A Bitcoin address is where people send you Bitcoin. It is a string of letters and numbers derived from your private key. Understanding the different formats, why address reuse is dangerous, and how to handle addresses safely are the basics of using Bitcoin properly.
Every Bitcoin transaction needs a destination. That destination is an address: a short, encoded string that represents the lock on your funds. Only the matching private key can open that lock. This guide covers how addresses are created, what the different formats mean, how modern wallets manage them automatically, and how to avoid the most common mistakes that cost people their Bitcoin.
A Bitcoin address is the public-facing side of a cryptographic key pair. It tells the Bitcoin network where funds should be locked. Only the holder of the matching private key can access and spend those funds.
When someone sends Bitcoin to your address, the transaction is recorded on the blockchain. The record says: “X amount of Bitcoin is now locked to this address.” To spend it, your wallet creates a new transaction and signs it with the private key that corresponds to that address. The digital signature proves you are authorized to move those funds without ever revealing the private key itself.
Addresses exist as an abstraction layer over public keys. Raw public keys are long (33 or 65 bytes), hard to read, and lack error detection. Addresses solve all three problems. They are shorter, use human-friendly encoding, and include a checksum that catches typos before you accidentally send Bitcoin into the void.
Your seed phrase generates a master private key. That master key deterministically creates all your individual addresses through a process called hierarchical derivation. This means a single seed phrase backs up an unlimited number of addresses. Every address your wallet ever generates can be restored from those 12 or 24 words.
Understanding the chain from private key to address helps you grasp why addresses are safe to share while private keys must stay secret. Each step is a one-way function: you can go forward but never backward.
Generate a private key
A random 256-bit number. This is your master secret. It looks like: 5HueCGU8rMjxEXxiPuD5BDku4MkFqeZyd4dZ1jvhTVqvbTLvyTJ. Guard it with your life.
Derive the public key
Apply elliptic curve multiplication (secp256k1 curve) to the private key. This is a one-way function: you can compute the public key from the private key, but reversing it would take longer than the age of the universe.
Hash the public key
Apply SHA-256, then RIPEMD-160, producing a 160-bit hash (20 bytes). This creates a shorter fingerprint and adds a second layer of cryptographic protection. Even if elliptic curve math were somehow broken, the hash still protects you.
Add version byte and checksum
Prepend a version byte (0x00 for mainnet Legacy). Compute a 4-byte checksum using double SHA-256. Append the checksum to enable typo detection.
Encode for humans
Legacy addresses use Base58Check encoding, which removes confusing characters like 0/O and l/I. This produces the familiar "1..." address format. SegWit and Taproot use bech32/bech32m encoding instead, which is lowercase-only and more error-resistant.
The key insight: your address is derived from your public key, which is derived from your private key. Sharing your address does not expose your public key. Your public key is only revealed when you spend from an address, not when you receive to it. This is why some privacy-conscious users generate a new address for every single transaction.
Bitcoin has evolved through four address formats over the years. Each newer format reduces transaction fees and improves functionality. All four formats are still valid and work on the same Bitcoin network. You can send Bitcoin between any two formats.
Legacy (P2PKH)
Starts with 1
1A1zP1eP5QGefi2DMPTfTL5SLmv7DivfNa
The original Bitcoin address format created by Satoshi Nakamoto. Still works but costs 30-40% more in fees per transaction than SegWit. Uses Base58Check encoding. The example above is the very first Bitcoin address ever created (the genesis block coinbase address).
Wrapped SegWit (P2SH-P2WPKH)
Starts with 3
3J98t1WpEZ73CNmQviecrnyiWrnqRhWNLy
A compatibility bridge that wraps SegWit inside a legacy-compatible script. Works with all wallets, even old ones that do not support native SegWit. Gets a partial fee discount but not the full SegWit benefit. Also used for multisig addresses and other complex scripts.
