The Controversy: OP_RETURN Unleashed
In June 2025 Bitcoin Core merged a pull request that effectively removes the OP_RETURN size cap. The move has reignited a long-smouldering debate: is storing JPG images on-chain “spam,” and should Core developers stop it? Roughly 17 % of reachable nodes now run Bitcoin Knots, a client that ships extra spam filters. Core maintainers counter that the fee market—not protocol limits—remains the only sustainable defence.

An Information-Theoretic Reality Check
Claude Shannon’s information theory tells us that any random-looking data—an address, a signature, even a private key—can encode arbitrary information. Filters can raise the cost, but they cannot win an asymmetric war: attackers spend pennies to circumvent defences that cost orders of magnitude more to build and maintain.

Historical Precedents
• December 2013: Nelson Mandela’s portrait was etched into the chain using “fake” unspendable outputs.
• May 2011: the Bitcoin logo itself was stored the same way.
Both stunts bloat the UTXO set and increase the burden on full nodes, illustrating why OP_RETURN was once preferred.

Why Banning Fake Addresses Won’t Work
A draconian fix—requiring every output to carry a valid signature—would demand a foundational redesign of Bitcoin:
• every wallet becomes obsolete;
• transactions balloon in size;
• privacy erodes and quantum exposure grows;
• consensus for a hard fork would be near impossible.
Even then, steganography would simply migrate elsewhere, proving the cure worse than the disease.

The Private Key as Canvas
A Bitcoin private key is nothing more than a 256-bit random number—mathematically identical to a 16×16 black-and-white bitmap. By generating deliberately weak ECDSA signatures (re-using the nonce k), we can embed an image inside the key itself and publish enough on-chain data for anyone to reconstruct it.

Turning a JPG into a Private Key
We converted the portrait below into a 256-bit seed, yielding the private key:

Scale is trivial: a 1 MB image can be split into thousands of keys, each funding a dust output—an attack vector no filter can detect.

Fragile Signatures: Making the Image Public
Secure signatures demand a unique, secret k for every message. Re-using k leaks the private key—infamous disasters at Blockchain.info (2013) and Sony’s PlayStation 3 (2010) prove the point. We weaponised this weakness: by fixing k we ensured the private key—and therefore the JPG—could be derived from publicly available signature data.

A 15-of-15 Multisig Proof-of-Concept
We crafted a single-input, single-output 15-of-15 P2SH transaction (1 690 bytes). Fourteen of the fifteen keys encode the stylised Bitcoin logo shown above; the fifteenth key secures the funds. The transaction is now immutable on-chain, and anyone can recompute the embedded image from the revealed signatures.

The Inevitable Conclusion
No filter, no protocol tweak, no social consensus can eradicate image storage from Bitcoin. Efforts to do so waste scarce developer time, fracture the ecosystem, and still lose the arms race. The JPG is already in the private key—and the private key is forever.

The Controversy: OP_RETURN Unleashed
In June 2025 Bitcoin Core merged a pull request that effectively removes the OP_RETURN size cap. The move has reignited a long-smouldering debate: is storing JPG images on-chain “spam,” and should Core developers stop it? Roughly 17 % of reachable nodes now run Bitcoin Knots, a client that ships extra spam filters. Core maintainers counter that the fee market—not protocol limits—remains the only sustainable defence.

An Information-Theoretic Reality Check
Claude Shannon’s information theory tells us that any random-looking data—an address, a signature, even a private key—can encode arbitrary information. Filters can raise the cost, but they cannot win an asymmetric war: attackers spend pennies to circumvent defences that cost orders of magnitude more to build and maintain.

Historical Precedents
• December 2013: Nelson Mandela’s portrait was etched into the chain using “fake” unspendable outputs.
• May 2011: the Bitcoin logo itself was stored the same way.
Both stunts bloat the UTXO set and increase the burden on full nodes, illustrating why OP_RETURN was once preferred.

Why Banning Fake Addresses Won’t Work
A draconian fix—requiring every output to carry a valid signature—would demand a foundational redesign of Bitcoin:
• every wallet becomes obsolete;
• transactions balloon in size;
• privacy erodes and quantum exposure grows;
• consensus for a hard fork would be near impossible.
Even then, steganography would simply migrate elsewhere, proving the cure worse than the disease.

The Private Key as Canvas
A Bitcoin private key is nothing more than a 256-bit random number—mathematically identical to a 16×16 black-and-white bitmap. By generating deliberately weak ECDSA signatures (re-using the nonce k), we can embed an image inside the key itself and publish enough on-chain data for anyone to reconstruct it.

Turning a JPG into a Private Key
We converted the portrait below into a 256-bit seed, yielding the private key:

Scale is trivial: a 1 MB image can be split into thousands of keys, each funding a dust output—an attack vector no filter can detect.

Fragile Signatures: Making the Image Public
Secure signatures demand a unique, secret k for every message. Re-using k leaks the private key—infamous disasters at Blockchain.info (2013) and Sony’s PlayStation 3 (2010) prove the point. We weaponised this weakness: by fixing k we ensured the private key—and therefore the JPG—could be derived from publicly available signature data.

A 15-of-15 Multisig Proof-of-Concept
We crafted a single-input, single-output 15-of-15 P2SH transaction (1 690 bytes). Fourteen of the fifteen keys encode the stylised Bitcoin logo shown above; the fifteenth key secures the funds. The transaction is now immutable on-chain, and anyone can recompute the embedded image from the revealed signatures.

The Inevitable Conclusion
No filter, no protocol tweak, no social consensus can eradicate image storage from Bitcoin. Efforts to do so waste scarce developer time, fracture the ecosystem, and still lose the arms race. The JPG is already in the private key—and the private key is forever.