There seems to be a lot of confusion about the upcoming Bitcoin version 30.

Many people fear that one of the changes of this version, called often the "lifting of OP_RETURN size limits",  will lead to a high amount of NFTs, images, and even illegal material being "spammed" on the blockchain.

These fears are mostly unfounded. There is only one effect that could happen and I will talk about this at the end of the post, but it has no technical reason, but more is caused by the cryptocurrency market's social and economic dynamics.

What is OP_RETURN?

Since the genesis block stored by Satoshi in 2009, people have used the Bitcoin blockchain to publish arbitrary data of non-financial nature, like small images, texts, poems and so on.

About 10 years ago, the Bitcoin Core developers created a specific mechanism to publish data in a way they cause the least possible harm to the nodes. This mechanism relies on the opcode (Bitcoin Script command) OP_RETURN.

OP_RETURN means nothing more that everything after this command can be ignored by the nodes. The data is placed behind that command. And if they want, the nodes can process it once and then delete it. [1]

OP_RETURN was necessary because people were publishing images, texts and other media disguising it as financial data. You would see a transaction and think it's a money transfer, but the data actually contained an image. And for several reasons this is actually more harmful and costly for nodes than OP_RETURN, because they can't ignore the data.

What's the change everybody's talking about?

Until Bitcoin 30, Bitcoin Core had a default value of 80 bytes for OP_RETURN outputs.

This means: Nodes which used this default value, would not accept a transaction with data behind of an OP_RETURN command with more than 80 bytes.

However, nodes were always free to change this default value. Miners are free to change that value too. It can be seen as a "recommendation". Transactions obeying this limit are called "standard" transactions.

But the 80 bytes limit only applied to data behind OP_RETURN. Not for other techniques to insert data into the blockchain.

In Bitcoin 30, the default value is set to "unlimited".

This does not mean that data of unlimited size is now "allowed by Bitcoin" and before it was not. Instead it means: If you as a node operator want to limit the OP_RETURN data in transactions your node accepts, you must manually set a limit (using the datacarriersize option).


Why this change?

The OP_RETURN limit increase is justified in the following way by its supporters:

Since 2023, we have seen a wave of transactions using other means to put data in the blockchain, including "fake public keys" and a "Taproot witness method" (also called the "Taproot exploit") used by Ordinals. They have put up to 400 kB of images, NFTs and even audios and videos in a "standard" transaction, and up to 4 MB into a "non-standard" transaction.

These methods are more costly for the nodes to process, and thus they could harm decentralization of the Bitcoin network if they become too widespread. [2]

Developers decided thus to try to encourage those that want to store data on chain, to use the OP_RETURN method. If many nodes accepted OP_RETURN transactions with larger sizes, this could become again thus the "standard method" to store data.

There are other advantages of the change but they are more difficult to understand. For example, block propagation could be improved and maintainance cost of the code could be lower. To understand why the change will probably not affect the level of spam, these reasons aren't important.


Why can't we simply stop the spam and filter all data transactions?

This is the most important part to understand.

The Core developers "could" put a "filter" in place to disallow two methods: OP_RETURN and the "Taproot exploit". But this filter would be ineffective, because the "fake public key" method cannot be blocked this way.

Unfortunately this method is also the most costly for nodes and thus the most harmful for decentralization. Remember why OP_RETURN was introduced? (see above) Because the "fake public key" method and similar techniques were already causing harm around 2014/15.

The Three Doors or why OP_RETURN doesn't open a new door

A very simple way to describe the change:

We have a house with three doors. Outside are 99 monsters who will enter the house by any means. The probability of the monsters to enter the house by any door is the same.

Door 1 is completely open now. Monsters entering this door can go directly into the whole house including the bedrooms and eat the people living there. This is the "fake public key method", the most harmful of all.

Door 2 is mostly open, some people are trying to close it sometimes but with not much luck. Monsters can enter the kitchen, but not the bedrooms, so the house's inhabitants are a bit safer, but still frequently a monster will be able to eat somebody.[3] This is the "Taproot witness method", the second most harmful.

Door 3 is currently only a bit open. Only small monsters can enter it. But even if the door was completely open, the monsters would only reach a guest room almost nobody of the inhabitants uses, and thus only rarely eat somebody. This is OP_RETURN.

We cannot close Door 1 (see above). Door 2 can be closed but the effect would be limited, because the monsters would then use Door 1 and the number of eaten people would even be higher.

