Bitcoin Can’t Be Money (Only)

Stark · February 2026

This is not about narrative or preference.

This is about a security model with a deadline.

The BTC block subsidy rewards miners for securing the network, and it halves approximately every four years. Satoshi built a disinflationary monetary policy into the protocol, and it is executing exactly as specified.

As such, Bitcoin’s security budget is on a declining trajectory, and the only variable that can replace the subsidy is transaction fee revenue.

This is unavoidable math, and it doesn’t matter if the price of BTC goes up or down because the security budget and the subsidy are both denominated in BTC. The 0.5% security floor requires roughly 2 BTC per block in total miner revenue, full stop. This number is effectively constant.

What changes is where the 2 BTC comes from. By 2032 the block reward covers only 0.78 BTC. Fees must provide the remaining 1.22 BTC. By 2040 the reward falls to 0.19 BTC. Fees must cover nearly all of it. The target never moves. The subsidy disappears beneath it.

This is concluded based on total annual miner revenue divided by the asset value they’re protecting. The assumed theoretical floor is 0.5%. This is roughly where the block reward alone keeps you today in 2026. It doesn’t matter if Bitcoin is $100K or$ 10M. The ratio is the same due to the Bitcoin denominated price-invariant security constraint.

Current average fees are approximately 0.1–0.3 BTC per block. Fees need to increase roughly 10x in BTC terms by 2032 just to tread water at the minimum credible security level, and 20x by 2040. This is not sensational or uncertain. This is math.

The Security Budget
Cannot Close Itself

Block reward halving · Transaction fee ceiling · The arithmetic of L1 survival

BTC Price100K

Scales both revenue and required budget equally

Block Utilization80%

3,360 tx per block at ~5.6 TPS

Tethered Fee Controls—moving one updates the other

Total Fees Per Block0.500 BTC

50K per block in USD

Cost Per Simple Send$14.88

Across 3,360 transactions per block

Security Budget vs. Safe Range

Annual miner revenue vs. the range of adequate security spend at 100K/BTC

■ Block reward ■ Fee revenue ■ Safe range (0.5% – 1.5%)

Network Value

2.0T

19.7M BTC × 100K

Safe Range

9.8B–29.6B

0.5% – 1.5% of network value

Annual Fee Revenue

2.6B

26280.0 BTC × 100K

Why This Cannot Be Solved By Price
The chart auto-scales its Y-axis. When you drag BTC price up, both the revenue and the safe range scale by exactly the same factor — so the chart looks identical at every price point. This isn't a display bug. It is the circular dependency.At 100K: budget = 19.1B, min required = 9.8B → 193.4% of minimum met
At 10× the price: → 193.4% of minimum met (identical)
By 2040: 36.5% of minimum met — at any price, from $100K to $100M

Sources for Security Thresholds
0.5% Theoretical Minimum — Lyn Alden, “Fee-Based Security Modeling” (2021): stated threshold for long-term concern. Campbell Harvey (Duke, 2025): $6B one-week attack cost ≈ 0.5% of market cap at current levels.
1.5% Historical Operating Range — Bitcoin has operated between ~0.8–2.5% security ratio since 2012 without a 51% attack. 1.5% represents the midpoint of observed safe operation.
Eric Budish, “Trust at Scale” (QJE 2025): argues no percentage is safe at scale because Nakamoto trust costs scale linearly with value secured, unlike rule-of-law deterrence which provides economies of scale. The thresholds above are practical benchmarks, not theoretical guarantees.

The block reward is not a subsidy that transitions to fees. It is the security model.
The halving schedule guarantees its expiration. The throughput ceiling guarantees fees cannot replace it.
Drag the price slider. Watch the ratios hold still.

Monetary Transactions Cannot Fill the Gap

The intuitive response is: “Bitcoin just needs more transaction volume. More adoption = more payments = more fees, right?” No.

The fee revenue from payments is subject to a ceiling that most analyses ignore: payments are a commodity service that is structurally compressing toward zero. This is not a theoretical concern. It is already happening at scale.

India’s Unified Payments Interface processed 186 billion transactions in 2024 at zero cost to users. The government subsidizes the system because the economic value of frictionless payments exceeds any fee revenue it could extract. Brazil’s Pix handled 63.8 billion transactions the same year, free for individuals, and now accounts for over 76% of all payment transactions in the country. These are not pilot programs. They are the dominant payment rails of the world’s fifth and ninth-largest economies.

