The distributed node network that enforces Bitcoin’s monetary policy permissionlessly is the single source of credibility that took Bitcoin from zero to $125,000.
Getting to $1M demands that same credibility at a scale that satisfies sovereign wealth funds and central banks looking to hold an asset for decades.
Understand this very clearly: That network and your node is under systemic attack and Bitcoin Core has enabled it, but for the first time since the attack began, there’s a real proposal on the table that will stop it.
This article explains the attack, the evidence behind the fix, and why the road to $1M runs straight through it.
What Makes Bitcoin Worth Anything
Bitcoin’s entire value proposition rests on a monetary guarantee.
There will only ever be 21M Bitcoin and that limit is enforced by a distributed network of nodes that independently verify every transaction. The guarantee holds because ordinary people around the world can easily run the node software that enforces it.
This is what sets Bitcoin apart from all other centralized “crypto” projects. Ethereum has a foundation. Solana has a handful of validators running enterprise hardware. XRP has Ripple Labs. Every one of these projects has a centralized chokepoint that can be pressured, subpoenaed, sanctioned, or simply persuaded to change the rules. Bitcoin doesn’t because anyone with a modest computer and an internet connection can run a fully validating node and interact directly with the monetary protocol without permission, without intermediaries, and without trusting anyone.
Gold requires trust in assayers, bonds require trust in governments, and equities require trust in auditors. Bitcoin requires trust in math and the nodes that run it.
Every node operator who validates the chain is a vote for the monetary policy. The more nodes there are, the more distributed that validation becomes, and the more credible the guarantee looks to the kind of capital that pushes an asset into seven figures.
So when something threatens the accessibility of running a node, it threatens the value and existence of Bitcoin.
The Bug That Started It All
Bitcoin Core has included spam filtering as a standard feature since day one. Since 2013, node operators have been able to set limits on the size of extra data embedded in transactions through a configuration option called -datacarriersize. This was a deliberate design decision. The developers who built and maintained the protocol understood that without size limits on non-monetary data, the blockchain would inevitably be abused as a cheap data storage system at the expense of every node operator on the network.
The system worked for a decade. Then, in early 2023, Casey Rodarmor launched the Ordinals protocol and the dam broke.
Ordinals exploited a gap in Bitcoin Core’s spam filters. The existing datacarrier limits had never been extended to cover Taproot transactions, which were introduced in the November 2021 upgrade. This meant that by disguising arbitrary data as program code inside Tapscript witness space, using an OP_FALSE OP_IF envelope that is never actually executed, anyone could bypass the size limits that were supposed to prevent exactly this kind of abuse. Images, text files, BRC-20 token mints, and every other form of non-monetary data could now be permanently embedded in the Bitcoin blockchain at a fraction of the cost of a normal data transaction, subsidized by the SegWit witness discount that was designed to make signature verification cheaper.
@ LukeDashjr identified this as a vulnerability from the beginning. In December 2023, he registered the exploit formally as CVE-2023-50428 in the NIST National Vulnerability Database, where it received a 5.3 medium severity score. The official description is precise: “In Bitcoin Core through 26.0 and Bitcoin Knots before 25.1.knots20231115, datacarrier size limits can be bypassed by obfuscating data as code (e.g., with OP_FALSE OP_IF), as exploited in the wild by Inscriptions in 2022 and 2023.”
Luke was unequivocal about what this meant. “Spam filtering has been a standard part of Bitcoin Core since day 1,” he explained. The failure to extend those filters to Taproot transactions was a mistake, and inscriptions were exploiting that mistake to attack the network. “The damage it’s doing to Bitcoin and Bitcoin users, including future users, is huge and irreversible,” he wrote. “Nobody ever allowed ordinals. It’s been an attack on Bitcoin from the start.”
Bitcoin Knots, the alternative node implementation maintained by Dashjr, patched CVE-2023-50428 in version 25.1 in late 2023. Ocean mining pool deployed the fix immediately, announcing that its blocks would now include “more real transactions” and framing Ordinals inscriptions as a denial-of-service attack on the network.
Bitcoin Core never patched it.
A formally registered vulnerability, scored by NIST, exploited in the wild across millions of transactions, adding gigabytes of permanent bloat to every full node on the network, and the primary node software used by the vast majority of Bitcoin’s network declined to fix it. The patch existed, it was tested, and it was deployed in production on Knots. Core chose not to apply it, and then went further in the opposite direction.
Core 30: A Tax on Every Node
While BIP-110 proposes to defend nodes from data bloat, Bitcoin Core version 30 moved in the opposite direction. Instead of patching CVE-2023-50428, Core 30 removed the longstanding OP_RETURN size limit entirely, opening the door for unlimited arbitrary data in OP_RETURN outputs.