Native SegWit (bech32)
Starts with bc1q
bc1qxy2kgdygjrsqtzq2n0yrf2493p83kkfjhx0wlh
The current recommended format. Lowercase-only, which reduces QR code size and eliminates case-sensitivity errors. Gets the full SegWit fee discount: transactions cost 30-40% less than Legacy. This is the default on most modern wallets and hardware wallets.
Taproot (bech32m)
Starts with bc1p
bc1p5d7rjq7g6rdk2yhzks9smlaqtedr4dekq08ge8ztwac72sfr9rusxg3297
The newest format, activated with the Taproot soft fork (November 2021). Key privacy improvement: multisig transactions look identical to single-sig on-chain. Also enables more efficient complex scripts. Adoption is growing but not yet universal across all exchanges.
Which format should you use?
Native SegWit (bc1q) for most people. It is supported by all major wallets and exchanges, gives you the lowest standard fees, and is the current default on Trezor, Coldcard, and most other hardware wallets. Taproot is worth enabling if your wallet supports it, especially if you plan to use multisig or care about on-chain privacy.
Here is how the four address formats compare across the features that matter most. Native SegWit and Taproot are the clear winners for new users.
| Feature | Legacy (1...) | Wrapped (3...) | Native (bc1q...) | Taproot (bc1p...) |
|---|---|---|---|---|
| Year introduced | 2009 | 2017 | 2018 | 2021 |
| Relative tx fees | 100% | ~75% | ~62% | ~58% |
| Case sensitive | ✗ Yes | ✗ Yes | ✓ No | ✓ No |
| Error detection | 4-byte checksum | 4-byte checksum | BCH code (better) | BCH code (better) |
| Smaller QR codes | ✗ No | ✗ No | ✓ Yes | ✓ Yes |
| Multisig privacy | ✗ No | ✗ No | ✗ No | ✓ Yes |
| Universal wallet support | ✓ Yes | ✓ Yes | ✓ Yes | Growing |
Modern Bitcoin wallets do not store individual private keys. They use Hierarchical Deterministic (HD) wallets, defined by BIP-32, to derive an unlimited number of keys from a single master seed. Your 12 or 24 word seed phrase is the root of this entire tree.
BIP-44 standardized the path structure so wallets can agree on which addresses to generate. A derivation path looks like this:
m / purpose' / coin' / account' / change / index
m = master key (your seed phrase)
purpose' = address type (44 = Legacy, 49 = Wrapped SegWit, 84 = Native SegWit, 86 = Taproot)
coin' = cryptocurrency (0 = Bitcoin mainnet, 1 = testnet)
account' = account number (0 = first account, 1 = second, etc.)
change = 0 for receiving addresses, 1 for internal change addresses
index = sequential address number (0, 1, 2, 3...)
So the path m/84'/0'/0'/0/0 means: “master seed, Native SegWit, Bitcoin mainnet, first account, receiving side, first address.” The next receiving address would be m/84'/0'/0'/0/1, and so on.
You do not need to memorize this. Your wallet handles derivation automatically. But knowing it exists helps you understand why restoring a seed phrase on a different wallet sometimes shows a different balance: the new wallet might scan a different derivation path. If you restore your seed and see zero balance, check that the wallet is set to the correct address type (Legacy, SegWit, or Taproot).
Every time you receive a payment, your wallet increments the index number and generates the next address in the sequence. This is not a bug. It is a privacy feature.
Because the derivation is deterministic, your wallet can always regenerate every address it has ever created. Nothing is lost. The addresses are not random: they follow a predictable mathematical sequence from your seed. Your wallet simply scans the blockchain for transactions on each derived address to calculate your total balance.
Bitcoin's blockchain is public. Every transaction ever made is visible to anyone with an internet connection. When you reuse an address, you make it trivially easy to build a complete picture of your financial activity.
With address reuse
With fresh addresses
Good news: modern HD wallets handle this automatically. When you receive Bitcoin, your wallet generates a new address for the next payment. You do not need to do anything manually. Just do not override this behavior by handing out the same address repeatedly. If you run a business and need a static payment address, consider a Lightning address instead, which generates unique invoices behind the scenes.