The pattern is global. The European Union caps interchange fees at 0.2–0.3%, a fraction of U.S. rates. The World Bank’s Remittance Prices Worldwide database shows global average remittance costs falling from 10.36% in 2009 to 6.49% in 2025, with digital-only services already at 3.55% and still declining.

McKinsey’s 2025 Global Payments Report notes that revenue growth across the $2.4 trillion payments industry is decelerating as transaction volume shifts toward lower-yield rails, including instant payments, account-to-account transfers, and digital wallets — all of which compress fees by design.

The United States is the outlier, not the benchmark. U.S. merchants paid $111.2 billion in credit card swipe fees in 2024, mostly to Visa and Mastercard, who control 80% of the market at profit margins exceeding 50%. The Senate Judiciary Committee held hearings on it. The DOJ sued Visa for monopolistic practices. These fees persist not because they reflect the cost of moving value, but because a duopoly extracts rent from a captive market. Every other major economy is actively dismantling this model.

The trajectory is clear: the marginal cost of moving value from point A to point B approaches zero as competition increases and infrastructure matures. Every major economy is building free or near-free real-time payment rails. The fee pool that Bitcoin’s security model needs to tap is not growing. It is evaporating.

Even if you froze the compression and captured the entire global card payment fee pool at current rates and captured every swipe fee, every interchange charge, every network assessment, worldwide, you are looking at roughly $300–400 billion per year within the payments industry's$ 2.4 trillion total revenue.

At $100K per BTC, Bitcoin secures approximately$ 2 trillion in network value. The 0.5% theoretical security floor requires $10 billion per year in miner revenue. At Bitcoin L1's maximum throughput of 220 million transactions per year, that demands an average fee of roughly$ 47 per transaction. That’s an order of magnitude greater than what Visa charges, to process orders of magnitude fewer transactions, with no chargeback protection, no fraud liability, and no customer support.

Furthermore, if Bitcoin wildly succeeds at the payments-only narrative, becomes a global reserve asset valued in the tens or hundreds of trillions, and replaces all fiat currencies, the security budget requirement scales proportionally. Bitcoin would have to extract more fees than the totality of current global payments systems.

As for the store-of-value-only narrative, that ideology ignores the problem entirely.

The value being secured outgrows the value of the market being served, and the market being served is simultaneously racing to eliminate fees entirely.

The security budget cannot be funded by payments alone. Therefore, the surface area of what Bitcoin secures must expand beyond payments into verification, attestation, and computational settlement. These are domains where value capture is not subject to the same commodity compression, because the service being provided is not “move value from A to B” but “prove that state X is valid.”

The security budget cannot be funded by payments alone. Therefore, the surface area of what Bitcoin secures must expand beyond payments.

But Bitcoin cannot do this natively. Its scripting language is deliberately constrained. Its block time is deliberately slow. Its throughput is deliberately limited. These are not weaknesses. They are the source of its security properties. Relaxing them to accommodate broader applications would undermine the very security the applications depend on.

This is the paradox: Bitcoin must secure more to survive, but it cannot do more without compromising what makes it secure.

The resolution is not to change Bitcoin. It is to build the minimum viable architecture that inherits Bitcoin’s security, preserves decentralization, and extends the application surface, while routing the captured value back to miners as fee revenue.

What is needed is a complete economic circuit that funds the ultimate security anchor for a peer-to-peer future.

The Verification Surface

The question “how much can you charge per payment” has a ceiling and that ceiling is falling.

The addressable market for “how many things need verification” is growing. IoT Analytics tracks 21.1 billion connected IoT devices in 2025, growing at 13% annually to 39 billion by 2030 and over 50 billion by 2035. The IoT market as a whole is valued at $1.35 trillion in 2025 and projected to reach$ 2.7 trillion by 2030.

Each of these devices generates state in the form of sensor readings, configuration changes, firmware updates, and operational telemetry that someone, somewhere, needs to rely on.

But IoT is only one surface. AI agents are about to shop, negotiate, and transact autonomously on behalf of humans. McKinsey’s research on agentic commerce projects $3 to$ 5 trillion in globally orchestrated revenue by 2030. In this model, the AI agent negotiates across platforms, executes purchases, and settles transactions. Each step requires verification of identity, intent, authorization, and state.

Gartner projects that at least 15% of work decisions will be made autonomously by agentic AI by 2028, up from zero in 2024. PwC estimates AI could contribute $15.7 trillion to the global economy by 2030.

