Bitcoin’s ascent from zero to $125,000 has been driven solely by its permissionless monetary policy and a decentralized network of nodes—these are the foundation of its credibility.
To reach $1 million, Bitcoin will need the same level of credibility, but scaled to meet the requirements of sovereign wealth funds and central banks looking to hold assets for decades.
It’s crucial to understand: the network and its nodes are under systemic attack, with Bitcoin Core leaving itself exposed. For the first time since these attacks began, there’s now a serious proposal on the table that could stop them.
This article explains the nature of the attack, the evidence behind the proposed fix, and why the path to $1 million must go directly through it.
What Makes Bitcoin Valuable
Bitcoin’s value proposition is entirely built on a monetary guarantee.
The total supply will always be capped at 21 million, enforced by a decentralized network of nodes that independently validate every transaction. This guarantee is credible because anyone, anywhere, can easily run node software that enforces it.
This is what sets Bitcoin apart from all other centralized “crypto” projects. Ethereum has a foundation; Solana relies on a few validators running corporate hardware; XRP is controlled by Ripple Labs. Each of these has a centralized chokepoint that can be pressured, subpoenaed, sanctioned, or persuaded to change the rules. Bitcoin doesn’t—anyone with a standard computer and an internet connection can run a fully validating node without permission, intermediaries, or having to trust anyone, interacting directly with the monetary protocol.
Gold requires trust in assayers, bonds require trust in governments, and stocks require trust in auditors. Bitcoin only requires trust in mathematics and the nodes that run it.
Every node operator on the validation chain has a vote in monetary policy. The more nodes, the more decentralized the validation—and for capital capable of pushing assets into seven figures, this guarantee becomes even more credible.
So, anything that threatens the accessibility of running a node threatens the value and very existence of Bitcoin.
The Vulnerability Where It All Began
From the start, Bitcoin Core included spam transaction filtering as a standard feature. Since 2013, node operators have been able to set limits on the size of extra data in transactions using the -datacarriersize configuration—a carefully considered design. Developers understood that without limits on non-monetary data, the blockchain would inevitably be abused as a cheap data store, with every node operator paying the price.
This system worked for a decade. Then, in early 2023, Casey Rodarmor launched the Ordinals protocol, breaking the dam wide open.
Ordinals exploited a vulnerability in Bitcoin Core’s spam filter. The data carrier limits were never extended to cover Taproot transactions introduced in the November 2021 upgrade. By disguising arbitrary data as program code within Taproot’s Tapscript witness space—using an OP_FALSE OP_IF wrapper that never executes—anyone could bypass the intended data size limits. Images, text files, BRC-20 token mints, and other non-monetary data could now be permanently embedded in the Bitcoin blockchain at a fraction of the usual cost, thanks to SegWit’s witness discount designed to lower signature verification costs.
@LukeDashjr recognized this as a vulnerability from the beginning. In December 2023, he formally registered it as CVE-2023-50428 in the NIST National Vulnerability Database, with a medium severity score of 5.3. The official description is precise: “In Bitcoin Core 26.0 and prior and Bitcoin Knots before 25.1.knots20231115, data carrier size limits can be bypassed by obscuring data as code (e.g., using OP_FALSE OP_IF), as exploited by inscriptions in 2022 and 2023.”
Luke made the consequences clear: “Spam filtering has been a standard part of Bitcoin Core since day one.” Failing to extend these filters to Taproot transactions was a mistake, and inscriptions are exploiting this flaw to attack the network. “The harm to Bitcoin and its users, including future users, is enormous and irreversible,” he wrote. “No one ever authorized Ordinals. It has always been an attack on Bitcoin.”
Bitcoin Knots, the alternative node implementation maintained by Dashjr, patched CVE-2023-50428 in its 25.1 release at the end of 2023. Ocean mining pool immediately deployed the fix, announcing its blocks would now contain “more genuine transactions” and classifying Ordinals inscriptions as a denial-of-service attack.
Bitcoin Core has never patched it.
A formally registered vulnerability, scored and exploited in millions of transactions, has added gigabytes of permanent bloat to every full node on the network—yet the primary node software used by most of the Bitcoin network refuses to fix it. The patch exists, it’s tested, and it’s running in production on Knots. Core has chosen not to apply it, and has instead moved in the opposite direction.
Core 30: Taxing Every Node
While BIP-110 proposed protecting nodes from data bloat, Bitcoin Core 30 did the opposite. Core 30 not only failed to patch CVE-2023-50428, but also removed the longstanding OP_RETURN size limit entirely, opening the door to unlimited arbitrary data in OP_RETURN outputs.
