeple themselves, and as pointed at what they were doing was basicaly non-fungible token art, which became much much more popular a few years later around 2021.
The first upload that we could find at was tx 44e80475dc363de2c7ee17b286f8cd49eb146165a79968a62c1c2c4cf80772c9 on block 272573 but it does not show on Bitfossil: This is was due to an upload bug explained by the following entry. By looking at the ASCII data at that this is meant to contain the same content as the following message: a quote from the Bhagavad Gita, so this is definitely a bugged version of the following one.
The next one is on block 272577 (2013-12-02). It reads:
followed by:
He who regards
With an eye that is equal
Friends and comrades,
The foe and the kinsman,
The vile, the wicked,
The men who judge him,
And those who belong
To neither faction:
He is the greatest.
The bug message is definitely a reference to the previous non-visible bugged upload, TODO understand exactly how they fucked up. This illustrates the beauty of the blockchain very well: unlike with version control, you don't just see selected snapshots: you see actual debug logs!!!
The third one contains the first actual image WeAreStarStuff.jpg:
Figure 1. WeAreStarStuff.jpg. Source.
Block 272,592 (2013-12-02) Message:
Photo etchin' test. #AtomSea #embii (photo by Travis Ehrich)
The image shows showingAtomSea and EMBII together, presumably photographed by this dude.
The name is of course a reference to the quote/idea: We Are Made of Star-Stuff that was much popularized by Carl Sagan.
For some reason, for some time it was not showing up at: from block 272,592, but this was apparently a bug of the viewer that was later fixed tested as of 2023. Becaus of this, the version here was ripped from the Bitcoin Testnet visible at: from circa 2015-07-24, much later than the original. which would have been at around 2013-12-02. The data relating to that can be seen at: but we don't have a local decoder yet, so can't confirm easily.
Then comes a boring logo image HugPuddle.jpg on block 272592
Figure 2. HugPuddle.jpg. Source. Message:
HugPuddle Testing Apertus Disk Drive
And then finally we meet Chiharu, EMBII's partner, with her hair painted blond (she's Japanese): ILoveYouMore.jpg.
Then there's an approximation of pi as ASCII decimal fraction
This is the first of many love declarations and mentions EMBII makes of his partner Chiharu!
Figure 1. ILoveYouMore.jpg. Source. Message:
My Dearest Chiharu....I Love you more. <3 Eric
Note that she's Japanese and not really bond, it's hair dye.
SatoFamily.jpg gives Chiharu's full identity with picture basically:
Figure 2. SatoFamily.jpg. Source. Message:
The Sato Family Arrives from Japan! Taken Aug 2. 2014 in Minneapolis MN. (Keiko, Chiharu, Hideaki, Katsuhiko) Now preparing for the Sato / Bobby Great American Vacation!!
so presumably Chiharu's full name is Chiharu Sato.
OurWedding.jpg (2014-08-07)
My Dearest Chiharu, I will love you forever. Taken Aug 6th 2014 in Ipswich, SD.
Figure 1. Nelson-Mandela.jpg. Source. Message:
"There is nothing like returning to a place that remains unchanged to find the ways in which you yourself have altered." - Nelson Mandela Nelson Rolihlahla Mandela was a South African anti-apartheid revolutionary, politician and philanthropist who served as President of South Africa from 1994 to 1999. - Wikipedia Born: July 18, 1918, Mvezo, South Africa Died: December 5, 2013.
