BIP-110 Protocol: The Necessary Path for Bitcoin to Reach One Million Dollars?

Original Author: Justin Bechler

Original Compilation: AididiaoJP, Foresight News

Permissionless execution of Bitcoin's monetary policy and a distributed network of nodes are the sole sources of credibility that have propelled Bitcoin from zero to $125,000.

To reach the $1 million target, credibility of the same caliber is required, but its scale must be sufficient to meet the needs of sovereign wealth funds and central banks holding assets for decades.

Understand this very clearly: the network and the nodes are under systemic attack, and Bitcoin Core has left the door open for it. But for the first time since the attack began, there is a real proposal on the table that will stop it all.

This article explains this attack, the evidence behind the fix, and why the path to $1 million must go directly through it.

What Gives Bitcoin Value

Bitcoin's entire value proposition is based on a monetary guarantee.

There will only ever be 21 million Bitcoin, a limit enforced by a distributed network of nodes that independently verifies every transaction. This guarantee holds because ordinary people around the world can easily run the node software that enforces it.

This is precisely what distinguishes Bitcoin from all other centralized "crypto" projects. Ethereum has a foundation; Solana has a handful of validators running enterprise hardware; XRP has Ripple Labs. Each of these projects has a centralized chokepoint that could be pressured, subpoenaed, sanctioned, or simply persuaded to change the rules. Bitcoin does not, because anyone with a regular computer and an internet connection can run a fully validating node, interacting with the monetary protocol permissionlessly, without intermediaries, and without trusting anyone.

Gold requires trust in an assayer, bonds require trust in a government, stocks require trust in an auditor. Bitcoin requires only trust in mathematics and the nodes that run it.

Every node operator validating the chain is a vote on monetary policy. The more nodes, the more decentralized the validation, and the more credible this guarantee appears to the capital that can push the asset into seven-figure territory.

Therefore, when something threatens the accessibility of running a node, it threatens Bitcoin's value and very existence.

The Vulnerability Where It All Began

Bitcoin Core has had spam filtering as a standard feature from day one. Since 2013, node operators have been able to set limits on the size of extra data embedded in transactions via a configuration option called -datacarriersize, a deliberate design decision. The developers building and maintaining the protocol understood that without size limits on non-monetary data, the blockchain would inevitably be abused as a cheap data storage system, at the cost of every node operator on the network.

This system worked for a decade. Then, in early 2023, Casey Rodarmor launched the Ordinals protocol, and the dam broke.

Ordinals exploited a vulnerability in Bitcoin Core's spam filter. The existing data carrier limits were never extended to cover Taproot transactions introduced in the November 2021 upgrade. This meant that by disguising arbitrary data as program code within Tapscript witness space, using an OP_FALSE OP_IF wrapper that would never actually execute, anyone could bypass the data size limits meant to prevent such abuse. Images, text files, BRC-20 token mints, and all other forms of non-monetary data could now be permanently embedded into the Bitcoin blockchain at a cost far below normal data transactions, thanks to the SegWit witness discount subsidy designed to reduce signature verification costs.

@LukeDashjr identified this as a bug from the start. In December 2023, he formally registered the vulnerability in the NIST National Vulnerability Database as CVE-2023-50428, receiving a medium severity score of 5.3. The official description is precise: "In Bitcoin Core 26.0 and before, and Bitcoin Knots 25.1.knots20231115 and before, data carrier size limits can be bypassed by disguising data as code (e.g., with OP_FALSE OP_IF), as exploited in 2022 and 2023 by inscriptions."

Luke is clear on what this means. "Spam filtering has been a standard part of Bitcoin Core since day one," he explains. Failing to extend these filters to Taproot transactions was a bug, and inscriptions are exploiting this bug to attack the network. "The damage it does to Bitcoin and Bitcoin users, including future users, is huge and irreversible," he wrote. "No one ever allowed Ordinals. It was an attack on Bitcoin from the start."

The alternative node implementation Bitcoin Knots, maintained by Dashjr, patched CVE-2023-50428 in its 25.1 release in late 2023. The Ocean mining pool immediately deployed the fix, announcing its blocks would now contain "more real transactions" and characterizing Ordinals inscriptions as a denial-of-service attack on the network.

Bitcoin Core never patched it.

A formally registered NIST vulnerability, scored, exploited in millions of transactions, adding gigabytes of permanent bloat to every full node on the network, and the primary node software used by the vast majority of the Bitcoin network refuses to fix it. A patch exists, is tested, and is in production use on Knots. Core chose not to apply it and has instead moved further in the opposite direction.