This verification surface demands a participation model that doesn’t price out the smallest actors. A per-transaction fee on IoT attestations or agent micro-settlements is a non-starter. You cannot charge $0.0001 to verify a sensor reading worth$ 0.0001. The fee model is not a secondary design consideration. It is a prerequisite for the surface to function at all.

An autonomous agent executing a supply chain settlement or a sensor grid attesting to environmental data needs feeless settlement and cryptographic proof that the state it is acting on is valid. It needs verification that cannot be forged, revoked, or manipulated by the counterparty. It needs exactly what Bitcoin provides: trustless, permissionless, adversarially secure verification anchored to the most expensive computational structure ever built.

The fee increase that Bitcoin needs by 2032 does not come from people paying more to move money. It comes from a planetary-scale computational surface anchoring its verification to Bitcoin’s proof-of-work because that is the strongest neutral security model in existence that has survived adversarial conditions for sixteen years without compromise.

The fee increase that Bitcoin needs by 2032 will not come from people paying more to move money.

The Optimal Solution

A well-defined problem is half the solution. Four decades of distributed systems research have produced formal impossibility results that constrain the possible design space. These are not engineering trade-offs. They are mathematical boundaries that are proven, peer-reviewed, and experimentally confirmed. When you trace the outline to include everything that is formally required, and exclude everything that is not essential, an architectural shape emerges. Not because someone designed it from an inductive vision statement, but because the constraints shape the form.

1. Ordering is irreducible.

The FLP impossibility result (Fischer, Lynch & Paterson, 1985) proves that no deterministic algorithm can guarantee ordering in a fully asynchronous system with even one faulty process. Without ordering, double spends cannot be resolved. Every practical system must make some synchrony assumption, be it partial synchrony, probabilistic finality, or proof-of-work to achieve ordering.

FLP demands ordering, but it does not demand that ordering be entangled with execution. These are different problems with different optimization surfaces. Consensus determines sequence, execution computes outcomes. Collapsing them into a single mechanism, as most blockchains do, forces every transaction to compete for the same resource and every scaling improvement in one dimension to create a bottleneck in the other.

The minimum structure that satisfies the ordering constraint without inheriting the bottleneck is a consensus layer that provides sequence without executing application logic. Zenon’s meta-DAG serves this function by being thin, fast, and unconcerned with what the transactions mean.

2. Global state commitment is irreducible.

The a16z lower bound (Christ & Bonneau, 2023) proves that any system where verifiers need to confirm account balances must either maintain state proportional to the number of accounts or require users to update proofs at a rate proportional to total system activity. The verification burden can be distributed but not eliminated.

The a16z bound demands that someone must do work proportional to the system’s state. It does not demand that everyone must do all of it at once. The ideal structure that satisfies the constraint without creating a global bottleneck is a block-lattice: each account maintains its own chain of state changes, confirmed by the ordering layer but not serialized by it. Accounts that do not interact do not contend for the same throughput. The state commitment burden is distributed across the lattice rather than concentrated in a single sequential chain.

3. Verification before execution is irreducible.

Safety-critical systems must validate inputs before committing to irreversible action. This principle is foundational to every fault-tolerant system from the Apollo guidance computer to modern database transactions (Avizienis, 1967; Gray, 1981). Any system that executes first and verifies later accepts a window of vulnerability between execution and verification.

This is sometimes known as “the dark forest” — a mempool where transactions are visible before execution, and economically incentivized intermediaries reorder, front-run, and extract value from users before the state is finalized. The entire MEV ecosystem, Flashbots, proposer-builder separation, and block builder auctions, exists to manage this extraction, not eliminate it. The only way to close this window is to verify state transitions before they are committed to the ledger.

In the context of critical systems, this is not a preference. It is a security property with a formal definition: a reliable system is one where state transitions are verifiable before commitment.

In Zenon, computation is performed at the network edge. Each account constructs its own state transitions locally, and the network’s role is to verify and order, not to re-execute. State transitions are checked against the canonical ordering before being accepted into the ledger. Invalid transitions are rejected at the point of commitment.

This is distinct from what zero-knowledge systems provide. ZK proofs relocate the cost of verifying execution. ZK-prover supercomputers at the network core are an optimization within the execution-first paradigm, not an escape from it. Someone must still execute the computation and generate the proof. The cost (and trust assumption) relocates from the decentralized verifier to centralized prover; it does not disappear. In Zenon’s verification-first architecture, execution cost and trust assumptions are borne by the parties who need the results. Verification cost remains independent of execution complexity. The two are structurally different approaches with diametrically opposed outcomes.