Taproot (activated November 2021) is not just about lower fees. Its biggest contribution is privacy. Before Taproot, different transaction types left different fingerprints on the blockchain. Multisig transactions, time-locked contracts, and simple single-signature sends all looked visibly different. An observer could tell exactly what kind of spending condition was being used.
Taproot changes this. Through a technique called MAST (Merkelized Abstract Syntax Trees) combined with Schnorr signatures, a multisig spend can look identical to a simple single-signature spend on the blockchain. The complex conditions are only revealed if the non-cooperative spending path is used. In the common case where all parties agree, the transaction looks like any other.
There is a catch. Taproot's privacy benefits only work well when enough people use it. If only 5% of transactions use bc1p addresses, then using Taproot actually makes you stand out rather than blend in. Your transactions are identifiable as “one of the Taproot users,” which is a smaller group than the overall Bitcoin user base.
This is called the anonymity set problem. Privacy tools work best when the crowd is large. As Taproot adoption grows (currently around 15-20% of daily transactions), the privacy benefit increases for everyone. By choosing Taproot now, you contribute to making the anonymity set larger for all Taproot users.
Blockchain analysis firms use transaction fingerprinting to cluster addresses and identify users. They look at patterns like address types, transaction timing, input counts, and fee levels. Mixing address types in a single transaction (spending from a bc1q address to a bc1p address and a 1... address) can create a distinctive fingerprint.
For the best privacy, stick to one address format across your wallet and use coin control features if your wallet supports them. The privacy guide covers these techniques in more detail.
On-chain Bitcoin addresses and Lightning Network invoices serve different purposes. Understanding the difference prevents confusion and helps you pick the right tool for each payment.
On-Chain Addresses
Lightning Invoices
Traditional Lightning invoices are long, ugly, and single-use. LNURL and Lightning addresses solve this. A Lightning address looks like an email: satoshi@wallet.com. When someone sends to your Lightning address, their wallet contacts a server behind the scenes and requests a fresh invoice automatically.
This makes Lightning addresses reusable by design, which is perfectly fine for privacy because each actual payment still uses a unique invoice and a unique payment hash. The address is just a human-friendly front door. For a deep dive into Lightning Network setup and usage, see the Lightning Network guide.
A watch-only wallet lets you monitor your Bitcoin balance and receive payments without exposing your private keys. It is one of the most practical features of HD wallets, especially if you use a hardware wallet for cold storage.
An xpub (extended public key) is a master public key that can derive all the child public keys in an HD wallet account. Think of it as a read-only master key. It can generate every receiving address your wallet will ever create, but it cannot sign transactions or spend funds.
This is useful for several scenarios. You can import your xpub into a phone wallet to check balances without keeping private keys on a connected device. Businesses use xpubs to generate unique receiving addresses for each customer without storing private keys on the web server. Accountants can monitor Bitcoin holdings without having the ability to move funds.
Keep your xpub private
An xpub is not as sensitive as a private key, but you should still treat it as confidential. Anyone who obtains your xpub can see every address you have ever used, every address you will use in the future, your complete transaction history, and your total balance across all accounts derived from that key. Never share your xpub publicly. Never paste it into websites you do not trust.
Different address types use different key prefixes. You may see xpub (Legacy), ypub (Wrapped SegWit), zpub (Native SegWit), or descriptors for Taproot. Most modern wallets handle this translation automatically when you export or import an extended key.
A multisig (multi-signature) address requires more than one private key to authorize a transaction. Instead of a single key controlling your funds, you set a threshold: for example, 2-of-3 means any 2 out of 3 keys must sign to spend.
Traditionally, multisig addresses used P2SH (Pay-to-Script-Hash), which produces addresses starting with “3”. The spending conditions are encoded in a script that gets hashed into the address. When you spend, you reveal the full script and the required signatures.
With Taproot, multisig can be done using MuSig2 or threshold signatures. The key advantage: a Taproot multisig address (bc1p...) looks identical to a regular single-sig address on the blockchain. No one can tell that multiple keys were involved. This is a major privacy win.
