Bitcoiners Propose Freezing Quantum-Vulnerable Coins Under BIP-361

Bitcoin researchers led by cypherpunk Jameson Lopp, along with five co-authors focused on quantum security, have put forward a controversial plan to shield the network from a future quantum-enabled theft. The proposal, labeled BIP-361 and titled “Post Quantum Migration and Legacy Signature Sunset,” would be implemented in three stages to migrate coins away from quantum-vulnerable output types — including Satoshi’s widely discussed stash — and to harden the network before quantum computers become practical threats. The draft was posted to GitHub this week as the second installment in the broader plan.

The impetus for the proposal is clear: researchers warn that roughly 1.7 million BTC stored in early P2PK addresses could be at risk if a quantum adversary gains access to powerful quantum hardware. Among these coins is the so‑called Satoshi stash, which some estimate could be valued in today’s dollars at around $74 billion. The aim, the authors argue, is to prevent a scenario in which quantum-enabled theft undermines trust in the Bitcoin network. The plan is framed as a defensive mechanism—a private incentive to upgrade—rather than an offensive maneuver to seize control of others’ funds.

Key takeaways

• BIP-361 is a three-phase plan that follows BIP-360’s soft-fork approach and aims to migrate vulnerable coins to quantum-resistant paths, addressing about 34% of Bitcoin’s supply that remains at risk unless moved.
• The phases are timed: Phase A begins three years after activation and would stop new BTC from being sent to old-style addresses, requiring users to migrate to quantum-resistant types.
• Phase B arrives five years after activation, invalidating old-style signatures and effectively freezing any funds remaining in vulnerable addresses.
• Phase C provides a zero-knowledge proof-based recovery mechanism for those who missed the deadline but can still demonstrate ownership via seed recovery, offering a potential rescue path.
• The proposal has drawn swift pushback from parts of the Bitcoin community, with critics calling it heavy-handed or confiscatory, arguing it undermines Bitcoin’s ethos of opt-in upgrades.

Context and the technical what-ifs

In February, developers released BIP-360, which proposed a soft fork introducing a new output type known as pay-to-Merkle-root (P2MR). The idea mirrors Bitcoin’s existing Taproot (P2TR) structure but removes the quantum-vulnerable key path from legacy addresses. While BIP-360 would protect funds moving forward, it does not automatically safeguard the substantial portion of the supply that remains vulnerable in old addresses unless owners proactively move funds to quantum-resistant forms.

BIP-361 extends this concept into a staged migration. Three years after activation, Phase A would bar transfers to old-style addresses, forcing users to adopt quantum-secure address formats. Then, five years after activation, Phase B would invalidate old-style signatures altogether, rendering coins in vulnerable addresses effectively unspendable unless they have already migrated. Phase C offers a potential rescue mechanism using zero-knowledge proofs to allow recovery for users who still possess their seed phrases but failed to upgrade in time.

Related: Bitcoin Magazine has noted the debate’s potential hard-fork implications, underscoring that the policy could center the fate of historical coins and alter the network’s long-term security model.

“This is not an offensive attack, rather, it is defensive: our thesis is that the Bitcoin ecosystem wishes to defend itself and its interests against those who would prefer to do nothing and allow a malicious actor to destroy both value and trust.”

Community reaction and the philosophical divide

The plan has ignited a robust discussion about Bitcoin’s core principles and the trade-offs of upgrading a global, permissionless system. Critics argue that forcing upgrades or rendering unupgraded UTXOs unspendable would mark a significant departure from Bitcoin’s ethos of non-coercive change and could set a dangerous precedent for future interventions.

Bitcoin protocol developer and researcher Mark Erhardt, who circulated BIP-361 on social media, faced immediate critique. Responders described the proposal as “authoritarian and confiscatory,” questioning the rationale for mandating upgrades and the legitimacy of rendering old spends invalid.

Other voices weighed in with skepticism as well. Bitcoin Magazine’s editors and contributors have been vocal in challenging the premise, while TFTC founder Marty Bent characterized aspects of the approach as inconsistent with the community’s expectations. Phil Geiger, head of business development at Metaplanet, offered a provocative take on the tension between protection and coercion. The broader sentiment remains unsettled: the consensus on whether a crypto-legalistic safeguard should override voluntary evolution is far from settled.

Cointelegraph reached out to Lopp for comment on the proposal; there was no immediate response at the time of publication. The GitHub draft, however, provides a concrete framework for discussion and potential future forks, even as many stakeholders call for a cautious, community-driven examination of the implications.

For readers tracking the evolution of quantum resilience in Bitcoin, the conversation now shifts from theoretical risk to concrete, staged mitigation. The three-phase design is designed to minimize disruption by letting the ecosystem migrate over time, but it also raises fundamental questions about asset-holding rights, upgrade incentives, and the governance of a decentralized network.

Implications for holders, users, and builders

From a practical standpoint, BIP-361 highlights two enduring tensions in Bitcoin’s path to quantum readiness. First, there is the temptation to act decisively to protect value, especially when the stakes include a multi-trillion-dollar network and the world’s most valuable cryptocurrency by market capitalization. Second, there is the risk that coercive upgrades or automatic penalties could fragment the ecosystem or erode trust among users who prefer to manage their own keys and seeds at their own pace.

For investors and developers, the proposal underscores the importance of forward-looking security models. If the plan progresses, the market could see increased demand for quantum-resistant wallets and services, as well as migrations that push older holders toward newer output types. The timeline—three years to Phase A and five to Phase B—provides a window for infrastructure teams to test compatibility, wallets to implement support for P2MR-like paths, and communities to debate the ethics and practicality of forced upgrades.

As the discussion unfolds, observers will be watching how this approach interacts with existing upgrade narratives, such as soft forks and user-initiated migrations. The zero-knowledge recovery proposed in Phase C is a particularly notable element: it aims to offer a path back to funds for those who missed the deadline, but the feasibility and privacy implications of such a mechanism will require rigorous scrutiny before any real-world deployment.

What to watch next

The BIP-361 draft opens a testing ground for how the Bitcoin community might address quantum threats without waiting for a single, sweeping upgrade. The next steps will likely involve broader discussions on GitHub, more technical vetting of the P2MR architecture, and public comment on the ethical and philosophical implications of effectively freezing or confiscating old UTXOs. Investors and builders should monitor how proponents respond to pushback from core developers and community voices, and whether practical consensus emerges around the timing and scope of any future activation.

As the conversation evolves, the central question remains: can a planned, staged migration deliver robust quantum protection without compromising Bitcoin’s foundational principles? The answer will shape not just security strategies, but the culture of upgrade, trust, and governance in the years ahead.