ShopA Bitcoin address is a string of characters that serves a destination on the Bitcoin network.
It is the identifier you share with someone who wants to send you bitcoin, and the string your wallet monitors for incoming funds. It is not an account and does not "hold" bitcoin. It is a derived representation of a public key, used to identify which outputs on the ledger you can spend.
What Does a Bitcoin Address Do?
If you have ever received bitcoin in an on-chain transaction, you have used a Bitcoin address. Your wallet generated a string of characters, which you shared with someone, and bitcoin was sent to you. But that address is not an account number, and nothing about how it works resembles a bank account.
When someone sends you bitcoin, they construct a transaction that has inputs and outputs. One of the transaction's outputs specifies your Bitcoin address. That output is recorded on Bitcoin's distributed public ledger, unspent, until someone authorizes the spending of it in a new transaction. Only the holder of the private key corresponding to that address can produce the proof required to authorize.
You can think of a Bitcoin address as like a locked mailbox. You can share the mailbox address freely, allowing friends to send you "mail" while the contents remain securely locked away. Only your unique private key can unlock that mailbox, granting you the exclusive power to access and spend the contents inside.
Balance vs. UTXO
A Bitcoin address is not a balance. It is an identifier associated with unspent transaction outputs, or "UTXOs." What people call the "balance" at an address is simply the total value of all unspent outputs locked to it, visible to anyone on the ledger.
When you hold bitcoin in self-custody, your addresses are not issued to you by any institution. It is a string of characters derived mathematically from a key you generated. Anyone who holds the corresponding private key controls the funds associated with that address, and no one else does.
Addresses are designed to be shared publicly with the people and businesses you are transacting with. The address itself reveals nothing about the private key that generated it. Sharing it is how you receive bitcoin.
What Are the Different Types of Bitcoin Addresses?
Bitcoin addresses come in several distinct formats, each identifiable by a recognizable prefix. These formats did not all exist from the start. They evolved over Bitcoin's history, with each generation introducing improvements in one or more of three areas:
-
Data efficiency: Newer formats structure transactions to require less data, which directly reduces fees for anyone sending to you.
-
Functionality: Later formats enabled more complex spending conditions, such as multisig arrangements, without exposing the full spending script on-chain.
-
Privacy: The most recent format makes complex multi-party spends indistinguishable from single-key transactions on the public ledger.
Understanding the types helps you recognize an address format at a glance, choose the right format when setting up a new wallet, and understand why the format your wallet generates affects the fees paid by anyone sending to you.
P2PK (Pay to Public Key)
The original format, no standard address
The first Bitcoin transactions used a script type that paid directly to a raw public key. There was no hashing step and no human-readable address. The limitation of this format was that the full public key was exposed on the ledger from the moment funds arrived, not just when they were spent. If elliptic curve cryptography were ever weakened, unspent P2PK outputs would be more vulnerable than hashed addresses. P2PK is a script type rather than an address format and has no standard human-readable form.
P2PKH (Pay to Public Key Hash)
Begins with "1"
The first standard address format was P2PKH, which solved P2PK's exposure problem by hashing the public key before embedding it in the address. The public key only appears on the ledger at the time of spending, not at the time of receiving. Legacy addresses still work and are supported by wallets, but they carry the largest transaction size of the active formats, which means higher fees.
P2SH (Pay to Script Hash)
Begins with "3"
P2SH was introduced as a way to lock funds to a script rather than a simple public key hash. This enabled complex spending conditions (multisig arrangements, timelocks, and other programmable logic) without making the full script visible in the receiving address. P2SH was also used as a compatibility wrapper to support SegWit addresses in wallets that had not yet upgraded.
P2WPKH (Pay to Witness Public Key Hash, Native SegWit)
Begins with "bc1q" (42 characters)
Introduced by the SegWit upgrade (BIP141), P2WPKH separates the transaction signature data (the "witness") from the transaction body. This reduced the weight of each transaction and lowered fees. P2WPKH uses bech32 encoding, which is case-insensitive and includes stronger error detection than Base58Check. It is the recommended format for single-key wallets in software that has not yet adopted Taproot.
P2WSH (Pay to Witness Script Hash)
Begins with "bc1q" (62 characters)
Activated alongside P2WPKH in the 2017 SegWit upgrade, P2WSH is the native SegWit format designed specifically for multisig and complex smart contracts. Just like P2WPKH, it moves signature data to the witness section to significantly lower transaction fees. However, while it shares the same "bc1q" prefix as its single-key counterpart, a P2WSH address is physically longer (62 characters instead of 42) because it uses a 32-byte script hash instead of a 20-byte public key hash, making it easily distinguishable on the blockchain.
P2TR (Pay to Taproot)
Begins with "bc1p"
Introduced by Taproot (BIP341), P2TR uses Schnorr signatures and bech32m encoding. Its defining advantage is that complex spending conditions (multisig arrangements, time-locked scripts) look identical on-chain to a simple single-key spend. A 3-of-5 multisig and a standard single-signature transaction are indistinguishable on the ledger. This improves both privacy and efficiency. P2TR is the most capable and private current format.
Summary
| Type | Prefix | Key improvements |
|---|---|---|
| P2PK | None | Original format; full public key exposed on-chain at receipt |
| P2PKH | 1... | Public key hashed; key concealed until first spend |
| P2SH | 3... | Enables multisig and complex scripts without exposing spending conditions |
| P2WPKH (Native SegWit) | bc1q... (42 chars) | Smaller transactions; lower fees; stronger address encoding |
| P2WSH (Native SegWit) | bc1q... (62 chars) | Native SegWit efficiency for multisig; lower fees than P2SH |
| P2TR (Taproot) | bc1p... | Complex spends indistinguishable from single-key on-chain; most efficient and private |
How is a Bitcoin Address Generated?
