USDBitcoin proposal would freeze unmoved coins over quantum threat
BIP-361 sets migration deadline and ignites ownership debate
TL;DR
- Bitcoin’s draft BIP-361 would phase out legacy signatures and eventually freeze coins that do not migrate to quantum-safe formats.
- The proposal was formally assigned on Feb. 11, 2026, and was published publicly on April 14, 2026.
- Critics called the idea confiscatory, while supporters said a forced migration may be preferable to leaving exposed coins vulnerable to quantum theft.
We’ve launched the all-new COIN360 Perp DEX, built for traders who move fast!
Trade 130+ assets with up to 100× leverage, enjoy instant order placement and low-slippage swaps, and earn USDC passive yield while climbing the leaderboard. Your trades deserve more than speed — they deserve mastery.
A draft Bitcoin proposal known as BIP-361 would require holders of vulnerable legacy outputs to move funds to quantum-safe formats within a set transition period or risk having those coins frozen by consensus, according to details published on April 14. The proposal, titled “Post Quantum Migration and Legacy Signature Sunset,” is designed to address the risk that quantum computing could break Bitcoin’s current signature model and allow attackers to seize funds from exposed public keys.
BIP-361 is described as an informational draft with six co-authors, including Casa CTO Jameson Lopp. The proposal was formally assigned on Feb. 11, 2026, and depends on BIP-360, a separate quantum-resistant transaction or address framework that remains under review. BTQ Technologies was said to have brought BIP-360 into testnet implementation in early 2026, giving the broader migration plan a technical base but not an activation date.
The threat model behind the proposal centers on Bitcoin’s use of elliptic curve cryptography. A sufficiently capable quantum computer using Shor’s algorithm could derive private keys from visible public keys, putting older output types at greatest risk, especially pay-to-public-key outputs and other legacy formats where the public key has already been exposed onchain.
That exposure is not theoretical in scale. More than 34% of bitcoin in circulation had an exposed public key onchain as of March 1, 2026. Separate figures in the source material describe roughly 6.9 million BTC as part of the broader exposed set, while Lopp’s argument focused on about 5.6 million BTC characterized as “lost” coins that he said may be better frozen than left available to future attackers.
Migration plan would unfold in phases
The proposal lays out a staged enforcement model rather than an immediate cutoff. One phase would begin about three years after activation of the companion quantum-resistant address proposal and would stop wallets from sending funds to legacy addresses. A later phase, beginning two years after that, would invalidate ECDSA and Schnorr signatures for non-migrated legacy outputs at the consensus layer, leaving those coins unspendable unless they had already moved.
Taken together, that structure amounts to a five-year migration window from activation. A third phase remains under research and would explore whether holders of frozen coins could later prove ownership through a zero-knowledge proof tied to a BIP-39 seed phrase. That recovery path is not described as finalized.
The proposal would mark a major change in Bitcoin’s operating assumptions because valid signatures have historically been treated as sufficient proof of control. Leo Fan, founder of decentralized compute network Cysic, said BIP-361 would instead treat “timely migration as part of maintaining ownership.” Fan said the proposal shifts quantum risk from “maybe I get robbed later” to “if I miss the deadline, I may lose access by consensus,” and described that change as making Bitcoin “more interventionist” to stop vulnerable coins from becoming “loot for the first entity with a working quantum computer.”
Chris Peikert, cryptography firm Fhenix Research’s core researcher, framed the issue as requiring a protocol-level response. “For Bitcoin there is no option other than a protocol hard change/fork in order to stop funds from being withdrawn from accounts with exposed public ECDSA keys,” Peikert said.
Enrico Rubboli, founder of layer-2 sidechain Mintlayer, argued that delay could be more dangerous than the hard choice of forced migration. Rubboli said an unprotected chain’s price “collapses the moment someone demonstrates a single quantum theft, because it proves every exposed address is now fair game.” He also said Bitcoin’s decentralized governance is “a strength in normal times and a weakness when you're racing a clock,” and warned that voluntary migration without a deadline “only works if you assume the threat arrives on a schedule. It won't.”
Backlash centered on ownership and confiscation
The sharpest objections focused on Bitcoin’s ownership model. Critics argued that freezing coins through consensus would undermine immutable, unconditional ownership and create a precedent some viewed as more dangerous than the future attack it seeks to prevent.
Frederic Fosco, co-founder of Bitcoin metaprotocol OP_NET, put that argument in blunt terms, saying a protocol-enforced freeze “is confiscation, full stop.” The X account Cato the Elder wrote, “This quantum proposal is highly authoritarian and confiscatory, but of course, it’s from Lopp. There is no good rationale for forcing the upgrade and rendering old spends invalid. Upgrade should be 100% voluntary.” Phil Geiger was quoted as saying, “We have to steal people’s money to prevent their money from being stolen.”
The immediate reaction on X was described as overwhelmingly negative. A sentiment analysis attributed to Grok said roughly 95% of 74 replies were negative and concluded, “No replies show clear support or enthusiasm for the proposal. The sentiment is extremely one-sided against it.” That characterization was presented as an observation of the early reaction, not as a formal poll.
Lopp acknowledged the discomfort surrounding the proposal in his own words. “I know folks don't like” BIP-361. “I don't like it myself. I wrote it because I like the alternative even less.”
Debate around the proposal has also been shaped by updated expectations about the quantum timeline. Benchmark analysts had earlier described the threat as “distant and manageable,” but the tone shifted in March 2026 after Google suggested practical quantum attacks could arrive sooner than previously expected and pointed to a post-quantum transition window around 2029. Another estimate cited McKinsey as placing viable quantum attacks in a 2027 to 2030 range.
Early Bitcoin holdings are central to the dispute because coins with long-exposed public keys are seen as the most vulnerable. Some of the oldest and most dormant wallets, including coins believed to belong to Satoshi Nakamoto, could be frozen if they failed to migrate under the proposed rules, though the proposal remains a draft and no activation timeline has been set.
FAQ
What is BIP-361?
A draft Bitcoin proposal to sunset legacy signatures and force migration to quantum-safe formats.
How long would holders have to migrate?
The proposal describes a five-year window from activation.
Why are older coins a focus?
Older outputs are more likely to have exposed public keys onchain.
Has BIP-361 been activated?
No. The proposal remains in draft informational status.
This article has been refined and enhanced by ChatGPT.