We can however open Door 3. The monsters using this door would not cause much harm. Monsters entering via the other two doors could still enter, but we would have 1/3 less deaths.

This is what Core did lifting the OP_RETURN limits. It will probably not cause the spam (monster waves) to stop, but it could reduce their harm, at least a bit.

Economics of the NFT market

There is another reason why Bitcoin 30 would probably not lead to more spam: The NFT market is limited. There are already hundreds of thousands of NFTs on the Bitcoin blockchain, but there are not unlimited people who want to buy a Pepe or whatever as a NFT.

People posting NFTs expect a profit. But if they have to pay transaction fees, then they have to check that they don't pay more than the profit they're able to earn. The only way making publishing NFTs more attractive would be a measure which leads to less transaction fees.

But the lifting of OP_RETURN limits does not make NFTs cheaper in regards of transaction fees. The "Taproot exploit" is still cheaper, and the cost of "fake public keys" is almost similar.

So the lifting of OP_RETURN limits does not change NFT market economics. If a NFT was profitable now, it will be profitable with BItcoin 30, and if not it won't.

What is the effect you mentioned in the first paragraph? Why could we see more data/spam in the blockchain after Core 30 is released?

Technically, it makes not a big difference for those developing and storing NFTs, images, tokens (like Runes, BRC-20 and SRC-20) to use OP_RETURN or another method to store their data. There are lots of tools available, for example the Stampchain / Bitcoin Stamps project uses fake public keys, and Ordinals uses the Taproot witness method.

So why could this change lead to a temporary "data spam" wave?

The reason is that the NFT market could try to market a new type of NFT. The NFT market lives due to trends, fads, "cool collections" and similar reasons, and NFT collection creators often try to exploit the novelty of a method. If OP_RETURN based NFTs become now attractive, then an OP_RETURN  based NFT protocol could try to get attention once Bitcoin Core 30 gets published, like Ordinals did in 2023. And this could lead to a spam wave indeed.

It is also possible that people annoyed by the OP_RETURN change could publish NFTs as a kind of "vengeance attack".

For this reason I personally would have preferred a gradual increment of the OP_RETURN default (standardness) limits and not the complete removal of limits.

But in the long run, it is highly likely that the amount of spam or arbitrary data transactions will not increase as an effect of the OP_RETURN change of Bitcoin 30.

---

Notes: (ELI18)

[1] The nodes only need to process the data to calculate the merkle tree of the transaction and the transaction ID. Then they can in theory delete the data behind the code if they want. The only problem is that they can't transmit the complete transaction in question to other nodes requesting it.

[2] The reason is that the techniques like the "Taproot witness method" used by Ordinals and the "fake public keys" used by Stampchain lead to a lot of UTXOs being created which will never be spent. These UTXOs have to be stored and managed by the nodes in an additional database. This maintenance work is much more costly to simply store the blockchain data.

[3] The analogy here: A "death" by being eaten by a monster is an UTXO which has to be stored by all nodes in their UTXO database forever, because it never will be spent. The fake public key method produces the highest rate of these UTXOs and they are impossible to spend. The "Taproot witness exploit" ocassionally creates dust UTXOs, which can be spent but the fees to do so will be higher than the value transacted. OP_RETURN does only very rarely lead to dust UTXOs and never to completely unspendable UTXOs.

---

Notes: Tips to improve this post are welcome! If I missed something important I'm glad to add it. Only it should not become too technical. People wanting to know more technical details should read Antoine Poinsot's blog post detailing his reasons why he proposed the OP_RETURN change.

You have can already use a mechanism like Stampchain (Bitcoin Stamps) to do that (this is mentioned in the OP ). Or Ordinals inscriptions if you prefer. Both have tools to inscribe your seed or whatever without having to bother about reassembling the messages.

And of course there are miners who happily will accept transactions which are considered non-standard by most nodes. The fee may be a bit higher, but if your use case justifies this inversion, then I don't think that would make much of a difference.

(But why would you like to store a seed phrase publicly? Don't understand that. You still have to store the key locally to access it ...)

---

I updated the OP adding a section about the NFT market economics which is an important additional aspect I think.

The change to the OP_RETURN size limit is more like a technical move designed to improve network efficiency and not to actually enable more spam. It is actually  supposed to be a kinda strategic effort to encourage data storage to shift from more harmful methods like those used by Ordinals to a less harmful one.

