Bitcoin Vanity Address Guide: Generation and Security
Guide to Bitcoin vanity addresses: how generation works, time estimates by prefix length, tools like VanitySearch, and critical security considerations.
What Is a Bitcoin Vanity Address?
A Bitcoin vanity address is a standard Bitcoin address that contains a human-readable word or pattern, typically at the beginning. For example, an address starting with 1Love or 1BTCorg functions identically to any other Bitcoin address: it can receive and send funds, and it is secured by the same elliptic curve cryptography as every other address on the network.
The difference is purely cosmetic. Generating a vanity address requires brute-forcing random private keys until one produces an address matching the desired prefix. There is no mathematical shortcut: the process is computationally expensive and scales exponentially with each additional character in the prefix.
How Vanity Address Generation Works
Vanity address generation is a brute-force search over the secp256k1 keyspace. The software repeatedly performs these steps:
- Generate a random private key (256-bit integer).
- Derive the corresponding public key via elliptic curve point multiplication.
- Hash the public key using SHA-256 followed by RIPEMD-160 (for legacy addresses) or compute the witness program hash (for bech32 addresses).
- Encode the result as a Bitcoin address (Base58Check or bech32).
- Check whether the address matches the desired prefix pattern.
If the prefix does not match, the software discards the key pair and starts over. This process is embarrassingly parallel, making it ideal for GPU acceleration. A single GPU can test billions of candidates per second, but even at that speed, long prefixes can take years.
Generation Difficulty by Prefix Length
For legacy P2PKH addresses (starting with "1"), the address body uses the Base58 alphabet: 58 possible characters per position. Each additional character in the vanity prefix multiplies the expected search time by roughly 58x. The first character after "1" has a non-uniform distribution due to the version byte, so the initial positions are easier than the formula suggests.
| Prefix | Expected Attempts | Time at 40 Mkey/s (CPU) | Time at 3.5 Gkey/s (GPU) | Time at 6 Gkey/s (Top GPU) |
|---|---|---|---|---|
1X (1 char) | ~22 | < 1 second | < 1 second | < 1 second |
1Xy (2 chars) | ~1,300 | < 1 second | < 1 second | < 1 second |
1Xyz (3 chars) | ~77,000 | < 1 second | < 1 second | < 1 second |
1Xyzw (4 chars) | ~4.5 million | < 1 second | < 1 second | < 1 second |
1Xyzwv (5 chars) | ~260 million | ~6 seconds | < 1 second | < 1 second |
1Bitcoi (6 chars) | ~15 billion | ~6 minutes | ~4 seconds | ~2.5 seconds |
1Bitcoin (7 chars) | ~873 billion | ~6 hours | ~4 minutes | ~2.4 minutes |
1BitcoinE (8 chars) | ~50 trillion | ~14 days | ~4 hours | ~2.3 hours |
1BitcoinEa (9 chars) | ~2.9 quadrillion | ~2.3 years | ~10 days | ~5.6 days |
1BitcoinEat (10 chars) | ~170 quadrillion | ~135 years | ~1.5 years | ~328 days |
All times are statistical averages. Due to the probabilistic nature of brute-force search, actual generation could finish in half the expected time or take twice as long. Case-insensitive matching (accepting both "A" and "a") roughly doubles the probability per position, cutting search time significantly for longer prefixes.
Bech32 Vanity Addresses
Native SegWit addresses use the bech32 encoding (for P2WPKH) or bech32m (for Taproot P2TR). The fixed prefix is bc1q for SegWit v0 or bc1p for Taproot. After the fixed prefix, each position draws from a 32-character alphabet: qpzry9x8gf2tvdw0s3jn54khce6mua7l. This means difficulty scales at 32x per additional character rather than 58x, making bech32 vanity prefixes easier to generate per character than legacy addresses.
However, bech32 is lowercase-only, so case-insensitive optimization is not available. The restricted character set also limits which words can be spelled: letters like "b", "i", and "o" are not in the bech32 alphabet, making words like "bitcoin" impossible.
For a full breakdown of how these address formats differ, see our guide to Bitcoin address types from P2PKH to Taproot and the address validator tool.