An address comes from a public key and the process is deterministic. The same public key always produces the same address, on any wallet, using the same standard.
The generation pipeline works in five steps:
-
Start with the public key. Take the compressed public key from the key pair (33 bytes, the form that modern wallets use).
-
Apply SHA-256. Hash the public key using SHA-256 to produce a 32-byte output.
-
Apply RIPEMD-160. Hash the SHA-256 output using RIPEMD-160 to produce a 20-byte output, known as Hash160. This is the core of the Bitcoin address.
-
Add a version byte and checksum. Prepend a version byte (which identifies the address type) and append a 4-byte checksum derived from a double-SHA-256 of the prefixed hash. This is what makes the address self-validating. A wallet can detect a typo before sending.
-
Encode. Apply Base58Check encoding for legacy addresses, or bech32/bech32m encoding for SegWit and Taproot addresses. The result is the human-readable address string.
The final output is between 25 and 62 characters depending on the format and encoding used.
There are two main reasons why you would want to run the public key through hashing algorithms:
-
The hash is shorter. A 20-byte address is more practical to display and verify than a 33-byte public key.
-
Hashing provides an extra layer of protection. The address exposes only the hash of the public key, not the key itself. The public key is only revealed when you spend from the address, so if elliptic curve cryptography were ever weakened, funds in addresses that have never been spent from would still be protected by the hash layer.
For the full treatment of hash functions, see What are Bitcoin hash functions?
Can You Reuse a Bitcoin Address?
Nothing in the Bitcoin protocol prevents address reuse. You can send bitcoin to your same address over and over again, and still be able to spend it. But reusing an address reduces privacy, and most modern wallets quietly prevent it by generating a new address for every transaction.
To understand why address reuse is inadvisable, you must understand how Bitcoin operates as a distributed public ledger. Every transaction to or from an address is visible to anyone who looks. When you receive to the same address more than once, those multiple transactions all become linked to the same public key on the ledger. An observer can connect them, sum the inflows and outflows, and build a spending history.
If you ever deposit and sell your bitcoin for fiat cash at an exchange that performs Know Your Customer (KYC) checks, then your transaction history can be linked to your identity. This means the exchange has visibility not only to the amount of bitcoin you have sold, but the other transactions associated with your address.
Public Key Exposure from Address Reuse
There is a second consideration relating to public key exposure. Before you spend from an address, only the hashed public key appears on the ledger. Once you send from the address, the public key itself is revealed in the spending transaction. After that first spend, the key is permanently visible. Reusing the address after that point means all future transactions to it arrive at an address whose public key is already public.
Most modern HD wallets handle your addresses automatically. They derive a new receiving address for every transaction by incrementing the address index in the key hierarchy. Each address uses a different private key, but all keys are recoverable from the same seed so you do not have to track each address separately.
Address reuse is not catastrophic and does not expose your private key. But it is a meaningful and avoidable reduction in privacy.
What is Bitcoin Dust?
One more edge case worth knowing is "dust." A dust output is a UTXO whose value is too small to spend economically. Transaction fees are based on the amount of data required, so if the amount of data required to include a particular output in a transaction exceeds its value, that output effectively becomes unspendable. It would cost more in fees to spend that amount of bitcoin than the amount is worth.
Dust accumulates through small change outputs, address reuse, or deliberate dust attacks in which a small amount is sent to a wallet specifically to trace its on-chain activity. Dust is not lost, but it is practically unspendable under normal fee conditions.
Sending and Receiving Carefully
Bitcoin transactions are final. There is no reversal, no dispute process, and no institution to contact if something goes wrong. This makes careful address handling one of the most important habits in self-custody.
Address format is worth understanding before you transact. The prefix identifies the type: 1 for P2PKH, 3 for P2SH, bc1q for native SegWit, bc1p for Taproot. Modern formats carry lower transaction fees for anyone sending to you, so when generating a receiving address, use the most current format your wallet supports.
Before sending bitcoin, verify the full destination address carefully. A single incorrect character will redirect funds to an address nobody controls, and once the transaction is confirmed there is no way to recover them. The most common cause is a simple copy-paste error, but a more serious risk is clipboard hijacking. Malware that monitors your clipboard can silently replace a copied Bitcoin address with one controlled by an attacker. The substituted address looks identical to a valid address and nothing in the sending process signals that the swap has occurred.
When using a signing device, always confirm the receiving address on the device screen rather than relying on what the connected computer displays. The device derives the address independently from the key it holds, so it can catch any discrepancy between what the wallet software shows and what the key actually produces. This is the most reliable way to verify an address before funds are committed.
Related articles
How Bitcoin wallets work
How Bitcoin wallets generate keys, derive addresses, and sign transactions, and why they store keys, not bitcoin.
What is public key cryptography?
The mathematical system that lets Bitcoin prove ownership and authorize transactions without revealing the private key.
What are Bitcoin hash functions?
The one-way mathematical functions that secure Bitcoin's address generation, transaction IDs, mining, and block structure.
Bitcoin address reuse and on-chain privacy
The privacy implications of reusing Bitcoin addresses, and how modern wallets use fresh addresses to protect your transaction history.