tx 8881a937a437ff6ce83be3a89d77ea88ee12315f37f7ef0dd3742c30eef92dba contains a copy of part of his wiki page ending in an image:
There is nothing like returning to a place
 that remains unchanged to find the ways in
 which you yourself have altered.lson Mandela

Nelson Rolihlahla Mandela was a South African anti-apartheid revolutionary, politician and philanthropist who served as President of South Africa from 1994 to 1999. -Wikipedia

Born: July 18, 1918, Mvezo, South Africa
Died: December 5, 2013Nelson-Mandela.jpg?14400/d-jpeg v1.0 (using IJG JPEG v80), quality = 40
By inspecting the transaction, we see that the initial text is cut up because it starts in the middle of a script with line:
00000000  22 33 39 36 5c e2 80 9c  54 68 65 72 65 20 69 73  |"396\...There is|
00000010  20 6e 6f 74 68 69 6e 67  20 6c 69 6b 65 20 72 65  | nothing like re|
00000020  74 75 72 6e 69 6e 67 20  74 6f 20 61 20 70 6c 61  |turning to a pla|
The txid is the first of an index at tx 78f0e6de0ce007f4dd4a09085e649d7e354f70bc7da06d697b167f353f115b8e:
tomSea & EMBII
The A is really missing from AtomSea, it shows up as AtomSea almost in all other greps. This is presumably chopped to fit the 20-byte granularity without an extra output.
We see that starts with:
  • 2 data txs encoding 8881a937a437ff6ce83be3a89d77ea88ee12315f in hex ascii
  • a spent change tx
  • 37f7ef0dd3742c30eef9 on the next
  • 2dba|396*8881a937a43 on the next
  • the newlines from the ASCII dumps are encoded directly:
    00000000  34 32 63 33 30 65 65 66  39 32 64 62 61 0d 0a 35  |42c30eef92dba..5|
    00000010  37 35 30 36                                       |7506|
  • the last is:
    00000000  30 39 31 0d 0a 74 6f 6d  53 65 61 20 26 20 45 4d  |091..tomSea & EM|
    00000010  42 49 49 00                                       |BII.|
    Yes, 2 char Windows newlines, even in one of the most expensive per-byte storage mechanisms ever invented!
All non-change value are 0.00005500 BTC.
Therefore, the rest of the transactions presumably contain the rest of the image!
The bytes for the first one are:
which is

00000000  76 a9 14 33 4e 65 6c 73  6f 6e 2d 4d 61 6e 64 65  |v..3Nelson-Mande|
00000010  6c 61 2e 6a 70 67 3f 88  ac                       |la.jpg?..|
And then the next one:
which is:
00000000  76 a9 14 31 34 34 30 30  2f ff d8 ff e0 00 10 4a  |v..14400/......J|
00000010  46 49 46 00 01 01 00 88  ac                       |FIF......|
so unlike in ILoveYouMore.jpg, we do have the raw JPEG header data here starting with ffd8!
And there is a possible footer ffd9 in the last file of the list 39348722b841afa0c5b67e5af10839afe965ed1b24874e89336bea9fa4ef3091!
However, when I put everything together, cutting around delimiters, it gives only the top half of the head! My data is 14960, not 14400. So there must be 460 bytes of metadata in some of the blocks, possibly error checking.
The actual data starting at ffd8 and cutting off header/tails (20 bytes per transaction):
The above bytes are not contained at all in Ken's uploaded image.
On a related note, tx f3c2e1178fa20a44e942e1137cd7125b376edaadb4fbd46be30b69fe89525d64 contains a speech from Mandela starting with:
/1442:Nelson Mandela (1918-2013)

"I am fundamentally an optimist ...
followed by lots of text.
That transaction is also part of an index in the same file:
tx 9e2928e02e77ceffc217a6df1fc992be128f2188e691986cbb0df8a4207a492f
The middle hash 27f4cc5c688e8V2b2347295ec3f071947bb847fb0cb2eb1a0fb9150040929e4e8 does not name any existing transaction however (it is one byte too long).
Other images:
For a detailed analysis of one transaction see: Nelson-Mandela.jpg.
Best guess so far, all in ASCII hex of output scripts:
  • remove the single output value different from first one from payload, that's the change, and it is randomly placed as far as I see
  • 64 bytes: hex address of top level text
  • 1 byte: some random punctuation
  • decimal number of bytes of some payload
  • 1 byte: some random punctuation
  • 64 bytes: same as the first address
  • CR LF
  • ends in NUL
In this section contains a list of images we could find that wre uploaded as raw data to the blockchain, without any special encoding, e.g. as done by the AtomSea & EMBII system.
It is possible that some/most of those were uploaded via the system, but since that indexer stopped working, and since the format is so non-specific, it is not possible be sure as far as we can tell.