Vanity Address Generation Tools
Several open-source tools exist for generating vanity addresses. The original Vanitygen by samr7 is no longer maintained. VanitySearch by JeanLucPons is the most widely used modern alternative, offering CUDA GPU acceleration and support for multiple address formats.
| Tool | GPU Support | Address Types | Split-Key | Status |
|---|---|---|---|---|
| Vanitygen (samr7) | OpenCL | P2PKH | No | Unmaintained |
| VanitySearch (JeanLucPons) | CUDA | P2PKH, P2SH, Bech32 | Yes | Stable (v1.19) |
| vanitygen-plusplus | OpenCL | P2PKH (100+ coins) | No | Active fork |
| vanitybech | No (CPU) | Bech32 only | No | Active |
| btc-vanity (Rust) | No (CPU) | P2PKH, Bech32 | No | Active |
VanitySearch is the recommended tool for most users. It leverages CUDA GPU kernels with AVX2/AVX512 CPU optimizations, and supports split-key generation for trustless outsourcing of computation.
GPU Performance Benchmarks
Modern GPUs dramatically outperform CPUs for vanity address generation. A typical CPU achieves 5 to 40 Mkey/s depending on core count, while a high-end GPU reaches 2,000 to 8,000 Mkey/s: a 100x to 1,600x speedup. The following benchmarks are from community-reported data using VanitySearch-derived tools.
| Hardware | Speed (Mkey/s) | 7-Char Prefix (avg) |
|---|---|---|
| Intel i7 (8 cores, CPU only) | ~40 | ~6 hours |
| GTX 1050 Ti | ~250 | ~58 minutes |
| GTX 1080 Ti | ~900 | ~16 minutes |
| RTX 3070 | ~1,580 | ~9 minutes |
| RTX 3080 | ~3,500 | ~4 minutes |
| RTX 3090 | ~2,570 | ~5.7 minutes |
| RTX 4080 SUPER | ~3,690 | ~3.9 minutes |
| RTX 4090 | ~5,960 | ~2.4 minutes |
| RTX 5090 | ~8,060 | ~1.8 minutes |
These figures are community-reported and may vary based on driver versions, clock speeds, and search parameters. The "7-Char Prefix" column estimates average time for a case-sensitive legacy prefix like 1Bitcoin (~873 billion attempts).
Split-Key Generation
Split-key vanity address generation solves a key trust problem: how to outsource the computation without revealing your private key. The technique uses the additive property of elliptic curve cryptography.
Alice generates a key pair and sends only her public key plus the desired prefix to Bob. Bob searches for a complementary key pair whose combined public key (via elliptic curve point addition) produces the vanity address. When Bob finds a match, he sends the partial private key back to Alice. Alice combines her original private key with Bob's partial key using modular addition to derive the final private key. Bob never learns Alice's private key because he only holds one half of the equation.
VanitySearch supports this mode natively. It is the only safe way to use a third-party's computing power for vanity address generation.
Security Considerations
Vanity addresses themselves are cryptographically identical to any other Bitcoin address. The security risks come from the generation process and from how vanity patterns can be exploited by attackers.
Never Use a Third-Party Generation Service
When an online service generates a vanity address for you, they create the private key. They can retain a copy and steal any funds sent to that address at any time, potentially waiting months until a significant balance accumulates. In 2014, users of bitcoinvanitygen.com reported funds stolen from addresses generated by the service, with individual losses of several BTC. Always generate vanity addresses locally on your own hardware using open-source software that you can audit.
The Profanity Exploit: A $160 Million Lesson
The most significant vanity address security incident occurred in September 2022, involving an Ethereum vanity tool called Profanity. The tool seeded its random number generator with only a 32-bit unsigned integer, meaning there were only ~4.3 billion possible seeds instead of the astronomically larger keyspace required for cryptographic security.
After 1inch Network researchers disclosed the vulnerability, attackers exploited it rapidly. On September 20, 2022, crypto market maker Wintermute lost approximately $160 million because one of their DeFi trading addresses was a vanity address generated with the vulnerable Profanity tool. Attackers recovered the private key by extracting the public key from transaction signatures and brute-forcing the 2^32 seed space.
The lesson: even open-source tools can have critical vulnerabilities. Profanity had been abandoned by its creator years before the exploit was discovered. The flaw was not in the concept of vanity addresses but in the implementation's inadequate entropy. Always verify that the tool you use generates private keys from a cryptographically secure random source with full 256-bit entropy.
Address Poisoning Attacks
Scammers use vanity address generators to create addresses that visually resemble a victim's real address, matching the first and last few characters. They then send tiny transactions to "poison" the victim's transaction history. When the victim later copies an address from their history, they may accidentally copy the attacker's lookalike address instead.