Core 30: A Tax on Every Node

While BIP-110 proposed protecting nodes from data bloat, Bitcoin Core version 30 did the opposite. Instead of patching CVE-2023-50428, Core 30 completely removed the long-standing OP_RETURN size limit, opening the door to unlimited arbitrary data in OP_RETURN outputs.

The rationale provided by Core developers was that the existing 80-byte limit was being circumvented anyway, so there was no point in maintaining it. This is like a city council stopping speed limit enforcement because people were speeding, and it directly contradicts the decade-long precedent noted by Dashjr.

Bitcoin Core has maintained data carrier size limits since 2013 because developers understood protecting block space from non-monetary abuse was crucial to keeping nodes accessible. Core 30 abandoned this principle.

The practical effect is a tax on every node runner. Unlimited OP_RETURN data means nodes must download, verify, and store an ever-growing amount of data. And for what? The beneficiaries of this change are a handful of developers building non-monetary applications on Bitcoin who found the existing limits inconvenient.

Jameson Lopp argued for this change on the grounds of "extreme edge cases" unrelated to Bitcoin's function as money, yet relevant to his VS startup Citrea building "on Bitcoin."

Ordinary people hate this.

In 2013, Core introduced data carrier limits to protect nodes from data spam. For a decade, these limits worked. In 2023, a bug allowed inscriptions to bypass these limits via Taproot, and Core refused to patch it.

In 2025, Core removed the limits entirely. Each step makes nodes heavier and more expensive to run, each step moves further from the principle that "Bitcoin block space is for monetary transactions."

This is the fundamental conflict in Bitcoin development today. One faction wants to keep the network as a lean, accessible monetary protocol that anyone can verify with a Raspberry Pi.

The other faction wants to expand the protocol's capabilities to accommodate any creative use case developers can think of, and they are willing to make nodes heavier and more expensive to achieve it.

The first group is moving towards a $1 million Bitcoin. The second group is moving towards a "better version of Ethereum."

The Data: What BIP-110 Actually Does

@CunyRenaud just released a corrected simulation of BIP-110, covering 10 days of mainnet data, from block height 929,592 to 931,032.

The results are unambiguous.

Of the 4.7 million transactions in the sample period:

1,957,896 were filtered out by BIP-110 (41.5% of all transactions).

747.85 MB of block space was reclaimed (36%).

Zero legitimate financial transactions were blocked.

Out of nearly five million transactions, not a single monetary transfer was caught by the filter. Every payment, every exchange withdrawal, every Lightning channel open, every CoinJoin, every multisig spend went through.

A breakdown of the results reveals an important fact most in this debate have missed. The community has been treating Ordinals inscriptions and OP_RETURN spam as two separate problems. They are not.

Of the inscription transactions caught by BIP-110, 94.6% were hybrid transactions, carrying both a Tapscript OP_IF inscription wrapper and an OP_RETURN output containing Rune metadata. When BIP-110 filtered out the inscription, the associated OP_RETURN data disappeared with it.

The narrative of "two spam problems" collapses in the face of the data. Bitcoin has one spam problem, but with two manifestations, and BIP-110 solves both.

The Rule That Carries the Weight

BIP-110 contains multiple rules, but Rule 7 is the most critical. It prohibits the use of the OP_IF and OP_NOTIF opcodes in Tapscript execution. This targets the exact mechanism described in CVE-2023-50428, the OP_FALSE OP_IF wrapper that Ordinals inscriptions use to embed arbitrary data in witness space.

Rule 7 alone caught 1,954,477 transactions in the simulation, 99.8% of all filtered transactions. In effect, it is the patch Core refused to release, now formalized as a consensus rule with a one-year activation window.

An obvious question is whether this breaks any real functionality. The simulation specifically searched for legitimate Tapscript contracts using OP_IF, including conditional branches, timelocks, threshold signatures, and hash timelock contracts.

The answer, out of 4.7 million transactions, was zero. These patterns do not exist in mainnet Tapscript today. The Lightning Network still runs on SegWit v0, DLCs use adapter signatures, and vault implementations are still experimental.

The theoretical concern that Rule 7 might hinder future smart contracts is worth acknowledging. It might. But BIP-110's activation period is one year, not forever. The inscription flood is happening now, and the damage to the UTXO set accumulates daily.

A one-year intervention that eliminates 41.5% of transaction spam while blocking zero financial activity is a trade-off that favors action.

Bitcoin is Money

Some will oppose BIP-110 on the grounds that "all fee-paying transactions are legitimate." Inscription users pay the market rate, miners voluntarily include their transactions, by what authority can they be filtered out?