2-of-3
Most popular for personal use. Keep one key on your hardware wallet, one in a safe deposit box, and one with a trusted family member. Lose any single key and you can still spend with the other two.
3-of-5
Used by businesses and high-value holders. Distributes keys across multiple locations or custodians. Tolerates the loss of up to 2 keys.
2-of-2
Collaborative custody. Both parties must agree to spend. Used by some exchanges as a security measure, where you hold one key and they hold the other.
If you are protecting a significant amount of Bitcoin, multisig is one of the strongest security measures available. It eliminates single points of failure and protects against both theft and accidental key loss.
Every Bitcoin address includes a built-in checksum that catches errors before you send funds to the wrong place. This is one of Bitcoin's most underappreciated safety features.
Legacy and P2SH addresses use Base58Check encoding. The last 4 bytes of the address are a checksum computed by taking the double SHA-256 hash of the payload. If you change even a single character, the checksum will not match, and your wallet will refuse to create the transaction.
Base58 encoding also removes visually ambiguous characters. There is no 0 (zero), O (uppercase o), I (uppercase i), or l (lowercase L) in a Base58 address. This reduces errors when reading addresses aloud or copying them by hand.
SegWit and Taproot addresses use bech32 and bech32m encoding, which have even stronger error detection. The BCH (Bose-Chaudhuri-Hocquenghem) code used in bech32 can detect up to 4 character substitutions and locate errors in strings up to 89 characters long. It can even correct some single-character errors automatically.
Additionally, bech32 addresses are entirely lowercase. This eliminates an entire class of errors caused by accidentally capitalizing a letter. Combined with the superior error detection, bech32 addresses are significantly safer to type, copy, and read than Legacy addresses.
Bottom line
Checksums catch most typos, but they are not magic. A checksum cannot tell you that you pasted an attacker's address instead of your own. It only verifies internal consistency. Always verify the first 4 and last 4 characters of any address you paste, especially for large transactions.
Knowing the theory is not enough. Here are the practical rules that protect your Bitcoin every time you send or receive a transaction.
Always copy-paste or scan QR codes
Never try to type a Bitcoin address manually. One wrong character could send your funds to the wrong place or, if the error passes the checksum, to an address nobody controls.
Verify the first and last 4-6 characters
After pasting an address, visually compare the beginning and end of the address to what you expected. This catches clipboard hijacking attacks where malware silently swaps the address.
Send a test transaction first
For any amount you would be upset to lose, send a small amount first (a few thousand sats). Wait for it to arrive and be confirmed. Then send the rest. The fee for a test transaction is cheap insurance.
Verify on your hardware wallet screen
When sending from a hardware wallet, always check the destination address on the device screen, not just your computer. Malware can show you one address on your monitor while submitting a different one to the device.
Use QR codes for in-person payments
QR codes eliminate typing errors entirely. For bech32 addresses (bc1q, bc1p), the lowercase-only format produces smaller, cleaner QR codes that scan more reliably. Most wallets can display and scan QR codes natively.
Double-check the network
Bitcoin addresses only work on the Bitcoin network. Sending to an address from a different cryptocurrency (Ethereum, Litecoin, etc.) will result in permanent loss. Your wallet should warn you, but always verify the address format matches what you expect.
Clipboard hijacking is one of the most common ways people lose Bitcoin. It is simple, effective, and hard to notice unless you know to look for it. Understanding how it works is the first step to protecting yourself.
Infection
You unknowingly install malware, often bundled with pirated software, browser extensions, or fake wallet apps.
Monitoring
The malware runs silently in the background, watching your clipboard for any text that matches Bitcoin address patterns (strings starting with 1, 3, or bc1).
Replacement
When it detects a Bitcoin address, it instantly replaces the clipboard contents with an address controlled by the attacker. The swap happens in milliseconds.
