So, now that Bitcoin Core 30 is released, I thought it’d be cool to dig into the OP_RETURN discussion with some solid data and see how many significant OP_RETURN transactions are actually happening.
I put together a dashboard on dune.org with a few queries:
https://dune.com/d5k/opreturn
The main query organizes OP_RETURN transactions into these four categories based on output size:
- up to 82 bytes
- 83 to 256 bytes
- 257 to 1024 bytes
- over 1024 bytes
There are two charts to check out, one for the entire time: https://dune.com/queries/6244779
and another one for just after September 1, 2023: https://dune.com/queries/6244906/9957581
Before that date, the numbers were pretty low, but they did pick up a bit after. There’s also a noticeable spike expected in 2024 with Runes coming into play, but as you’ll see, almost all of those are tiny transactions.
For the chart for 2023+:
All Time chart:
(Considering most of the transactions show OP_RETURN outputs under 83 bytes, I’d highly recommend checking out the query page directly to get a look at the larger transaction numbers.)
I might add another version of this chart that just focuses on the timeframe starting from October 2025, when Core 30 launched.
So far, nothing too exciting has popped up. The OP_RETURN transactions have been pretty steady, lower than in mid-2025 and way less than in 2024, and there’s no noticeable increase in transactions over 82 bytes either (the >1024 bytes transactions usually stay in the single digits most weeks). The peak for OP_RETURN transactions over 1024 bytes was in May 2025 with 115, when anything over 83 bytes was still considered non-standard in Core by default. And while in October we h
Number of spam transactions depends on a couple of factors.
Sometimes there is a single entity behind it like the 2015 flood attacks that the attackers used to call "Stress Test"; in this attack that entity has to dedicate a budget out of their own pocket to perform that attack and that's not sustainable.
Sometimes, like the recent attacks, there are regular users who perform the attack because an incentive has been provided for them to participate in the attack. That's the case with the Ordinals Attack; it grew in size because there has been a market where the participants could trade their arbitrary data they'd injected into the immutable bitcoin blockchain. That market created the incentive for regular people to carry out that attack without needing a centralized entity with a finite budget.
Will we see a new wave of pam attacks using OP_RETURN? To answer that we first have to answer the following questions:
1. Will some entity dedicate some budget to perform the attack like 2015?
2. Will there be a market to trade the arbitrary data injected into bitcoin chain using OP_RETURN to give the average joe that incentive to carry out that attack?
2.1. Will that incentive be big enough to justify using the more expensive OP_RETURN compared to exploiting SegWit and taking advantage of its discount?
To be sincere I think if we do see an increase of spam with almost a 1000 byte
I would believe it's from the knot size
To prove that core is destroying the network
Cause so far nothing is happening and they could be desperate.
Inscriptions are cheaper and tends to boom when prices are relatively low
Since some starts looking for other source and according to some data inscription has an higher increase than OP return.
I don't believe it's because OP return failed but incentives by malicious attackers.
I don't think people will try to abuse OP_RETURN with that effect unless there is a monetary incentive to gain from it, like Ordinals/BRC-20.
So far, I haven't heard anything new about that, which leads me to think that the interest in using OP_RETURN is not as large as I once thought it was.
Good to see someone analyze the data, rather than making speculation.
Who would spend money for that though? Even assuming 0.1 sat/vB, the daily cost to fully fill block is at least 0.144 BTC (see calculation below) or about 12000 USD.
The actual would be higher since mining pool refuse to include TX with fee rate below 1 sat/vB[1] and some people/service would create TX with higher TX fee rate for faster confirmation.
[1] https://bitcointalk.org/index.php?topic=5565739.msg66063663#msg66063663
I think you know that I don't think the Ordinals wave was a deliberate attack on Bitcoin. I believe it was simply a commercial exploit, which doesn't mean it wasn't harmful.