I think the core of the issue isn't about if data can be stored on the blockchain but kinda about how it's actually stored. The simple truth is, the market for NFTs and other data is kinda limited by what people are willing to pay and this change may not make storing that data any cheaper.
In the end the only real risk of a temporary increase in activity might be a new marketing trend and not really a fundamental technical shift.

You sadly didn't get my point, let me reiterate. I don't remember the exact time period when this happened, so ignore any errors regarding exactly when this occurred. 20-30 years ago people thought the exact same thing about the PGP keys of that time. They thought the key technology of that time would be secure for a very long time. They engaged in direct conversation using public servers, even sharing personal secrets to each other via PGP messages. All these messages were stored, and fast forward into the future it turns out that the keys from that time are no longer safe. Eventually somebody deciphered them all.

The point is, that even if you use the best PGP key derivation scheme it is secure according to what we know today. However, once you store this information on the Bitcoin blockchain it will remain permanently there. If you do this you could run into the same situation that people have already experienced in the past. It is best not to store crucial information in a permanent and public data storage. Don't get me wrong, the risk is really low but I don't like to encourage newbies or retail to engage in things that they barely understand at all. I have not met one retail person who understands PGP, different keys and potential risks of using it. I have met a few who know how to use it.

The argument against this is that the incentive is weak and completely irrelevant to a malicious actor. If they want to spam the UTXO set to damage the Bitcoin blockchain with bloat, they will. People who are against OP_RETURN are not convinced at all by this incentive. While I am not necessarily on their side, this is one argument that I am strongly convinced by. We should work on ways to make the bloat expensive or impossible, not try to persuade bad companies with weak incentives.

Very wrong. Nobody knows the real risks of the future. That's why some advocated for a gradual increase.

I have shown, by my test of Bitcoin core v30.0rc1  that this - increasing op_return will not lead to spam idea, is wrong

Check out the thread where I have added a malware zip file into the blockchain (test signature). This caused the blockchain to be identified as malware by clamAV. Anyone who wants to disrupt the network, or short the price has a mechanism of attack by causing fud and disruption.

So, not just for fun but for profit spam - is proved.

This could be done with 80bytes, but it is too small for AV detectors to find in Binaries, whereas with more room we can now insert whole malware programs in compressed (say zip) format, that AV software will detect and quarantine..

Check out my Security issue thread and test it yourself

Of course, it was never like a flood of spammers would suddenly join Bitcoin from other networks as soon as Core 30 is released. That part has to be clarified.


I know gmaxwell explained this on a different thread, but I don't see why another implementation (i.e. a house) can't just simply lock all the doors shut, and then use some sort of warp drive to get inhabitants to the other house when something is missing from there. Equivalent to using a cache-miss to retrieve transactions from full nodes to avoid some people from having to keep all those zombie UTXOs on the disk forever.

It is destructive, but it's not a majority who are going to use it so it's fine.

So, as I understood, OP_RETURN is the least harmful way to store data on Bitcoin and since Bitcoin Ordinals are inevitably part of Bitcoin, it is beneficial for us to motivate those spammers to use OP_RETURN instead of using fake public keys and Taproot witness method? Am I right? (By the way, why do we have Taproot?) And they'll use OP_RETURN to temporarily market the Ordinals market to sell more of this spam shit? It will be another thing for them to hype for their own benefit, right?
I also want to know, does it matter for spammers which method they'll use? Fake public keys, Taproot or OP_RETURN?

Quick counterpoint on “OP_RETURN is least harmful, so funnel spam there.”

“Least harmful” ignores external systems. I showed on v30.0rc1 (regtest) that embedding a ZIP with a known signature via OP_RETURN causes a mainstream AV to quarantine the raw block file (blk*.dat). That is an operator DoS: I/O errors, stalled nodes, broken backups/NAS scans. It is reproducible and not theoretical.

Cost is not the only driver. Spammers, attackers and griefers pick the path that maximizes impact. Making OP_RETURN larger and “standard” lowers friction to drop recognizable containers (ZIPs, nested archives, multiple signatures) that many engines scan by default. Result: more AV hits, more incidents.

Even if fake pubkeys or witness remain options, opening OP_RETURN wider adds a new and easy route for a specific class of disruption. That is why I argue against increasing OP_RETURN without addressing the operational effect.

Repros and proof here:
Security disclosure: OP_RETURN embedding of Malware signatures into Blockchain