Theft
You paste what you think is the correct address, but it is now the attacker's address. If you do not verify, you send your Bitcoin directly to the thief.
Always verify the address on your hardware wallet screen before confirming
Compare the first 4 and last 4 characters after pasting
Use a dedicated computer for Bitcoin transactions if possible
Never install pirated software on machines you use for Bitcoin
Keep your operating system and antivirus software up to date
Use a hardware wallet for all significant transactions
If you have never received Bitcoin before, here is exactly what the process looks like from start to finish. No jargon, no shortcuts.
Set up a wallet
Download a reputable Bitcoin wallet. For beginners, a mobile wallet like BlueWallet or Muun works well. For larger amounts, invest in a hardware wallet. Write down your seed phrase on paper and store it securely.
Generate a receiving address
Open your wallet and tap "Receive." Your wallet displays a Bitcoin address, usually as both text and a QR code. This is a fresh, unused address generated from your seed phrase.
Share your address with the sender
Copy the address or show the QR code to the person sending you Bitcoin. You can also paste it into an exchange's withdrawal form. The address is safe to share publicly. It is like a mailbox: anyone can drop in mail, but only you have the key to open it.
Wait for the transaction
The sender broadcasts a transaction to the Bitcoin network. Your wallet detects it within seconds (unconfirmed). Full confirmation takes about 10 minutes for the first block. For small amounts, 1 confirmation is usually enough. For large amounts, wait for 3-6 confirmations.
Verify the amount
Check your wallet balance. The received Bitcoin should appear. If you are receiving from an exchange, note that the exchange may have deducted a withdrawal fee from the amount.
Your next receive address is ready
Your wallet has already generated a new address for your next payment. The old address still works (Bitcoin addresses never expire), but using the new one is better for privacy.
That is it. The entire process takes under a minute to initiate. If you want to understand the full picture of how Bitcoin works before your first purchase, the Bitcoin for beginners guide covers everything from how the network operates to how to buy your first Bitcoin.
Not every wallet and exchange supports every address format. Here is where major platforms stand on format support as of early 2026. Native SegWit is nearly universal. Taproot support is growing but not yet complete.
| Platform | Legacy (1...) | SegWit (bc1q) | Taproot (bc1p) |
|---|---|---|---|
| Trezor | ✓ Yes | ✓ Yes | ✓ Yes |
| Coldcard | ✓ Yes | ✓ Yes | ✓ Yes |
| Ledger | ✓ Yes | ✓ Yes | ✓ Yes |
| Sparrow Wallet | ✓ Yes | ✓ Yes | ✓ Yes |
| BlueWallet | ✓ Yes | ✓ Yes | ✗ No |
| Coinbase | ✓ Yes | ✓ Yes | ✓ Yes |
| Kraken | ✓ Yes | ✓ Yes | ✓ Yes |
| Binance | ✓ Yes | ✓ Yes | ✗ No |
If your exchange does not support Taproot withdrawals, you can still receive to a Taproot address from any wallet that supports sending to bc1p. The limitation is only on the exchange's withdrawal side. For a full breakdown of exchange features, see the best Bitcoin exchanges comparison.
A Bitcoin address is a string of letters and numbers that acts as a destination for Bitcoin transactions. Think of it like an email address for money. You share it with someone who wants to send you Bitcoin, and they use it as the target for their transaction. Addresses are derived from your public key, which is derived from your private key. Anyone can send Bitcoin to an address, but only the person with the matching private key can spend it.
Legacy addresses start with '1' (e.g., 1A1zP1eP5QGefi2DMPTfTL5SLmv7DivfNa). SegWit addresses start with '3' (wrapped) or 'bc1q' (native, e.g., bc1qxy2kgdygjrsqtzq2n0yrf2493p83kkfjhx0wlh). Taproot addresses start with 'bc1p'. Native SegWit (bc1q) is the current standard. Taproot (bc1p) is newer and offers more privacy for advanced transactions.