However, of course your conclusions and questions are valid. Due to my assumption that the goal of the "attack" is commercial, I believe 1) will only happen if 2) is true, i.e. there could be a new "spam" protocol based on bigger OP_RETURN outputs if the originators see some possible market. There was this small "no standard tokens" fad some months ago, it doesn't seem really it went anywhere, it might however be the reason for some small spikes in 83+ bytes OP_RETURN transactions (mainly the violet group with 83-256 bytes) in early and mid-2025, which of course very likely were directly sent to miners as they weren't standard back then.
And there's another catch: Most of the spam in 2023/24 were BRC-20 transactions, simple meme tokens without any graphical content. These transactions, if carried out via OP_RETURN, fit into the 83 bytes which were always (at least since 2015 or so) standard, and with Runes we also have a popular protocol for them which still makes up for the vast majority of OP_RETURN transactions. It would not make any sense to develop a token protocol which exceed 83 bytes of OP_RETURN. So for tokens nothing would change.
The question is thus only if there's a market for bigger NFTs, only then we could see an increase in OP_RETURN spam. That depends on the general NFT market sentiment, which I believe is quite negative at this moment.
Yeah, I also thought about that possibility. But that would cost them some money. As it would cost anyone trying to "attack" via that way, if there is no NFT market to speak of (see above).
For now, the numbers for the 256-1024 bytes group are constant at around 800-1000 per week in 2025, nothing changed in October/November. It seems however there was an increase in this group somewhere in early 2025 - and that could prove my theory that the "attention economy" in this case is real: that the whole drama increased the interest in such transactions (which, as I already wrote, were non-standard until October or until you didn't explicitly relay them to LibreRelay nodes).
Of course the low fees currently are a bit of an incentive to try out to register new NFTs, but yes as you correctly wrote existing protocols like Ordinals and also Runes seem to benefit mostly from this, which existed prior to Core 30.
Honestly the data is doing a better job shutting people up than any argument. If we were gonna see a post-Core-30 explosion, wed see at least a hint of it by now.
I added a new query variant to get a little bit of a better visual representation of what's been changing since October's Core 30 release.
You will already have guessed it: almost nothing. Only 8 OP_RETURN transactions with >1024 bytes (which isn't even really big) have been recorded in the last week.
Query link: https://dune.com/queries/6362337/10120018
This one starts in early September, so the "normal level" of activity can be well compared with the post-Core-30 evolution. I did this one with a log chart so even small changes in the bigger OP_RETURN transaction classes look really scary And really, the 83-256 bytes category is increasing (it's below the September high though).
About 15% are now Core 30 nodes according to Bitnodes, so if even a third of them run with default values, it should be easy to connect with a node accepting your big ... pic without even paying a miner. It would be interesting if there's a chart out there where I can see the datacarriersize value, but don't know if this exists or is even public.
Great work, as usual.
This is a quick way to silence the "sky is falling" types: actual data demonstrating no increase in OP_RETURN spam.
Most of the money to be made from novel data stuffing techniques on Bitcoin has already been extracted from the ecosystem, and nobody cares anymore, just like I knew would happen. The bloom is off the BTC-as-a-database rose.
@d5000 I forget if I shared this with you already or not but you might find this transaction interesting, its the first time someone embedded image data on Counterparty via OP_RETURN, from Aug 2015, in the middle of the various stress tests:
https://tokenscan.io/tx/299585
Here's the TX on a regular block explorer:
https://blockstream.info/tx/627ae48d6b4cffb2ea734be1016dedef4cee3f8ffefaea5602dd58c696de6b74
All the outputs were collected and spent 2 years later. I've been told that changes to Core were introduced later that now render such outputs unspendable. But I'm not entirely sure what to believe. I have hundreds of such outputs and would like to spend them.
You probably refer to the point that these transactions use the "bare multisig" technique, right?
As far as I know, "bare multisig" with up to 3 addresses / keys (1-of-3/2-of-3/3-of-3) is still considered standard in Bitcoin Core, and while there was a discussion I remember vaguely, I think it is not planned to change that. But I read that Knots for example has changed that default policy and Knots nodes by default do not permit bare multisig (but only P2SH multisig, which isn't the case here).