These images were indexed by looking for standard transaction output script hashes that contain JPEG or PNG images immediately on the first payload byte based on file signature bytes and indexed/easily downloaded at
Figure 1. JPG thumbnail. Block 349362 (2015). Presumably a JPEG upload test.
Figure 2. we love bitcoin.
A heart next to a bitcoin logo and written "we love bitcoin". Reproduced at:
Embedded in the image itself, there's a message in the header comments: "Bitcoin uses peer-to-peer technology to operate with no central authority or banks" which is the opening paragraph of:
Block 351375 (2015).
Figure 3. Erich Erstu. Alias: 1Hyena. A well built man wearing a gas mask. Google image search leads to: (archive), who is the creator of It was around after this time that the number of raw images surged dramatically in the blockchain, so it is possible that this is when the service started operating. This further suggests that most raw image uploads we found were made with Block 416527.
Figure 5. A mining supplier: Block 416835.
Figure 6. Nada from They Live (1988). Block 416896.
Figure 7. Cryptocurrenty Minning ad. Twitter "@dobcrypto": Reuploaded at: Block 417111.
Figure 8. Chinese wedding.
A white man and a Chinese woman both in Chinese traditional dressess holding hands, presumably a token from their wedding. TODO transcribe and translate the Chinese text, cursive grass script + traditional characters + ultra-low res put this beyond Ciro Santilli's capabilities/patience ratio. Given the format, it is likely some well known beautiful old poem. Ciro Santilli's wife's transcribed gave the first column as:
"Danzhen" (?) hides silently in the mountains
and no Google hits, so maybe an original poem? What a hero. TODO transcribe the rest. Block 417131.
If Danzhen is a proper noun, the only hit is 洛桑丹珍 (pinyin: Luosang Danzhen), who appears to be a Chinese Communist Party official that worked in Tibet. So does not feel likely.
Figure 9. Superbuffo. Googling gives a Toni Caradonna: Block 417354. At that twitter account claimed the art or its depiction. has some obscure references to him.
Figure 11. New Age dance. Woman dancing a New Age-like dance with New Age-like Indian looking clothes, holding a lamp, and with a rose on her hair. TODO identify. Block 419676.
Figure 12. Snake penetration sculputure. Sculpture of what seems to be a snake penetrating a vagina. Block 420122.
Figure 13. Wedding invitation. TODO: make out names, quite low res, no patience. Looks like Cyrillic script. Block 420960.
Figure 14. Bitcoin love certificate. Hard to make out due to ultra-low-res, and in Cyrillic script. Contains three dates: 8.02.1982, 16.07.1992 and 17.07.2016. Block 421151.
Figure 15. Oles Slobodenyuk.
Wedding picture with people holding "Blockchain" and "Ipa" signs.
Reproduced at: Google translate:
One of the initiators of the launch of this pool was Oles Slobodenyuk, who earlier created a grocery store in Kiev accepting bitcoins, arranged a TakeMyBitcoin flash mob, and also registered his own marriage in the bitcoin blockchain on the website.
Oles is for example featured at: Bitcoin Miners Are Heating Homes Free of Charge in Frigid Siberia by Anna Baydakova (2019)
Block 421280.
Figure 16. Nematode. A... nematode-like shaped hand drawn extremely simple image. A test upload presumably? The squiggle outside of the worm might be a test direction marker. Block 424414.
Figure 17. Hand written contract.
Wedding contract written in Czech. Transcription and translation by Petr Kadlec:
Svým podpisem pod tímto textem potvrzuji, že Daniela Dudysová a Pavel Urbaczka v mé přítomnosti dne 20.8.2016 v Ropici projevili vůli uzavřít spolu manželství, přičemž ani jeden z těchto projevů se mi nejevil jako nesvobodný, nikoliv vážný, nesrozumitelný, omylný nebo uzavřený v tísni.
With my signature under this text, I confirm Daniela Dudysová and Pavel Urbaczka have, in my presence on 2016-08-20 in Ropice, expressed the will to enter marriage, whereas neither of their expressions seemed to me to be non-free, not serious, in error, or under distress.
