The OP_RETURN observer: Will we witness a new spam wave?

[d5000]

Now that Bitcoin Core 30 is out, I have decide to rely on hard facts in the OP_RETURN debate and observe how many big OP_RETURN transactions we're really seeing.

Thus I've created a dashboard with some queries on dune.org:

https://dune.com/d5k/opreturn

The main query groups the OP_RETURN transactions in 3 groups according to the OP_RETURN output size:

- up to 82 bytes
- 83 to 256 bytes
- 257 to 1024 bytes
- over 1024 bytes

There are two different charts, one for all time: https://dune.com/queries/6244779

and one for the period since 2023-09-01: https://dune.com/queries/6244906/9957581

Before that date the number was very small, but eventually it increased a bit. There is another peak in 2024 with the introduction of Runes, but as you'll see almost all of them are small transactions.

Current chart 2023+:



All Time chart:



(As the big majority of txes have OP_RETURN outputs of less than 83 bytes, I highly recommend visiting the query site itself to see the numbers of the larger transactions.)

I may add another version of that chart to cover only the period from October 2025 on, when Core 30 was released.

Until now, there's nothing to see really: the number of OP_RETURN transactions is stable, smaller than in mid-2025 and much smaller than in 2024, and there seems to be no increase in >82 bytes transactions too (and the >1024 bytes category in most weeks is in the single digits). The highest number of OP_RETURN transactions of >1024 bytes in a week was in May 2025 (115) when OP_RETURNs > 83 bytes were still non-standard by default in Core. And while in October we had a slight uptick in the week when Core 30 was released, there were only 40 txes > 1024 bytes in the whole week, and then it returned to single digits.


One thing I want to add is that if we are seeing an increase of larger (>256 bytes) data transactions using OP_RETURN I would look at if OP_RETURN is replacing Taproot and fake public keys transactions like Stampchain. If yes and the number/size of transactions including Taproot envelopes, Stampchain etc. does not change, then I will consider Core 30 a success. If nothing changes, it's neutral.

Only if large OP_RETURNs increase also in the mid and long term and the other data txes do not decrease, or they increase to a larger proportion of blocks than in 2023, then the anti-Core camp may have a point.

[pooya87]

Number of spam transactions depends on a couple of factors.
Sometimes there is a single entity behind it like the 2015 flood attacks that the attackers used to call "Stress Test"; in this attack that entity has to dedicate a budget out of their own pocket to perform that attack and that's not sustainable.

Sometimes, like the recent attacks, there are regular users who perform the attack because an incentive has been provided for them to participate in the attack. That's the case with the Ordinals Attack; it grew in size because there has been a market where the participants could trade their arbitrary data they'd injected into the immutable bitcoin blockchain. That market created the incentive for regular people to carry out that attack without needing a centralized entity with a finite budget.

Will we see a new wave of pam attacks using OP_RETURN? To answer that we first have to answer the following questions:
1. Will some entity dedicate some budget to perform the attack like 2015?
2. Will there be a market to trade the arbitrary data injected into bitcoin chain using OP_RETURN to give the average joe that incentive to carry out that attack?
2.1. Will that incentive be big enough to justify using the more expensive OP_RETURN compared to exploiting SegWit and taking advantage of its discount?

[Ambatman]

To be sincere I think if we do see an increase of spam with almost a 1000 byte
I would believe it's from the knot size
To prove that core is destroying the network
Cause so far nothing is happening and they could be desperate.

if we are seeing an increase of larger (>256 bytes) data transactions using OP_RETURN I would look at if OP_RETURN is replacing Taproot and fake public keys transactions like Stampchain

Inscriptions are cheaper and tends to boom when prices are relatively low
Since some starts looking for other source and according to some data inscription has an higher increase than OP return.
I don't believe it's because OP return failed but incentives by malicious attackers.

[NotATether]

I don't think people will try to abuse OP_RETURN with that effect unless there is a monetary incentive to gain from it, like Ordinals/BRC-20.

So far, I haven't heard anything new about that, which leads me to think that the interest in using OP_RETURN is not as large as I once thought it was.

[ABCbits]

Good to see someone analyze the data, rather than making speculation.

To be sincere I think if we do see an increase of spam with almost a 1000 byte
I would believe it's from the knot size
To prove that core is destroying the network
Cause so far nothing is happening and they could be desperate.

Who would spend money for that though? Even assuming 0.1 sat/vB, the daily cost to fully fill block is at least 0.144 BTC (see calculation below) or about 12000 USD.

Code:

total blocks mined in 1 day = 144 blocks
maximum block size = 1 million virtual bytes
TX fee rate used = 0.1 sat/vB

daily cost = TX fee rate used * maximum block size * total blocks mined in 1 day
= 0.1 * 1000000 * 144
= 14400000 satoshi (0.144 BTC)

The actual would be higher since mining pool refuse to include TX with fee rate below 1 sat/vB[1] and some people/service would create TX with higher TX fee rate for faster confirmation.

[1] https://bitcointalk.org/index.php?topic=5565739.msg66063663#msg66063663

[d5000]

1. Will some entity dedicate some budget to perform the attack like 2015?
2. Will there be a market to trade the arbitrary data injected into bitcoin chain using OP_RETURN to give the average joe that incentive to carry out that attack?
2.1. Will that incentive be big enough to justify using the more expensive OP_RETURN compared to exploiting SegWit and taking advantage of its discount?

I think you know that I don't think the Ordinals wave was a deliberate attack on Bitcoin. I believe it was simply a commercial exploit, which doesn't mean it wasn't harmful.

However, of course your conclusions and questions are valid. Due to my assumption that the goal of the "attack" is commercial, I believe 1) will only happen if 2) is true, i.e. there could be a new "spam" protocol based on bigger OP_RETURN outputs if the originators see some possible market. There was this small "no standard tokens" fad some months ago, it doesn't seem really it went anywhere, it might however be the reason for some small spikes in 83+ bytes OP_RETURN transactions (mainly the violet group with 83-256 bytes) in early and mid-2025, which of course very likely were directly sent to miners as they weren't standard back then.

And there's another catch: Most of the spam in 2023/24 were BRC-20 transactions, simple meme tokens without any graphical content. These transactions, if carried out via OP_RETURN, fit into the 83 bytes which were always  (at least since 2015 or so) standard, and with Runes we also have a popular protocol for them which still makes up for the vast majority of OP_RETURN transactions. It would not make any sense to develop a token protocol which exceed 83 bytes of OP_RETURN. So for tokens nothing would change.

The question is thus only if there's a market for bigger NFTs, only then we could see an increase in OP_RETURN spam. That depends on the general NFT market sentiment, which I believe is quite negative at this moment.

To be sincere I think if we do see an increase of spam with almost a 1000 byte
I would believe it's from the knot size
To prove that core is destroying the network

Yeah, I also thought about that possibility. But that would cost them some money. As it would cost anyone trying to "attack" via that way, if there is no NFT market to speak of (see above).

For now, the numbers for the 256-1024 bytes group are constant at around 800-1000 per week in 2025, nothing changed in October/November. It seems however there was an increase in this group somewhere in early 2025 - and that could prove my theory that the "attention economy" in this case is real: that the whole drama increased the interest in such transactions (which, as I already wrote, were non-standard until October or until you didn't explicitly relay them to LibreRelay nodes).

Of course the low fees currently are a bit of an incentive to try out to register new NFTs, but yes as you correctly wrote existing protocols like Ordinals and also Runes seem to benefit mostly from this, which existed prior to Core 30.