@ChrisMoore This is incorrect; "in all likelihood" is inaccurate. If your claim was true, then this would apply to any existing bitcoin address. In fact, the probability of generating a private key for that address at random is 2^(-160), which is definitely computationally out-of-reach. This is comparable with the 2^(-128) probability of randomly guessing an AES key. – dionyziz – 2015-11-21T02:04:39.157

1Don't forget that there are roughly 2^(256-160) private keys for each bitcoin address, so it's very unlikely that none of them correspond to the address you specified, meaning that the coins are in all likelyhood claimable. – Chris Moore – 2012-05-23T19:40:36.390

@ChrisMoore I believe 0x0 is an invalid public key, which would make it impossible to find a matching privkey. – David Perry – 2012-05-23T22:22:10.667

2@DavidPerry OK, but we don't send bitcoins to public keys; we send them to 160 bit hashes of public keys. Any private key whose public key has the same 160 bit hash can claim the funds. There are likely a massive number of private keys that are able to claim funds sent to 1111111111111111111114oLvT2. It's just almost impossible to find any of them. – Chris Moore – 2012-05-24T02:43:13.370

1@ChrisMoore I see your point. It's statistically possible that some address exists which has no possible valid privkeys but every time I try to come up with a way of finding such an address the phrase "computationally unfeasible" comes to mind with it :P – David Perry – 2012-05-24T03:47:10.153

2Why the downvotes? I am looking for "effective /dev/null", not theoretical /dev/null. – ripper234 – 2012-05-24T04:39:58.207

3Just make up any 160 bit number and convert to an address then. They're all impossible to spend from unless you already know a private key for them, or get very very (very) lucky and find one. As for canonical, which definition did you mean? "authorized; recognized; accepted: canonical works" or "Mathematics . (of an equation, coordinate, etc.) in simplest or standard form." The 'BitcoinEater' one is probably most recognised. The 0x0 one could be argued to be simplest. – Chris Moore – 2012-05-24T06:21:20.337

1What do you mean by "nobody can theoretically claim"? What is your "theory" here? Because if you use any reasonable theory for polynomial computational abilities, no, polynomial agents cannot claim these addresses (given we key the private and public addresses correctly). This is the same theory that supports, for example, the unbreakability of RSA and ECDSA.

Specifically, for practical purposes, as you mention bit sizes, you'd need to brute-force a space of 2^160 which is impossible. The fact that the private key space is larger is insignificant. – dionyziz – 2015-11-21T14:13:18.643

Are you referring to the P2PKH transactions that sent around 2600 Bitcoin to "0" in 2011? I won't consider that a valid address. (Here's one of them https://blockchain.info/tx/111291fcf8ab84803d42ec59cb4eaceadd661185242a1e8f4b7e49b79ecbe5f3)

@sr-gi Updated answer. – Willtech – 2018-04-23T10:53:32.930