Tereza (unreadable) Hana (unreadable) Jakub (unreadable) Radim Kozub (unreadable) (unreadable) Lenka (unreadable)
Petr also conjectures that Jakub may refer to Jakub Olšina from Blockchain Legal. Figure 18. "Wedding on grass" on the same block contains a image of a wedding, presumably the same of the contract. The photo of the man might be the same person as, but a bit younger.
Block 426072.
Figure 18. Wedding on grass. Block 426072.
Figure 19. Onshape ad. Ad for, an online CAD company:
#CAD users all over the world are designing in the cloud! Join them by creating a #free Onshape account: Block 426832.
Figure 20. Hello. Yes, this is dog. Block 440418.
Figure 22. Tuxedo and rose. Black and white and intentionally blurred photo of couple, the woman wears a tuxedo, and the man holds a red rose/light-like thing in the middle. Block 453083.
Figure 23. Couple on mountains. Middle aged couple selfie in front of some mountains. Block 456370.
Figure 24. Tank Man.
Searching for the image hash ca4f11131eca6b4d61daf707a470cfccd1ef3d80a6f8b70f1f07616b451ca64e leads to which links to suggesting that this upload was made with, or at least was indexed by it. But that link is not working as of 2021.
Block 458238.
Figure 25. Cat manga. TODO identify, transcribe japanese. Block 581526.
Figure 26. Arms crossed. Nerdy caucasian woman in her late teens/early 20's wearing glasses and a jeans jacked with her arms crossed. TODO identify. Block 597374.
Figure 27. Black cat. No, Google reverse image is not going to find the exact one amongst billions of pics. Block 625045.
Figure 28. Teddy bear. Block 654100 (2020) (marked as joined March 2014)
Bitcoin blockchain image indexer and uploader.
At some point it stopped using Bitcoin mainline and moved to Bitcoin Cash instead: and therefore became useless. Existing indexes seem to have been broken as well.
Also, based on the timing of Figure "Erich Erstu", this service may be responsible for a large part of the raw JPEG images present in the blockchain from block 416527 (2016) onwards. This is also suggested by the comments at Figure "Tank Man".
Other related transactions:
Rickrolling lyrics were mined several times into the blockchain as mentioned at interesting input script data.
Around block block 246k (e.g. 27b7c526489dac8245747fa1c425a2e3eb07dea57b294eb4ae583fec9b859fcf, 2013-10-17) we note several transactions starting with a XML format <CG SZ="1156"><MG>... the first one being 0b4efe49ea1454020c4d51a163a93f726a20cd75ad50bb9ed0f4623c141a8008 As mentioned not very clearly at the content of the first <MG><payload></MG> is a Base64 encoded string
Catagory: Poetry
Title: Never Gonna Give You Up
Performer: Rick Astley
Writer: Mike Stock, Matt Aitken, Pete Waterman
Label: RCA Records
followed by lyrics also base64 encoded as part of the XML metadata. Hidden surprises in the Bitcoin blockchain by Ken Shirriff (2014) was not able to identify the exact format either. At EMBII mentions that this was part of an upload test.
tx d29c9c0e8e4d2a9790922af73f0b8d51f0bd4bb19940d9cf910ead8fbe85bc9b contains a plaintext Rickroll lyric in an output.
Bitcoin addresses are by convention expressed in Base58, which is a human readable binary-to-text encoding invented by Bitcoin. It is a bit like Base64, but obsessed with eliminating characters that look like one another in popular but stupid fonts like capital "I" and lower case ell "l".
This seems to be one of the earliest strategies used to encode messages.
The generated text is however rather obfuscated by the limitations of Base58.
The following transactions contain base58 encoded messages on addresses:
Data in input and output transactions are quite different because:
  • input transaction data can only be added by the miner who obtained the block.
    Input script transactions can only contain arbitrary data when they are made by miners that obtained the block.
    Therefore, except at the very early beginnings when random individuals could still mine without having a nuclear power station at their disposal, basically all input script transactions are boring ads made by mining pools or other souless companies.
    As a result, inputs contain almost exclusively boring miner advertisements.
