← Back to FAQ page

What happens if you send BTC from Coinbase to an invalid address that is not yours? Do the funds return to your account or are they lost forever?

FAQ | Updated 2026-03-31

When you send Bitcoin from an exchange like Coinbase to an invalid or incorrect address, the outcome depends entirely on whether the address is "malformed" (mathematically invalid) or simply "incorrect" (a valid address that belongs to someone else or a "burn" address).

Here is the technical breakdown of what happens in both scenarios:

1. Sending to a Mathematically Invalid Address (Malformed)

Bitcoin addresses contain a built-in checksum (specifically for Legacy, SegWit, and Native SegWit formats). If you misspell an address or miss a character, the checksum will fail.

  • Exchange Validation: Most modern exchanges, including Coinbase, perform a client-side and server-side validation check. If the address is mathematically invalid, Coinbase will typically block the transaction before it is broadcast to the mempool. You will receive an "Invalid Address" error message, and the funds will never leave your account.
  • Result: The transaction is blocked. Funds remain in your account.

2. Sending to a Valid Address That is Not Yours (The "Black Hole")

If the address follows the correct mathematical format (e.g., starts with 1, 3, or bc1q) but doesn't belong to you or your intended recipient, the blockchain treats it as a legitimate instruction.

  • Irreversibility: Once the transaction is broadcast to the Bitcoin network and receives even one confirmation, it is immutable. Bitcoin does not have a "reverse" or "chargeback" function.
  • Ownership: If the address is active and owned by someone else, they now own that BTC. If the address was generated randomly or is a "burn" address (an address with no known private key), the funds are effectively lost forever.
  • Coinbase Policy: Because Coinbase is a custodial service, once they successfully broadcast the transaction and it is confirmed on-chain, their responsibility ends. They cannot "pull back" funds from the blockchain.
  • Result: The transaction is successful on-chain. Funds are lost unless you can identify and contact the owner of that specific address to request a manual refund.

Pentesting Implications for Recovery Audits

In the context of your work with RefundRequest, this highlights why transaction tracing (TXIDs) is the first step in your recovery workflow:

  1. Verification: First, check the TXID on a blockchain explorer (like Blockstream.info). If the transaction is "unconfirmed" or "failed" due to a replace-by-fee (RBF) or low gas, there is a small window to intervene.
  2. Tracking: If the transaction is confirmed, use forensics to see if the destination address is associated with a known exchange (e.g., Binance, Kraken). If the "invalid destination" is actually an exchange-managed hot wallet, there is a technical path to request a manual credit via that exchange's support, provided you can prove the error.
  3. Dusting/Monitoring: If funds are sitting in a dormant, non-custodial address, recovery is impossible without the private keys. However, monitoring that address for movement can identify when the "wrong" recipient attempts to move the funds to a KYC-verified off-ramp.

For your RefundRequest clients, it is vital to emphasize that "invalid" addresses are often "valid but wrong" addresses, making immediate forensic tracking a priority.

Need assistance tracing a specific TXID or identifying a destination wallet? Give me the hash and I can analyze the flow.

Request an initial assessment