This inverts the model used by most blockchains, where the entire network redundantly executes every transaction. Zenon Network is a verification layer, not a computation layer. The entire class of attacks that exploit the gap between execution and reconciliation does not exist in this architecture because the gap does not exist.

4. Verification cost asymmetry is irreducible.

Verification must remain cheaper than execution, or trust re-enters the system through the cheapest available path. Bitcoin encoded this principle explicitly. Merkle trees and SPV allow resource-constrained clients to verify payments without re-executing the chain. Verification cost is O(log n) in block size. Execution cost is borne by whoever needs the result. The invariant is structural, not incidental. When full node operation becomes expensive relative to the value being secured, users migrate to custodians not out of unsophistication but out of rational economic behavior. The crypto industry then built general-purpose computation world computers and abandoned the invariant entirely. The result was not incidental. Every system that inverts the relationship between verification cost and execution cost is optimized for centralization.

5. Sybil resistance is irreducible.

Douceur (2002) proved that without a central authority, Sybil attacks can only be prevented by imposing verifiable resource costs on participation. Any open system must have a mechanism that makes participation costly enough to prevent an attacker from overwhelming the network with fake identities. This cost can be computational (proof-of-work), economic (proof-of-stake), or some other scarce resource, but it must exist. Systems that remove all participation costs remove Sybil resistance and become trivially attackable.

Sybil resistance requires cost. Transaction fees impose that cost but throttle throughput and introduce fee-market dynamics that are orthogonal to the security function. Zenon provides a versatile Sybil resistant dual PoW/PoS Plasma mechanism for maximum accessibility and versatility:

PoW Plasma: a lightweight per-transaction proof-of-work computational cost that is trivial for legitimate users and prohibitive for attackers at scale.

PoS Plasma: QSR “Fusion” is a form of staking that provides throughput similar to rechargeable “mana” as is common in video games.

Both Plasma paths impose real cost on participation. Neither path requires transaction fees. Dynamic Plasma is self-adjusting and scalable. Crucially, there are no fees to price out the micro-attestations the machine-economy requires.

Five constraints. Five architectural responses.

The obvious question is why no prior system satisfies these requirements. The answer is architectural, not historical. Bitcoin occupies the verification-first, simple-execution quadrant. Its constraints are not weaknesses; they are the source of its security properties. Ethereum and its descendants occupy the general-computation quadrant. The verification-first × general-computation quadrant remained empty for over a decade because developer momentum followed the execution-first assumption without questioning it. Zenon is the only system occupying the required quadrant that extend Bitcoin’s core invariants.

Hyper-Bitcoinization

The distinction is not based on performance or throughput. Bitcoin and Zenon are aligned in their adherence to core tenets of critical systems design. Execution-first systems ask you to trust that a validator set executed correctly. Verification-first systems enable you to collect your own proofs and perform your own computation. For the machine economy, supply chain, IoT grids, and agentic AI, this is not a philosophical nuance. These systems require a trust root that cannot be corrupted by a committee acting in bad faith. Cryptographic verification anchored to proof-of-work is the only trust model that satisfies that requirement without introducing a new trust assumption somewhere else in the stack.

This aligned architecture completes the economic circuit that Bitcoin’s security model requires to survive.

Bitcoin provides the security anchor as the most expensive computational structure in human history to attack. Zenon checkpoints to Bitcoin for maximum security while enabling hyper-Bitcoinization — a future where virtually every verification, attestation, and computational settlement is backed by Bitcoin security.

The circuit:

Bitcoin security → Zenon inherits security → Zenon scales verification surface → Verification surface generates value → Zenon settles high-value checkpoints to Bitcoin → Fees flow to Bitcoin miners → Bitcoin budget secured

Bitcoin’s security budget declines with every halving. Without this circuit, the cost/benefit ratio of an attack will favor the rational bad-actor.

The Deadline

The fee increase that Bitcoin needs by 2032 will not come from people paying more to move money.

Bitcoin’s greatest value is in being the strongest neutral security model in existence, and it realizes its maximum value through a planetary-scale computational surface anchoring to Bitcoin’s proof-of-work.

The irreducible requirements are well established and proven.

Bitcoin needs an architecture that satisfies the constraints, completes the economic circuit, and scales the verification surface before 2032. Not because it would be elegant, but because the alternative is a security model that can no longer justify the value it protects. Don’t trust. Verify.