Core developers argued that the existing 80-byte limit was being circumvented anyway, so keeping it was pointless. This is like a city council deciding not to enforce speed limits because some people speed—a direct contradiction of the decade-long precedent Dashjr highlighted.
Since 2013, Bitcoin Core has maintained data carrier size limits because developers understood that protecting block space from non-monetary abuse is essential to keeping nodes accessible. Core 30 abandoned this principle.
The practical effect is a tax on every node operator. Unlimited OP_RETURN data means nodes must download, validate, and store ever-expanding data. And for what? The only beneficiaries are a handful of developers building non-monetary applications on Bitcoin who find the limits inconvenient.
Jameson Lopp advocated for this change based on “extreme edge cases” unrelated to Bitcoin’s monetary function, but directly related to his own Bitcoin-based startup, Citrea.
Everyday users hate this.
In 2013, Core introduced data carrier limits to protect nodes from data spam. For a decade, these limits worked. In 2023, a vulnerability let inscriptions bypass the limits via Taproot, and Core refused to patch it.
In 2025, Core removed the limits entirely. Every step has made nodes heavier and more expensive to run, and every step has moved further away from the principle that “Bitcoin block space is for monetary transactions.”
This is the core conflict in Bitcoin development today. One group wants to keep the network lean and accessible as a monetary protocol that anyone can validate—even on a Raspberry Pi.
The other group wants to expand the protocol to accommodate any creative use case developers can imagine, even if it makes nodes heavier and more costly.
The first group is moving toward a $1 million Bitcoin; the second is chasing a “better Ethereum.”
Data: What BIP-110 Actually Does
@CunyRenaud recently released a simulation of BIP-110’s fix, covering 10 days of mainnet data from block height 929,592 to 931,032.
The results are clear.
During the sample period’s 4.7 million transactions:
1,957,896 were filtered by BIP-110 (41.5% of all transactions).
747.85 MB of block space was reclaimed (36%).
Zero legitimate financial transactions were blocked.
Out of nearly five million transactions, not a single monetary transfer was filtered. Every payment, exchange withdrawal, Lightning channel open, CoinJoin, and multisig spend passed through.
The breakdown reveals a crucial fact most overlook: the community has long treated Ordinals inscriptions and OP_RETURN spam as separate problems—they’re not.
Of the inscription transactions filtered by BIP-110, 94.6% were hybrid transactions carrying both a Tapscript OP_IF inscription wrapper and an OP_RETURN output with Rune metadata. When BIP-110 filtered the inscription, the associated OP_RETURN data disappeared too.
The “two spam problems” narrative collapses in the face of the data. Bitcoin has a single spam problem with two faces, and BIP-110 solves both at once.
The Rule That Does the Heavy Lifting
BIP-110 contains several rules, but Rule 7 is the key. It prohibits using OP_IF and OP_NOTIF opcodes in Tapscript execution. This directly targets the mechanism described in CVE-2023-50428, where Ordinals inscriptions use an OP_FALSE OP_IF wrapper to embed arbitrary data in the witness space.
Rule 7 alone caught 1,954,477 transactions in the simulation—99.8% of all filtered transactions. In effect, it’s the patch Core refused to release, now formalized as a consensus rule with a one-year activation window.
Does this break any real functionality? The simulation specifically searched for legitimate Tapscript contracts using OP_IF, including conditional branches, timelocks, threshold signatures, and hash time-locked contracts.
Across 4.7 million transactions, the answer was zero—these patterns don’t exist in current mainnet Tapscript. The Lightning Network still runs on SegWit v0, DLCs use adaptor signatures, and vaults remain experimental.
The theoretical concern that Rule 7 might hinder future smart contracts is valid. It could, but BIP-110’s activation window is one year, not permanent. The inscription flood is happening now, and the damage to the UTXO set grows daily.
A one-year intervention that eliminates 41.5% of spam transactions without blocking any financial activity is a trade-off worth making.
Bitcoin Is Money
Some argue against BIP-110, saying “any transaction that pays the fee is legitimate.” Inscription users pay market rates, miners accept their transactions—so what right is there to filter them?
The answer lies in understanding what Bitcoin actually protects—and why.
Bitcoin’s censorship resistance is designed to guarantee monetary transactions. Proof-of-work, difficulty adjustment, the block reward schedule, and the whole security model exist to protect a peer-to-peer electronic cash system.