Anyway if you have problems spending or consolidating these outputs I guess you could either use LibreRelay (to connect specifically to nodes with lax standardness policies) or transmit them directly to miners.
Update:
I have added a new chart to my OP_RETURN dashboard on Dune, to evaluate the impact on the blockchain. The new query sums up the total size of the OP_RETURN outputs per month, for <= 82 bytes and >= 83 bytes. I think this is maybe better than just showing the transaction count.
The result is still crystal clear regarding the impact of Core 30:
In the last months, even after the Core 30 release, the "big OP_RETURNs" made up 10% or less of the whole space used by OP_RETURN outputs, probably the big majority still being Runes. This was, to me a bit surprisingly, different in the late 2010s and early 2020s. (Edit: As I've realized now, the late 2010s wave was caused by an altcoin anchoring service called Veriblock.)
And again an update for April.
Ugh, Pepe and friends may be happy because we reached a new record of the number of OP_RETURN transaction per week (since October) in the week between March 16 and March 23, with 2,3 million transactions:
But that "record high" failed to top the 2024 and early-2025 values of near 3 million transactions. And if we look closer, almost all of the transactions are compliant with legacy OP_RETURN standardness rules (83 bytes).
Here's the total sizes:
Still, the pre-Core 30 top in late August was the most "heavy" week for the blockchain (except the 2019 wave) with 283 MB of OP_RETURN data. The recent top in March only was 231 MB, and most of the months it's below 200 MB. Only 34 MB of the March data were in outputs with more than 83 bytes. Even before the Core 30 releases, there were higher peaks in mid-2025 with >50 MB, and of course the big VeriBlock peak in 2018/19 with 379 MB of >83 bytes transactions / month.
Again, it felt like an unnecessary update, but as the Knots camp continues to push for BIP 110 it's still necessary.
As always data are from https://dune.com/d5k/opreturn.
Pepe / knots people don't use or want BTC
They want a coin that they control and works the way they want it to.
And as has been pointed out many times there are better ways to put stuff in the blockchain. They are just picking on OP_RETURN because it is "new" and it's easy to pick on the new guy.
Not going to clutter this with more commentary past that.
Good job with this.
-Dave
What I see here confirms what I already knew. There was really not a lot of op_returns of <83 bytes. But we saw a little spike of them shortly after core announced it would blow open the filter. But it resumed to prior numbers even before core 30 was launched.
I don't think any of the existing spammers are moving to op_return.
In fact most everyone on both sides were saying nobody, or almost nobody is going to stop spamming elsewhere to start spamming on op_return.
There are two reasons why most no existing spammers are going to move to op_return.
1. The stamps guy is on record publicly saying he wants to do as much damage as possible to bitcoin by using fake pubkeys.
2. For large files like jpegs, the Segwit exploit is 4x less expensive than op_return due to 75% Segwit discount not being available with op_return.
What spamware core 30 did is 3 things:
1. Officially make bitcoin a spam coin. Now with core 30, uploading files to the bitcoinchain is a supported use case of bitcoin. You no longer need to use spamware like SlipStream or LibreRelay. You no longer need to hide your picture in a fake pubkey, a fake scripthash, or fake witness in Segwit. You can now upload a picture, any kindiof picture, no matter how discussing, directly to the chain, and you are using bitcoin exactly as intended by core 30.
2. Not fix anything at all regarding existing spam, but rather creating a new way to spam bitcoin, waiting for spammers, grifters, and attackers to figure out how to use it.
3. Take away more power from the nodes, the only part of bitcoin that is still decentralized, and move it to large pools who are only too happy to fill their blocks with spam. Core has stated that there is no spam problem. They think the problem is that nodes don't fit their mempool and relay policy to what large spam pools want to mine.