The justification offered by Core developers was that the existing 80-byte limit was being circumvented anyway, so there was no point in maintaining it. This is the logic of a city council that stops enforcing speed limits because some people were speeding. It also directly contradicts the decade-long precedent that Dashjr pointed to.
Bitcoin Core maintained datacarrier size limits since 2013 because the developers understood that protecting block space from non-monetary abuse was essential to keeping nodes accessible. Core 30 abandoned that principle.
The practical effect is a tax on every node runner. Unlimited OP_RETURN data means unlimited growth in the data that nodes must download, validate, and store. And for what? The beneficiaries of this change are a handful of developers building non-monetary applications on top of Bitcoin who found the existing limits inconvenient.
People like Jameson Lopp, who argued for the change on the basis of “extreme edge cases” that have nothing to do with Bitcoin’s function as money but everything to do with his “Build on Bitcoin” VS startup Citrea.
The plebs hate this.
Consider the trajectory.
In 2013, Core introduced datacarrier limits to protect nodes from data spam. For ten years, those limits held. In 2023, a vulnerability allowed inscriptions to bypass those limits through Taproot, and Core refused to patch it.
In 2025, Core removed the limits entirely. Each step made nodes heavier and more expensive to run, and each step moved further away from the principle that Bitcoin’s block space exists to serve monetary transactions.
This is the fundamental tension in Bitcoin development right now. One faction wants to preserve the network as a lean, accessible monetary protocol that anyone can validate from a Raspberry Pi.
The other faction wants to expand the protocol’s capabilities to accommodate whatever creative use cases developers can dream up, and they’re willing to make nodes heavier and more expensive to get there.
The first group is building toward $1M Bitcoin. The second group is building toward “Ethereum only better.”
The Data: What BIP-110 Actually Does
@ CunyRenaud just published a corrected simulation of BIP-110 covering 10 days of mainnet data across blocks 929,592 through 931,032.
The results are unambiguous.
Out of 4.7 million transactions in the sample period:
1,957,896 were filtered by BIP-110 (41.5% of all transactions).
747.85 MB of block space reclaimed (36%).
Zero legitimate financial transactions were blocked.
Zero.
Across nearly five million transactions, not a single monetary transfer was caught by the filter. Every payment, every exchange withdrawal, every Lightning channel open, every coinjoin, every multisig spend passed through cleanly.
The breakdown reveals something important that most people in this debate have missed. The community has been treating Ordinals inscriptions and OP_RETURN spam as two separate problems. They aren’t.
Of the inscription transactions caught by BIP-110, 94.6% were hybrid transactions carrying both a Tapscript OP_IF inscription envelope and an OP_RETURN output containing Runes metadata. When BIP-110 filters the inscription, the associated OP_RETURN data disappears with it.
The “two spam problems” narrative collapses under the data. Bitcoin has one spam problem with two symptoms, and BIP-110 addresses both simultaneously.
The Rule That Does the Heavy Lifting
BIP-110 contains several rules, but Rule 7 is the one that matters most. It prohibits OP_IF and OP_NOTIF opcodes in Tapscript execution. This targets the exact mechanism described in CVE-2023-50428, the OP_FALSE OP_IF envelope that Ordinals inscriptions use to embed arbitrary data into witness space.
Rule 7 alone caught 1,954,477 transactions in the simulation, accounting for 99.8% of all filtered transactions. It is, in effect, the patch that Core refused to ship, formalized as a consensus rule with a one-year activation window.
The obvious question is whether this breaks anything real. The simulation specifically searched for legitimate Tapscript contracts using OP_IF, including conditional branches, timelocks, threshold signatures, and hash time-locked contracts.
The answer across 4.7 million transactions was zero. None of these patterns exist on mainnet Tapscript today. Lightning still operates on SegWit v0, DLCs use adaptor signatures, and vault implementations remain experimental.
The theoretical concern that Rule 7 could block future smart contracts deserves acknowledgment. It could. But BIP-110 activates for one year, not permanently. The inscription epidemic is happening now, and the damage to the UTXO set compounds every day it continues.
A one-year intervention that eliminates 41.5% of transaction spam while blocking zero financial activity is a trade-off that favors action.
Bitcoin Is Money
Some people will object to BIP-110 on the grounds that all fee-paying transactions are legitimate. Inscription users paid market rates. Miners accepted their transactions voluntarily. By what authority does anyone filter them out?
The answer lies in understanding what Bitcoin actually protects and why.
Bitcoin’s censorship resistance exists to guarantee monetary transactions. The proof of work, the difficulty adjustment, the block reward schedule, and the entire security model were all engineered to protect a peer-to-peer electronic cash system.