In May 2024, a victim lost 1,155 WBTC (worth approximately $72 million at the time) in an address poisoning attack where the scam address matched the first 4 and last 6 characters of the real address. This attack does not compromise your private key: it exploits truncated address displays in wallet UIs. Always verify the full address, not just the first and last characters.
Best Practices for Safe Generation
- Generate vanity addresses locally on your own machine, never through a web service
- Use well-known, actively maintained open-source software (VanitySearch is the current standard)
- Verify the generated address by independently deriving it from the private key using a separate tool
- Consider using an air-gapped machine for generation, especially for addresses that will hold significant value
- Store the resulting private key with the same rigor as any other Bitcoin key: use cold storage for long-term holding
- Never share your private key with any service or individual
Use Cases for Vanity Addresses
Vanity addresses serve several practical purposes beyond aesthetics:
- Branding and recognition: organizations embed their name in donation or payment addresses for instant visual identification (e.g., the Bitcoin Foundation used an address starting with
1BTCorg) - Donation verification: open-source projects and nonprofits use vanity addresses so donors can visually confirm they are sending to the right recipient, reducing copy-paste errors
- Trust signal: a published vanity address containing a known brand name provides visual confirmation before a transaction is completed
- Personal expression: individuals create addresses containing their name, a word, or a message as a form of cryptographic novelty
Note: Vanity addresses are not a substitute for proper address verification. Always confirm the full address through a trusted, out-of-band channel before sending funds. Use the address validator to check address format and type.
Frequently Asked Questions
Are Bitcoin vanity addresses safe to use?
Yes, if you generate them yourself using reputable open-source software on your own hardware. The resulting address is cryptographically identical to any other Bitcoin address. The security risk lies entirely in the generation process: if someone else generates the address, they know your private key. Never use online vanity address generation services, and always verify the tool's source code uses a cryptographically secure random number generator with full 256-bit entropy.
How long does it take to generate a Bitcoin vanity address?
It depends on the prefix length and your hardware. A 5-character prefix (e.g., 1Spark) takes under a second on a modern GPU. A 7-character prefix (e.g., 1Bitcoin) takes roughly 2 to 6 minutes on an RTX 4090 or RTX 5090. An 8-character prefix takes several hours, and 9+ characters can take days to years. Each additional character multiplies the search time by approximately 58x for legacy addresses or 32x for bech32 addresses.
What is the difference between a vanity address and a regular Bitcoin address?
There is no technical difference. Both are derived from the same secp256k1 elliptic curve cryptography and offer identical security. The only distinction is that a vanity address was selected from billions of randomly generated candidates because its encoded form happened to contain a desired prefix pattern. The private key is just as random and secure as any other.
Can I create a bech32 vanity address?
Yes, but with limitations. Bech32 addresses use a restricted 32-character alphabet (qpzry9x8gf2tvdw0s3jn54khce6mua7l), so many common words cannot be spelled. Letters like "b", "i", and "o" are excluded. The advantage is that each character position only has 32 possibilities instead of 58, making generation faster per character. VanitySearch and vanitybech both support bech32 vanity generation.
What happened with the Profanity vanity address exploit?
In September 2022, the Ethereum vanity address tool Profanity was found to use only a 32-bit seed for key generation, reducing the effective keyspace to ~4.3 billion possibilities. Attackers exploited this weakness to steal approximately $160 million from crypto market maker Wintermute by recovering the private key of a Profanity-generated vanity address. The vulnerability (CVE-2022-40769) demonstrated that vanity tools must use full cryptographic entropy: any reduction in randomness can be catastrophic.
Should I reuse a vanity address?
The same best practices for address reuse apply to vanity addresses. Reusing any Bitcoin address reduces privacy by linking transactions to a single identity. For vanity addresses used for branding or donations, reuse is common and accepted as a tradeoff for recognizability. For personal transactions, generate fresh addresses from an HD wallet and reserve the vanity address for specific, public-facing use cases.
What is split-key vanity address generation?
Split-key generation is a cryptographic technique that allows you to outsource vanity address computation without exposing your private key. You send only your public key and the desired prefix to a third party. They search for a complementary key, and you combine their result with your original private key to produce the final key pair. The third party never learns your complete private key. VanitySearch supports this mode natively.
This guide is for informational purposes only and does not constitute financial or security advice. Always generate vanity addresses on your own hardware using audited, open-source software. Never trust a third party with private key generation. Verify all tools and addresses independently before use.
Build with Spark
Integrate bitcoin, Lightning, and stablecoins into your app with a few lines of code.
Read the docs →