We all know what happened to BSV when they did the exact same thing as core 30, and blew up the op_return filter: their chain got filled with child porn almost right away. Luckily for BSV, it's a centralized shitcoin, so reverting the op_return limit and correcting the situation back was easy.
I believe the BSV child porn attack was a test run. And the attackers are now doing it on Bitcoin. I believe they would not be dumb enough to fill the bitcoin chain with child porn right away. Because that would provide too much credit for Knots and BIP110. And they definitely don't want that.
OP's argument appears to be "See, we blew up a spam filter and nothing happened. You cried wolf for nothing."
Okay, if blowing up the filter really does nothing, why not change it back since it's obvious a very large portion of the nodes are against the change?
I remind you that more people switched to Knots and BIP110 than updated to core 30.
You don't have a lot of imagination. Bitcoin requires adversarial thinking. There are multiple contengencies I can see are likely to use op_return for large illicit files:
1- As you pointed out, someone on my side could do it to promote support for Knots/BIP110. I have to admit that is a possibility. In such case, I think the illicit stuff might be AI generated or something legal most everywhere, but still disgusting to most people. Like gay porn for example.
2- Some degen pedo who doesn't want the risk to keep those disgusting files on his own machine. Instead he dumps the legal/moral/social risk on the 90,000 nodes. Let the nodes host and distribute his child porn for free and until the end of time!
3- Some large trader with a short position. If you were to flood the bitcoin chain with a ton of child porn in op return, the news cycle would be all over it and the trader with a put option would hugely benefit from the resulting price drop.
4- A shitcoiner who thinks this is somehow going to pump his shitcoin against the discredited child porn filled bitcoin.
5- Most likely, it's going to come from a well financed state level or bank level attacker. They want to drastically decrease the number of nodes to make bitcoin more centralized and easier to control. They want to slow down or stop adoption of bitcoin. They want to make people fearful of running a node and impose legal/moral/social restrictions on running a node.
They can't arrest bitcoiners for the crime of running a node at home. Their would be no public support for that.
But they can fill the chain with filth, than SWAT the houses of a few prominent high profile bitcoiners with the charge of hosting and distributing child porn. It's a lot easier to gain popular support for that.
And of course, they might spend a furtune on legal fees and battle it in course for years on end.
But that's just going to create FUD in most bitcoiners running a node. Why take the legal/moral/social risk of it all? As a result, more nodes would likely go into Tor and a very large number would just turn off their node.
It's a bit stupid to say "We are going to blow up a spam filter and nobody is going to use it."
If nobody is going to use it, what's the point of blowing up the filter in the first place?
New update. If I understand Dune correctly, this one has the full data for March and the previous update had only partial March data.
Spammers went really crazy in the last weeks! They almost set a new record for space occupied by OP_RETURN outputs! Bitcoin is in .... danger?
Source: https://dune.com/d5k/opreturn
As it can be seen the number and total size of OP_RETURN transactions both increased. But the number and total size of transactions with OP_RETURN transactions over 83 bytes remains constant and even has declined a bit (from 27 MB in January and 33 MB in February to 23 MB in March).
It's the small transactions under 83 bytes who are responsible for all the change. Their weight increased from 197 in February to 336 MB in March.
I'm honestly a bit surprised how positively this is playing out. I had expected a slight but significant surge of >83 bytes transactions, and there is no surge at all.
But regarding the new "sub-83 bytes spam wave": Is there perhaps a new popular protocol emerging? Or is the Runes fad returning?
That is no surprise to me. Core has done absolutely nothing agaibst spam for the last 5-6 years. And even going as far as signalling for more spam by rejecting spam filters and nujing an existing spam filter.
Couple that with the use of spamware like LibreRelay and Slipstream specifically designed to invite more spam on bitcoin.
Why would anyone expect spam to slow down under those circumstances?
Yes, if we keep going down this slippery slope and tolerating more and more spam, it will eventually turn bitcoin into an other useless scammy shitcoin. But it would be a gradual process. Death by a 1000 cuts.