  • output transaction data however can be added by anyone who makes a transaction.
    Therefore, although the large majority of it is also crap and spam like the rest of the Internet, there is much more interesting stuff to be found there in total.
Here are some exceptionally interesting input data that are not mentioned in other sections:
In this section we document events that led to a large number of thematically related messages being added to the chain.
Starting at tx cbbaa0a64924fe1d6ace3352f23242aa0028d4e0ff6ae8ed615244d66079cfb1 with one line per transaction:
Eligius/Benedictus Deus. Benedictum Nomen Sanctum eius
These are some of the very first ASCII embedded in the blockchain, and is therefore very visible.
Because it is one line per transaction, it could got broken up by some interspersed atheist mockery graffiti, e.g.:
Benedicta sancta eius et immaculata Conceptio.
Benedicta eius gloriosa Assumptio.
Benedictum Nomen Iesu.
Benedictus Iesus in sanctissimo altaris Sacramento.
Benedictus sanctus Ioseph, eius castissimus Sponsus
The non-obvious interruptions are all well known memes/anime references:
It should be noted however, that the interruptions we've found were all output transactions, therefore not done by miners, but just by regular transfers, which are much easier to make. In this sense, therefore, the prayer did win.
Later comments attribute the prayers to a Luke Jr., who is likely:, who says is a Roman Catholic on his Twitter introduction. This is consistent with him being one of the early miners. His LinkedIn: According to LinkedIn he studied at the Benedictine College in Kansas. TODO what is his full real birthname? What is dashjr? Apparently he had his coins stolen in January 2023, then worth $3.5m:
Protesters were posting large chunks of text multiple times into the blockchain as a way to protest against the controversial increase of block size.
tx 08893442680a20c4d0548dec2c8c421fa43336528b4e274dbf2652774f9c9f2d has the first copy of:
I like big blocks and I can not lie
which is the first line of a parody on:
I like big butts and I cannot lie
from the Baby Got Back hip-hop song.
tx 52159222289cd0a5afe0644150d0e23d5d272a57365627d5e869fdb458289858 has the first copy of:
Time to roll out bigger blocks
which is likely a copy of an email from the bitcoin development mailing list. This message is repeated dozens of times in other transactions.
Starting tx a87d406fae047258a12923b3c11a797a5765bd8f868df5c7e9b1cead0e92c9c1: the message:
503: Bitcoin over capacity!
appears about 13 thousand times. WTF happened?
Quick ones that didn't deserve a their own section:
Non-cool things:
Encrypted data: transactions such as:
tx fe37c7eee73be5fda91068dbe0eb74a68495a3fc7185712b8417032db7fc9c5e
are Base64 encoded. Running them through base64 -d leads to starting output bytes Salted__ which as mentioend at is OpenSSL encrypted data. So whever we see the start:
we might as well give up.
  • 4dd57f3e443ad1567a37beab8f6b31d8cb1328a26bac09e50ba96048ad07b8c1 long text in Italian starting with E il cazzo non entr looks vulgar/porn, identify
This is about transactions that are interesting not because of their inscriptions, but for some other reason, such as transaction size, etc.
  • bb41a757f405890fb0f5856228e23b715702d714d59bf2b1feb70d8b2b4e3e08 999,657 bytes. Joins a bunch of tiny inputs into a single output
  • 623463a2a8a949e0590ffe6b2fd3e4e1028b2b99c747e82e899da4485eb0b6be and 5143cf232576ae53e8991ca389334563f14ea7a7c507a3e081fbef2538c84f6e both have 3,075 outputs of 1 satoshi each and a single input. We were not able to identify any meaningful data in it, file just says data, and there aren't long ASCII strings. However, the outputs were unspent as of 2021, which suggests that they might actually be data.
Analysis of some of them follows.
Horrible Horrendous Terrible Tremendous Mining Pool:
Has some cute one liner messages.
Apparently the "Taproot" Bitcoin update made it easier to upload image-sized data once again, which had become prohibitively expensive 2023 and much earlier: Developer Casey Rodarmor apparently contributed to this popularization.
This in turn led to a lot of child porn rediscussion, and people linking back to this page to view earlier inscriptions: incoming links.