That design, that single purpose, is what justifies the enormous energy expenditure required to secure the network.
Monetary transactions on Bitcoin are uncensorable. That is the property that makes Bitcoin valuable, and it is the property that BIP-110 leaves completely intact. If you are sending or receiving bitcoin as money, BIP-110 does not touch you. The simulation proves this empirically. 2.50 million financial transactions passed through without a single one being affected.
Non-monetary transactions exist at the discretion of the network. Nobody is banning them by decree. Nobody is arresting inscription users. The argument is simply that storing NFT data and token mint instructions in witness space does not carry the same protocol-level protection as transferring value between human beings. When non-monetary usage begins to threaten the infrastructure that makes monetary usage possible, the network has every right to prioritize its core function.
This isn’t censorship. Censorship is when a government blocks your payment because they don’t like your politics. Filtering data storage operations that exploit a vulnerability meant to be patched years ago is network maintenance. The distinction matters, and anyone who conflates the two is either confused or arguing in bad faith.
Dashjr framed this clearly when critics suggested miners would never voluntarily stop including inscription transactions: “Bitcoin works with the assumption that a majority of miners are honest, not malicious.” The security model presumes that miners act in the long-term interest of the network, not that they maximize short-term fee revenue at the expense of the infrastructure that makes those fees valuable in the first place.
The Road to $1M
Imagine explaining Bitcoin to a sovereign wealth fund manager in 2028. You’re making the case that this asset deserves a permanent allocation alongside gold and treasuries.
The case rests on three pillars: fixed supply, censorship-resistant transactions, and decentralized validation. If any one of these pillars weakens, the case weakens. If the supply schedule can be altered, Bitcoin becomes just another fiat currency with better marketing. If transactions can be censored, Bitcoin becomes just a slow database.
If validation concentrates into a handful of data centers because running a node has become too expensive, Bitcoin’s monetary guarantee becomes a gentleman’s agreement enforced by entities with identifiable interests and political pressure points.
Inscription-driven UTXO bloat attacks the third pillar directly. It makes nodes more expensive, it concentrates validation, and it degrades the decentralization that makes the monetary guarantee credible. And it does all of this to provide a service that has nothing to do with money and that can be performed far more efficiently on purpose-built systems.
Arbitrary data storage is a solved problem. Bitcoin doesn’t need to be Filecoin.
Meanwhile, Core’s trajectory from refusing to patch CVE-2023-50428 to actively removing OP_RETURN limits in version 30 signals that the current development leadership is comfortable making nodes heavier in service of non-monetary use cases. BIP-110 pushes back against that trajectory. It says the network’s priority is money, the node network exists to validate money, and the protocol should be optimized for money.
BIP-110 eliminates the inscription attack vector for one year while leaving every financial transaction on the network completely untouched. It removes 41.5% of spam transactions and reclaims 36% of block space. It produces zero false positives across 4.7 million tested transactions. And it preserves the option to reassess once the data on legitimate Tapscript usage becomes clearer.
The path to $1M Bitcoin is paved with the credibility of the monetary policy, the credibility of the censorship resistance, and the credibility of the decentralized validation network that enforces both.
$1M Bitcoin lives or dies with the node network.
What You Can Do
If you run a node, you have a voice in this.
Study the BIP-110 specification. Review the simulation data published by Bitcoin Block Space Weekly. Run the numbers yourself if you have the technical ability. Then make your decision based on what the evidence shows, not on what the loudest voices on social media are telling you to think.
If you’re ready to act, switching from Bitcoin Core to Bitcoin Knots is easier than most people think. If you run Umbrel, Start9, MyNode, or RaspiBlitz, Knots is available as a one-click install in your app marketplace and your existing blockchain data carries over. If you’re running Core on desktop or bare metal Linux, the migration is just as straightforward. Either way, you can be running Knots and enforcing BIP-110 within minutes.
If you need help making the switch or want to talk through the process, reach out to me directly.
Every node that moves to Knots is a vote for Bitcoin’s future as money, and every vote counts.
The data is clear, the trade-offs are honest, and the window is one year. The cost of doing nothing is measured in gigabytes of permanent bloat added to every node on the network, every single day.
Bitcoin is money and BIP-110 keeps it that way.
In conclusion, I highly recommend this video from @ mattkratter
Disclaimer:
- This article is reprinted from [1914ad]. All copyrights belong to the original author [1914ad]. If there are objections to this reprint, please contact the Gate Learn team, and they will handle it promptly.
- Liability Disclaimer: The views and opinions expressed in this article are solely those of the author and do not constitute any investment advice.
- Translations of the article into other languages are done by the Gate Learn team. Unless mentioned, copying, distributing, or plagiarizing the translated articles is prohibited.
