One of the essential characteristics of the Bitcoin system is that there will never be more than 21 million currency units in circulation. This limit on the money supply is obviously essential, since it ensures the maintenance of the value of the currency and annihilates the phenomenon of inflation that can be observed on state currencies.
This characteristic is enshrined in the Bitcoin protocol and maintained by user consensus. But in reality, we will never really be able to reach that number. The real bitcoin emission limit is under 21 million, and this is due to a number of factors.
The halving mechanism and the 21 million
The first reason is related to how halvings work. Every 210,000 blocks, the number of bitcoins that can be created in each block is halved. This mechanism makes it possible, on the one hand, to ensure the initial distribution of coins, and on the other hand, to pay minors.
The last halving will take place at block 6,720,000. It will reduce the block grant from 2 sats to 1 sat. At block 6,930,000, we should halve the block grant, but since the satoshi is the smallest unit that can circulate on Bitcoin, then money creation will simply stop. The last block that will create new bitcoins will be up to 6,929,999. It will produce the last sat in Bitcoin history. This event is expected to happen around the year 2,141.
📌 1 bitcoin = 100,000,000 sats
But when we get to that event, the total money supply in circulation will only be 20,999,999,9769 bitcoins. In other words, the initial Bitcoin code does not exactly provide for a limit of 21 million. Independent of any human action, this sum will never be reached. It will take around 2 million SATS to arrive at exactly 21 million bitcoins.
The strange Genesis block
The Genesis block is the very first block mined by Satoshi Nakamoto on January 3, 2009. It represents the concrete launch of Bitcoin. It is in this block no. 0 that the famous quote is embedded:
The Times 03/Jan/2009 Chancellor on Brink of Second Bailout for Banks.
But beyond all of these characteristics, the Genesis block is quite odd in the way it was programmed. Like all other blocks, it was supposed to give its miner (Nakamoto in this case) the right to create 50 bitcoins as a reward. Strangely, the Genesis block is coded in such a way that the bitcoins generated remain unexpendable. They are there, you can even see the Coinbase transaction that generates them, but they are not part of all transactions. From a protocol point of view, they are therefore non-existent.
We can thus remove these 50 additional bitcoins from the maximum limit of the money supply on Bitcoin. This takes us a little further away from the famous 21 million.
Unclaimed block grants
Miners can claim a reward when they find a valid block, but they have to claim it themselves. Indeed, it is possible for a winning minor not to generate the Coinbase reward, or to request only a portion of it. Once the block is published, there is no going back, and the total limit of the money supply is indeed imputed to the bitcoins that should have been created and recovered by the miner.
For example, let's say Bob is a miner who finds a valid block. To date, he is supposed to be able to request 6.25 bitcoin grants in addition to the transaction fees collected. But let's imagine that for some reason Bob only asks for 3.25 bitcoins instead of 6.25. In this case, the 3 forgotten bitcoins will never be in circulation, but they will nevertheless be removed from the money supply that can be created on Bitcoin.
Obviously, this situation is extremely rare. Nobody is mining on a voluntary basis. And yet, certainly due to technical anomalies, there are a few blocks that have not generated all of their rewards:
The block 124,724, generated 1 sat less than what it should have done;
Between blocks 162,705 and 169,899, numerous non-claims are referenced;
The block 501,726 did not generate anything. His 12.5 bitcoin rewards are lost forever;
Finally, the block 526 591 only generated half of the reward for 6.25 bitcoins instead of double.
In the first versions of Bitcoin, it was possible for miners to find the same ID twice for different Coinbase transactions. The problem is that it's normally impossible to have two different Bitcoin transactions with exactly the same ID (TXID). If this happens for a Coinbase transaction, then the bitcoins from the second transaction are not added to the UTXO set. In other words, they are not expendable.
This error has happened at least twice in the history of Bitcoin. We find it in the block 91 880 Who has the same coinbase as the block 91,722, and in the block 91,842 Who has the same coinbase as the block 91,812. This problem was rectified in 2012 with BIP30, but in the meantime, 100 more bitcoins are to be withdrawn from the total money supply.
The unsolvable scripts
The language used on Bitcoin to block UTXOs is called “script.” It is a set of commands that allows you to determine how bitcoins can be spent in the future. For example, if your bitcoins require a signature with a private key to be spent, then your UTXos have a script that specifies that.
The problem is that there can be errors with this scripting language when you don't follow the standards. In some cases, it may happen that we send bitcoins to scripts that are impossible to solve. These bitcoins are therefore forever blocked.
This is what happened, for example, to the MtGox exchange platform in 2011. They blocked over 2,600 bitcoins in scripts that could not be satisfied. You can find them all in the block 150,951, in 23 different transactions.
The OP_Returns
The OP_RETURN is a script that allows you to report a transaction output as not expendable. It is used to store arbitrary information on Bitcoin since it allows up to 80 bytes of data to be entered on the blockchain.
All bitcoin chunks associated with an OP_RETURN are ignored by network nodes and are not added to the UTXO set. So, all of these bitcoins are lost forever and can be removed from our money supply count.
Losses at the application level
When you want to talk about the total mass in circulation, it can be tempting to also want to discard all bitcoins that depend on lost private keys, intentionally or not. However, these losses should not be taken into account. Even if a bitcoin owner thinks they've lost their private key, it's not impossible for them to find it. Moreover, it is likely that the signature algorithm used may be broken in the more or less distant future. I am obviously thinking of the threat of quantum computers, which may be able to break ECDSA thanks to the Shor algorithm.
Beyond the fact that these bitcoins will surely one day be found, it is impossible to quantify them accurately. We can observe the old dormant addresses from the beginning of the 2010s, but we will never be able to know if their owners are still in possession of their private keys or not.
This is why it is necessary to clearly differentiate between bitcoin losses at the protocol level and at the application level. Protocol losses are proven and irrevocable, unless a hardfork is made. So we can consider them to be lost within the total Bitcoin money supply. These losses at the protocol level are all the ones I described to you in the previous parts. On the other hand, losses at the application level are neither provable nor definitive. It is therefore not wise to count them in the total money supply. Among these losses at the application level, we include all the losses of private keys and the uses of burn addresses.
Conclusion
As you may have noticed, the total Bitcoin money supply will never really reach the threshold of 21 million units. This is primarily due to the halving mechanism, which will ultimately only generate 20,999,999,9769 bitcoins. In addition, various human errors and software bugs have irreversibly blocked thousands of additional units.
When studying the money supply in circulation, private key losses should not be taken into account. We then differentiate between bitcoin losses at the protocol level and losses at the application level.
To easily identify losses at the protocol level and at the application level, you need to ask yourself: Can these bitcoins be recovered in any way without hardforking? If the answer is yes, then it is a loss at the application level, and it should not be counted.
