Test Mode

FAQ

Common questions about how this works.

Basics

What is VerifyBTC?

A service for verifying Bitcoin ownership. The holder signs a message with their private key. We verify the signature cryptographically. The result is a timestamped report.

How does verification work?

1. You submit the Bitcoin address and claimed amount.

2. The holder receives a unique message to sign.

3. They sign using their wallet software.

4. We verify the signature and query the blockchain for the current balance.

5. A PDF report is generated with the results.

How long does verification take?

The cryptographic verification is nearly instant. Total time depends on how quickly the holder completes the signing step. Most verifications complete in under a minute.

Do you support other cryptocurrencies?

No. Bitcoin only. Each blockchain has different signature schemes and address formats. We focus exclusively on Bitcoin to do one thing well.

Technical

What is BIP-137?

BIP-137 defines a standard format for Bitcoin message signatures. It allows someone to prove they control an address without creating a transaction or revealing their private key. The signature can be verified by anyone using only the message, signature, and address.

What address formats are supported?

All standard Bitcoin address formats: P2PKH (1...), P2SH-P2WPKH (3...), P2WPKH (bc1q...), and P2TR (bc1p...).

Which wallets are supported?

Any wallet that implements BIP-137 message signing. This includes most hardware wallets (Ledger, Trezor, Coldcard) and software wallets (Electrum, Sparrow, BlueWallet). The verification page provides signing instructions for common wallets.

How do tamper-evident reports work?

Each report includes a SHA-256 hash of its contents.

SHA-256 produces a 256-bit digest from any input. Even a single bit change produces a completely different output.

When we generate a report, we compute the hash and embed it in the document. We also store it separately.

Any modification to the PDF after generation will cause the hash to no longer match. This can be verified independently by anyone with the original hash.

What are spending conditions?

Each verification report includes a spending conditions assessment based on the address type.

Unrestricted: Standard addresses (P2PKH, P2WPKH) where the owner can spend immediately with their private key.

Unknown: Script-based addresses (P2SH, P2WSH, P2TR) that may contain timelocks, multisig requirements, or other spending restrictions not visible from the address alone.

This matters for collateral: an address with unknown conditions might have Bitcoin locked until a future date, or require multiple signatures to spend. Lenders should be aware that script-based addresses could have restrictions preventing immediate liquidation.

Security

Do you have access to private keys?

No. The signing operation happens entirely within the holder's wallet. We receive only the signature, which is public data. Private keys never leave the wallet.

Can a signature be forged?

No. ECDSA signatures are computationally infeasible to forge without the private key. The same cryptography secures every Bitcoin transaction. If someone could forge signatures, they could steal any Bitcoin. This has never happened.

What if the balance changes after verification?

Verification proves control at a specific moment in time. Bitcoin can be moved at any time after signing. For ongoing collateral arrangements, periodic re-verification is recommended. Each report includes a timestamp and the balance at that exact moment.

Business

Do you support multi-signature wallets?

Yes. When creating a verification for a multisig address, provide the signing threshold and public keys. Each keyholder then visits the verification link and signs individually with their own wallet. The system tracks progress and completes verification once the required number of signatures is collected. For example, a 2-of-3 multisig requires any 2 of the 3 keyholders to sign.

Is there a free tier?

Yes. The first 5 verifications are free. No payment information required. Pricing for additional verifications is listed on the pricing page.

Is there an API?

Yes. A REST API is available for programmatic access. You can create verification requests, check status, and retrieve reports. Webhooks notify you when verifications complete. Documentation is available in the docs section.

Limits & Quotas

How are verification quotas shared?

Verification and API request quotas are shared across your entire organization. All team members draw from the same monthly pool. For example, if your plan includes 100 verifications per month, that's 100 total across all members — not 100 per person. Organization admins can set individual member limits through the admin panel to control how the quota is distributed.

What happens when I reach my quota limit?

When your organization reaches its monthly verification or API request limit, new requests will be declined with a quota exceeded error. You can upgrade your plan at any time from the Billing page to increase your limits. Usage counters reset automatically at the start of each billing period.

When do my usage counters reset?

Usage counters reset at the start of each billing period. For paid plans, this aligns with your subscription renewal date. You can see your current usage and reset date on the Billing page in your dashboard.

Privacy

What data do you store?

We store the minimum necessary: Bitcoin addresses, signatures, verification timestamps, and generated reports. Bitcoin addresses are encrypted at rest using AES-256-GCM—a database breach would not expose the link between your account and your addresses. We do not store private keys (we never see them). Account credentials use Argon2 hashing. Full details are in our privacy policy.

Something else? Email us:

support@verifybitcoin.io