The answer lies in understanding what Bitcoin actually protects and why.

Bitcoin's censorship resistance is designed to guarantee monetary transactions. Proof-of-work, difficulty adjustment, the block reward schedule, and the entire security model were designed to protect a peer-to-peer electronic cash system.

That design, that singular purpose, is what justifies the massive energy expenditure required to protect the network.

Monetary transactions on Bitcoin are uncensorable. This is precisely the property that makes Bitcoin valuable, and it's a property BIP-110 fully preserves. If you are sending or receiving Bitcoin as money, BIP-110 does not affect you. The simulation empirically proves this. 2.5 million financial transactions went through, none were touched.

The existence of non-monetary transactions is at the network's tolerance. No one is banning them by decree, no one is arresting inscription users. The argument is simply that storing NFT data and token minting instructions in witness space does not enjoy the same protocol-level protection as transferring value between people. When non-monetary uses begin to threaten the infrastructure that makes monetary use possible, the network is fully within its rights to prioritize its core function.

This is not censorship. Censorship is when a government stops your payment because it dislikes your politics. Filtering out data storage operations that exploit a bug that should have been patched years ago is network maintenance. This distinction matters, and anyone conflating the two is either confused or arguing in bad faith.

When critics argue that miners would never voluntarily stop including inscription transactions, Dashjr articulates this clearly: "Bitcoin's operating assumption is that most miners are honest, not malicious." The security model assumes miners will act in the network's long-term interest, not damage the infrastructure that makes fees valuable to maximize short-term fee revenue.

The Path to $1 Million

Imagine explaining Bitcoin to a sovereign wealth fund manager in 2028. You are arguing this asset deserves a permanent allocation alongside gold and government bonds.

The argument rests on three pillars: a fixed supply, censorship-resistant transactions, and decentralized validation. If any one pillar is weakened, the argument weakens. If the supply schedule can be changed, Bitcoin is just another, better-marketed fiat. If transactions can be censored, Bitcoin is just a slow database.

If validation centralizes to a few data centers because running a node becomes too expensive, then Bitcoin's monetary guarantee becomes a gentleman's agreement enforced by entities with identifiable interests and political pressure points.

Inscription-driven UTXO bloat directly attacks the third pillar. It makes nodes more expensive, validation more centralized, and damages the decentralization that makes the monetary guarantee credible. And it does all this to provide a service unrelated to money that can be done more efficiently on systems built for that specific purpose.

Arbitrary data storage is a solved problem; Bitcoin does not need to be Filecoin.

Meanwhile, Core's trajectory from refusing to patch CVE-2023-50428 to actively removing OP_RETURN limits in version 30 shows the current development leadership is willing to let nodes become bloated to serve non-monetary use cases. BIP-110 resists this trajectory. It signals that the network's priority is money, the node network exists to validate money, and the protocol should be optimized for money.

BIP-110 eliminates the inscription attack vector for one year while leaving every single financial transaction on the network completely unaffected. It eliminates 41.5% of spam transactions and reclaims 36% of block space. Out of 4.7 million transactions tested, it produced zero false positives. And it preserves the option to reassess once data on legitimate Tapscript use becomes clearer.

The path to a $1 million Bitcoin is paved by the credibility of its monetary policy, the credibility of its censorship resistance, and the credibility of the decentralized validation network that enforces both.

A $1 million Bitcoin stands or falls with the node network.

What You Can Do

If you run a node, you have a say in this.

Study the BIP-110 specification. Review the simulation data published by Bitcoin Block Space Weekly. If you have the technical capability, run the numbers yourself. Then decide based on what the evidence shows, not what the loudest voices on social media tell you to think.

If you are ready to act, switching from Bitcoin Core to Bitcoin Knots is easier than most people think. If you run Umbrel, Start9, MyNode, or RaspiBlitz, Knots is a one-click install from your app marketplace, and your existing blockchain data can be transferred. If you run Core on desktop or bare-metal Linux, the migration is similarly straightforward. Either way, you can be running Knots and enforcing BIP-110 in minutes.

Every node that switches to Knots is a vote for Bitcoin's future as money, and every vote matters.

The data is clear, the trade-offs are honest, and the window is one year. The cost of inaction is gigabytes of permanent data bloat added to every node on the network, daily.

Bitcoin is money, and BIP-110 keeps it that way.

Bitcoin will not survive as a non-monetary arbitrary data relay and storage.

If you believe this, then you are running a sovereign, censorship-resistant node to use Bitcoin as money, permissionlessly.