The coretards like to claim that fighting spam is nothing more than a useless game of cat and mouse. Voretards fail to acknowledge a barn with cats and mouse traps has dar fewer mice than a barn without.
Spam is harmful to bitcoin. But at least small op_return is the least harmful way of harming bitcoin.
The problem I have with the creation of op_return is that it basically established that spam would be tolerated on bitcoin. And core went too far with that by blowing up the op_return limit.
Interestingly, the biggest surge in large op_return happened right after core announced they would nuke the op_return filter, and long before core 30 was published.
100's of 1,000's of <83 op_return are being created everyday for the last few months. They are all under 1 sat/VB, and they don't appear to be runes.
I think they are mostly automatically generated by someone who wants blocks full.
Perhaps, some large pools have decided that they benefit from full blocks?
Looks like they are enjoying low fees to spam their stuff...
I have been consolidating my UTXO. I have paid about $0.40 to consolidate 40+ inputs. Preparing just in case fees goes crazy like 300+ sat/vB in the next a bull run.
Good job d500
Yes, in my opinion, these could be traces of some L2-protocols. 🙋
Protocols such as Babylon, Citrea, BoB, Stacks, and others are under suspicion.
In my opinion, a more thorough investigation is needed to determine whether these protocols are indeed leaving such traces. Perhaps it's even worth talking to the developers of these protocols to clarify this issue.
But in my opinion, this is a good thing! The network is becoming more dynamic and active. Miners are earning more income in the form of fees (no need to offend miners, they are very useful for Bitcoin). Everything looks so positive, I want to open a bottle of champagne! 🍾
Bitcoin is not a fucking dickbutt.jpeg repository. Filling blocks with scammy spam is not a good thing.
Bullshit! Let's look at the latest block, shall we?
https://mempool.space/block/0000000000000000000031176c50ffff8db77334ab225aeb1845354c0eee825c
Total miner fees were $845.88 USD and total miner reward (subsidy + fees) was $239,049 USD.
Even if you were to imagine that 100% of the fees came from spam, that still would account for less than 0.36% of the total miner reward.
The big centralized spam pools make an extra 0.356% profit while the 100,000 nodes are burdened with bullshit heavier blocks.
The big pools are running spamware specifically designed to promote more spam on bitcoin. Shit like Slipstream and LibreRelay are explicitly built to promote more spam. I have no love for there spam pools.
That is not going to happen, ever. Ordinal spammers are not going to willingly move to op_return and pay 4x more in fees. Why on earth would they do that?
The stamps guy explicitly and publicly said he wants to do as much damage to bitcoin as possible. Why would he move to op_return and do less damage to bitcoin, with no benefit to him?
These people are spammers, attackers, grifters, and scammers. Counting on their good will to reduce same to bitcoin is just delusional. They are not users, they are attackers.
What core 30 did is effectively define bitcoin as a spam repository. Core 30 made file hosting for free a supported and sanctioned use case of bitcoin.
If left alone, things will only get worst.
I have a better way to look at it.
Core claims they don't know what spam is. Instead, they refer to spam as "use cases we have today" and they refer to spammers not as attackers and grifters, but as "users who need to upload data".
Core is refusing to implement new filters for the last 5 years since this spam war started. They are going as far as blowing up existing spam filters.
If it gets worst, if we get more spam, it's because we allow core to continue, and tolerate the increasing spam.
If it gets better, if we get less spam, it's because of the fight Knots nodes and BIP110 nodes are putting on.
If you just want to sit there and hope and pray that spammers will just go away on their own, you are delusional.
For runes, i don't see significant price or trading volume changes according to https://coinmarketcap.com/view/runes/. But https://www.oklink.com/bitcoin/runes-tx-list show some Runes activity. I just opened it and the website claim there are 200+ TX with same date time (04/29/2026, 07:48:54), which probably means 200+ rune TX is in same block.