TODO understand this new system in detail.
Analyses in other blockchains:
Ken Shirriff is a cool dude, he's done come collabs with Marc Verdiell in electronics restoration.
Semi-boring academic overview, but without reproducibility, or in a way that is too hidden for Ciro to have the patience to find it out.
Claims 1600 files found.
Mentions some upload mechanisms, notably AtomSea & EMBII and Satoshi uploader.
By Ciro Santilli:
By others: contains some comments on the data.
Inscription added by Satoshi Nakamoto on the Genesis block containing:
The Times 03/Jan/2009 Chancellor on brink of second bailout for banks
which is a reference to: wihch is fully titled:
Chancellor Alistair Darling on brink of second bailout for banks
The "Alistair" was slikely removed due to limited payload concerns.
Through the newspaper reference, the message proves a minimal starting date for the first mine.
And it hints that one of Bitcoin's motivation was the financial crisis of 2007-2008, where banks were given bailouts by the government to not go under, which many people opposed as the crisis was their own fault in the first place. A notable related stab is taken at Len Sassaman tribute.
We can extract the image from the blockchain ourselves by starting from:
From that page we manually extract the hash 000000000019d6689c085ae165831e934ff763ae46a2a6c172b3f1b60a8ce26f and then:
wget -O 0.hex
xxd -p -r 0.hex
and that does contain the famous genesis block string:
EThe Times 03/Jan/2009 Chancellor on brink of second bailout for banks
The JSON clarifies that the data is encoded in the script field of the transaction input:
The extra E (0x45 in ASCII) in EThe Times is just extra noise required by the script, we can break things up as:
04ffff001d0104 45 5468652054696d65732030332f4a616e2f32303039204368616e63656c6c6f72206f6e206272696e6b206f66207365636f6e64206261696c6f757420666f722062616e6b73
  • 54 is T
  • the 04ffff001d0104 part just doesn't show up on the terminal because it is not made of any printable characters.
The initial 04 is OP_RETURN.
TODO what is actual the meaning of the ffff001d010445 part? @defango comments:
04ffff001d0104 is a hexadecimal string. It is commonly used in the Bitcoin network as a part of the mining process. Specifically, it is used as the target value for a block to be considered valid by the Bitcoin network.
This value represents the level of difficulty required for a miner to generate a block that meets the network's criteria. The first four bytes, 04ffff, represent the maximum possible target value. The next three bytes, 001d01, represent the current difficulty level
while the final byte, 04, is a padding byte. In summary, this value sets the difficulty level for mining a new block in the Bitcoin network.
TODO the output of the transaction has a jumbled script, likely just a regular output to get things going, can't be arbitrary like input.
This was getting very hot as of 2022 for some reason. Would be good to understand why besides the awesome name.
Cryptocurrency with focus on anonymity.
As mentioned at Section "Cryptocurrency", Ciro Santilli believes that anonymity is the only feature that really matters on crypto coins, and therefore if he were to invest in crypto, he would invest in Monero or some other privacy coin. gives an overview of the privacy mechanisms:
  • ring signatures, which hide the true output (sender) Gives an overview. Mentions that it is prone to heuristic attacks.
    Uses a system of decoys, that adds 10 fake possible previous outputs as inputs, in addition to the actual input.
    So the network only knows/verifies that one of those 11 previous outputs was used, but it does not know which one.
    It's a bit like having a built-in cryptocurrency tumbler in every transaction.
    TODO so how do you know which previous outputs were spent or not?
  • RingCT which hides the amounts.
  • stealth addresses, which hides who you send to
    This forces receivers to scan try and unlock every single transaction in the chain to see if it is theirs or not.
    The sender therefore can know when the money is spent, but once again, not to whom it is being sent.
Coinbase has actually stayed away from trading it even as of 2019 when Monero was the third largest market capitalization crypto because of fear of regulatory slashback: Although it must be said, the value of privacy crypto is greatly reduced when everyone is trading it on exchanges, which require a passport upload to work.