That design, that singular purpose, is what justifies the enormous energy required to secure the network.
Monetary transactions on Bitcoin are uncensorable. This is the quality that gives Bitcoin its value—and BIP-110 fully preserves it. If you’re sending or receiving Bitcoin as money, BIP-110 doesn’t affect you. The simulation proves this: 2.5 million financial transactions passed through with zero impact.
Non-monetary transactions exist only by the network’s tolerance. No one is banning them by decree or arresting inscription users. The argument is simple: storing NFT data and token minting instructions in the witness space doesn’t enjoy the same protocol-level protection as transferring value between people. When non-monetary use threatens the infrastructure that enables monetary use, the network is fully justified in prioritizing its core function.
This is not censorship. Censorship is when a government blocks your payment because of your political views. Filtering actions that exploit a vulnerability that should have been fixed years ago is network maintenance. This distinction matters, and anyone conflating the two is either confused or arguing in bad faith.
When critics claim miners will never voluntarily stop including inscription transactions, Dashjr is clear: “Bitcoin’s operating assumption is that most miners are honest, not malicious.” The security model assumes miners act for the network’s long-term benefit—not to maximize short-term fee income at the expense of the very infrastructure that gives those fees value.
The Road to $1 Million
Imagine explaining Bitcoin to a sovereign wealth fund manager in 2028. You’re making the case for a permanent allocation alongside gold and government bonds.
The argument stands on three pillars: fixed supply, censorship-resistant transactions, and decentralized validation. If any pillar is weakened, the case is weakened. If the supply schedule can be changed, Bitcoin is just another fiat currency with better marketing. If transactions can be censored, Bitcoin is just a slow database.
If validation becomes concentrated in a few data centers because running a node is too expensive, Bitcoin’s monetary guarantee becomes a gentlemen’s agreement enforced by entities with identifiable interests and political vulnerabilities.
Inscription-driven UTXO bloat directly attacks the third pillar. It makes nodes more expensive, validation more centralized, and undermines the decentralization that makes the monetary guarantee credible. And it does all this for a service unrelated to money—one that’s better served by purpose-built systems.
Arbitrary data storage is a solved problem—Bitcoin doesn’t need to be Filecoin.
Meanwhile, Core’s refusal to patch CVE-2023-50428 and its removal of OP_RETURN limits in version 30 show that current development leadership is willing to make nodes heavier to serve non-monetary uses. BIP-110 pushes back, signaling that the network’s priority is money, that the node network exists to validate money, and that the protocol should be optimized for money.
BIP-110 eliminates the inscription attack vector for a year, with zero impact on financial transactions. It removes 41.5% of spam transactions and reclaims 36% of block space. In the 4.7 million transactions tested, there were zero false positives. It also preserves the option to reassess once there’s more clarity on legitimate Tapscript usage.
The path to a $1 million Bitcoin is paved by the credibility of its monetary policy, its censorship resistance, and the decentralized validation network that enforces both.
The fate of $1 million Bitcoin is tied to the node network.
What You Can Do
If you run a node, you have a voice in this.
Study the BIP-110 specification. Review the simulation data from Bitcoin Block Space Weekly. If you’re technically able, run the numbers yourself. Make your decision based on evidence, not the loudest voices on social media.
If you’re ready to act, switching from Bitcoin Core to Bitcoin Knots is easier than most think. If you use Umbrel, Start9, MyNode, or RaspiBlitz, Knots can be installed with one click from your app marketplace, and your existing blockchain data can be migrated. If you run Core on desktop or bare-metal Linux, migration is just as straightforward. Either way, you can be running Knots and enforcing BIP-110 in minutes.
Every node that switches to Knots is a vote for Bitcoin’s future as money—every vote matters.
The data is clear, the trade-off is honest, and the window is one year. The cost of inaction is gigabytes of permanent data bloat added to every node daily.
Bitcoin is money, and BIP-110 keeps it that way.
Bitcoin cannot survive as a non-monetary arbitrary data relay and storage network.
If you believe this, you are running a sovereign, censorship-resistant node and using Bitcoin as money—permissionlessly.
Statement:
- This article is republished from [Foresight New]. Copyright belongs to the original author [Justin Bechler]. For any concerns regarding republishing, please contact the Gate Learn team, and the team will address your request promptly according to relevant procedures.
- Disclaimer: The views and opinions expressed in this article are those of the author alone and do not constitute investment advice.
- Other language versions of this article are translated by the Gate Learn team and may not be copied, distributed, or plagiarized unless Gate is explicitly mentioned.
