Bitcoin Devs Overlook Taproot’s Social Attack Surface Enabling Network Spam

Bitcoin Developers Did Not Foresee Taproot’s Role in Network Spam

Bitcoin Core developer Jimmy Song has highlighted a significant oversight by the creators of the Taproot upgrade, stating that they failed to consider the “social attack surface” that would open the door to nonfinancial transactions flooding the network with spam. These transactions include Ordinals, BRC-20 tokens, and other data-heavy operations that have become increasingly prevalent.

In a video shared on X, Song described Taproot as having considerable “trolling value” because many Bitcoin enthusiasts pinned their hopes on it. He said, “The increase in the social attack surface of this upgrade wasn’t accounted for at all, let alone considered.” Last year, Song referred to Ordinals as a “fiat scam,” underscoring his skepticism about their impact on Bitcoin.

Shortcomings in Taproot’s Privacy and Security Features

Song also criticized Taproot for not delivering on promised privacy and security enhancements. He pointed to Schnorr signatures and Script Paths Spend capabilities, which were promoted as more efficient alternatives to traditional multisignature schemes. These features were intended to simplify processes such as key recovery involving multiple participants.

However, according to Song, the implementation proved more complex than anticipated, requiring more rounds of signatures than conventional multisig setups, ultimately leading to a poor user experience and limited adoption.

Taproot was activated in November 2021 by developers including Jonas Nick, Tim Ruffing, and A.J. Townes, building on foundational work from Gregory Maxwell dating back to 2018.

Community Divisions Over Bitcoin’s Transaction Validation

Song’s remarks come amid a widening rift in the Bitcoin community over the types of transactions the network should validate. Prominent figures such as Adam Back, Dennis Porter, and Luke Dashjr align with Song’s view that Bitcoin should remain focused on its original purpose as a peer-to-peer electronic cash system, avoiding nonfinancial data transactions.

In contrast, advocates like Leonidas, leader of the Bitcoin Ordinals movement, have embraced Taproot’s expanded capabilities. They argue against censoring any transactions, including Ordinals and Runes applications that embed various data types on the blockchain.

Bitcoin Core vs Bitcoin Knots: A Node Software Schism

In June, over 30 Bitcoin Core developers agreed to remove the 80-byte limit on the OP_RETURN opcode, facilitating more extensive on-chain storage of images, audio, videos, and documents. However, concerns that Bitcoin Core might reverse this update to restrict nonfinancial transactions have driven users toward Bitcoin Knots software.

The number of Bitcoin Knots nodes has grown dramatically from 67 in March 2024 to over 7,100 today, representing nearly 28% of the network. Leonidas has even suggested that his community might consider forking Bitcoin Core should attempts be made to censor Ordinals, Runes, and similar data embeddings.

Taproot’s Future: Potential Yet Unfulfilled

Despite his criticisms, Song has not dismissed Taproot’s potential benefits. He noted that Taproot could still prove valuable if innovations like Ark lead to decentralized mining or if BitVM drives increased Bitcoin demand. “But so far, Taproot has not lived up to the cost users paid to get it,” he concluded.

Ordinals and Runes: Supporting Network Security Through Fees?

On the other side, Leonidas contends that the surge in transaction fees from Ordinals and Runes has contributed over $500 million to Bitcoin’s security budget. This funding is vital as the mining block subsidy halves roughly every four years.

However, transaction fees from Ordinals have shown significant volatility, ranging between approximately $3,000 and $537,000 daily in 2025, according to Dune Analytics. The peak fee revenue of $9.99 million recorded on December 16, 2023, remains an outlier.