Ubuntu 20.10 as per
sudo apt install git build-essential cmake libuv1-dev libssl-dev libhwloc-dev
git clone
mkdir xmrig/build && cd xmrig/build
cmake ..
make -j$(nproc)
At we see that all you then need is a single CLI command:
xmrig -o -u <your-monero-address>
Seems simple, well done devs!
Benchmark on Lenovo ThinkPad P51 (2017) as per
./xmrig --bench=1M
948.1 h/s
which according to the mining pool would generate 0.0005 XMR/day, which at the February 2021 rate of 140 USD/XMR is 0.07 USD/day. The minimum payout in that pool is 0.004 XMR so it would take 8 days to reach that.
So clearly, application-specific integrated circuit mining is the only viable way of doing this. is a completely full of bullshit article that says otherwise. How can someone publish that!
Test buy 2023-04-10 in the UK:
  • fee: 0.99 pounds, minimum buy: 1.99 pounds
  • bought 10 pounds, minus 0.99 fee, totalled: 0.00039162 BTC (£8.92) presumably after further fees/spread
  • bitcoin price on Google on that day: 22,777.54 GBP / BTC
  • bitcoin transaction fees were about 2.7 BTC on that day
Sending 5 pounds to wallet 12dg2FaiZLp3VzDtLvwPinaKz41TQcEGbs
  • network fee: 0.00001989 BTC
  • total bitcoin cost: -0.00023928 BTC
  • new balance: 15,234 satoshi (39,162 - 23,928).
  • total spent: £5.45
  • time est.: about 30 minutes
This worked and I received 21939 satoshis (23928 - 1989) on Electrum on one of the outputs of transaction 1177268091cbeaacbcaac5dc4f6d1774c4ec11b4bcffafa555cd2775eafb954c.
Sending 1 satoshi back! The lowest fee in Electron is 1120 Satoshis targeting 25 blocks (4 hours). Let's do it. Failed, server forbids dust, minimum is 1000 satoshi. OK, sending 1000 satoshi, at 1139 fee.
Some analysts seem to suggest that the things she said were bad.
But they're not.
They're a rare example of someone with some power saying cool honest stuff that comes across their mind.
Unlike the endless mandatory corporate bullshit we usually get otherwise.
Data that is inscribed in a blockchain as a way to perpetuate the data, rather than to follow the main intended purpose of the given blockchain, e.g. ASCII art instead of financial transactions on the Bitcoin blockchain.
Namecoin examples are catalogued at: The are small Unicode art or emoji code.
There seems to be nothing of particular artistic value as far as we've seen so far, the only interest in such tokens seems to be that:
  • there are some examples that came earlier than those in the Bitcoin blockchain, notably a bit earlier than Section "BitLen"
  • Namecoin is a NFT system unlike Bitcoin which is fungible, so those assets are naturally tradable
A useless piece of paper (or digital version of it) that you can pay taxes with :)
As opposed to:
  • 2020 cryptocurrencies, while governments still don't accept them for taxes, as well as other assets that are also not accepted for taxes (i.e. most assets)
  • physical currencies that have intrinsic material value, e.g. gold coins
Our minimal definition of "electronic money" is the following.
Instead of creating legal tender such as Dollars as banknotes or transactions in some complex obscure banking system, the government offers an official simple centralized API that represents it instead.
Each citizen or legal entity has an account there, and transfers between registered users are just simple API calls.
So for example you would e able to put all your money in the government account instead of using useless banks. And then you would invest it as you want with the investment company of your choice, without tying the "my money is here" with "this is the best investment" aspects of banks.
Centralized system that still attempts some level of privacy.
In it, a central bank issue tokens that are stored offline in your cell phone, a bit like cash bank notes.
When you take those tokens, a corresponding amount gets removed from your bank account, a bit like cash bank notes.
When a transaction is made, tokens are put into a spent token list via central API, and cannot be double spent thereafter. The corresponding ammount is then added to the bank account of the receiver. This also means that offline transactions are not possible.
When emitting, the bank signs the token with their private key. When spending, the bank checks that signature.
How do we prevent the bank from logging which token goes to which user besides trusting that they are running the software we whink they are running? Notably, couldn't timing be used to identify that?