When you reuse an address, you link all transactions to that address together in the public blockchain. Anyone who knows one of your addresses can see every payment you've received and every transaction you've made from it. Fresh addresses for every transaction keep your financial activity private. Modern wallets generate new addresses automatically using HD wallet technology (BIP-32).
Yes, and if you do, it is gone permanently. Bitcoin transactions are irreversible. If you send to a valid address that belongs to someone else, only that person can return it. If you send to an address where nobody holds the private key, those coins are lost forever. Always double-check the full address before sending, and send a small test transaction for large amounts.
Unlimited. Your wallet generates new addresses from your seed phrase automatically using a deterministic algorithm (BIP-32/BIP-44). There is no cost to creating new addresses, and best practice is to use a new one for every transaction. All addresses generated from your seed phrase can be recovered by restoring the seed.
No. A Bitcoin address is valid forever once generated. But using old addresses is not recommended because of privacy concerns (address reuse) and because older format addresses like Legacy pay higher fees than newer formats like SegWit and Taproot.
Bitcoin addresses include a built-in checksum, which is an error-detection code. If you mistype even one character, the address fails the checksum and your wallet refuses to send. Legacy addresses use Base58Check with a 4-byte double SHA-256 checksum. Bech32 addresses use a BCH code that can detect up to 4 character errors and even correct some of them. This catches nearly all typos before you lose funds.
A public key is a large number derived from your private key using elliptic curve multiplication. A Bitcoin address is a hashed, shortened, checksummed version of your public key. The address is what you share with others. The public key is only revealed on the blockchain when you spend from an address. Addresses serve as an abstraction layer: they are shorter, include error detection, and add a second layer of cryptographic protection.
An xpub (extended public key) is a master key that can derive all the public keys and addresses in your wallet. If someone gets your xpub, they can see every address you have ever used and every address you will use in the future. They cannot steal your Bitcoin without the private key, but they can see your entire transaction history and total balance. Treat your xpub like sensitive financial information.
A Lightning address looks like an email (you@wallet.com) and lets people send you Bitcoin instantly over the Lightning Network. Unlike on-chain addresses, Lightning addresses are reusable by design because each payment creates a unique invoice behind the scenes. On-chain addresses settle on the blockchain in 10-60 minutes. Lightning payments settle in under a second with near-zero fees.
No. Knowing someone's Bitcoin address only lets you send them Bitcoin and view their transaction history on the blockchain. To spend Bitcoin from an address, you need the corresponding private key. It is like knowing someone's email address: you can send them messages, but you cannot read their inbox. However, sharing your address does reduce your privacy since anyone can look up its balance and transactions.
A multisig (multi-signature) address requires multiple private keys to authorize a transaction. For example, a 2-of-3 multisig needs any 2 out of 3 keys to spend. This protects against a single key being lost or stolen. Multisig addresses typically start with '3' (P2SH) or 'bc1q' (native SegWit). They are ideal for large holdings, business treasuries, and inheritance planning where no single person should control the funds alone.
When receiving Bitcoin, your hardware wallet can display the receiving address on its built-in screen. Always compare this to the address shown on your computer. If they match, the address is genuine. If they differ, malware may have tampered with what your computer shows. This verification step is one of the main reasons hardware wallets exist. Never skip it for significant amounts.
Seed Phrase Security
Your seed phrase creates all your addresses. Learn how to back it up and protect it.
Bitcoin Privacy Guide
Address reuse, coin control, CoinJoin, and Tor. A full guide to transacting privately.
Hardware Wallets for Beginners
Why hardware wallets exist, how they protect your keys, and which one to buy.
Lightning Network Guide
Instant payments, near-zero fees, and Lightning addresses. The second layer explained.
Bitcoin Security
Protect your Bitcoin from theft, loss, and common attack vectors.
Bitcoin for Beginners
Starting from zero? This covers everything from how Bitcoin works to buying your first sats.
Your addresses are derived from your seed phrase. Protecting that seed phrase is the single most important thing you can do for your Bitcoin security. Lose your seed and you lose every address, every key, and every sat attached to them.