Bitcoin BIP-361: Freeze 6.7M BTC to Stop Quantum Theft?

What BIP-361 Actually Proposes

Published on April 14, 2026 by Jameson Lopp, Christian Papathanasiou, and four other contributors, BIP-361 lays out a three-phase migration plan to replace Bitcoin's current ECDSA and Schnorr signature schemes with quantum-resistant alternatives.

Phase A activates roughly three years after adoption (approximately 160,000 blocks). From that point, the network blocks any new funds from being sent to legacy, quantum-vulnerable addresses. Wallets must upgrade to post-quantum script types to receive bitcoin.

Phase B kicks in two years after Phase A. At a predetermined block height, nodes reject all transactions using ECDSA or Schnorr keys at the consensus level. Any bitcoin still sitting in vulnerable addresses becomes permanently frozen. No one can move those coins, not the rightful owner, and not a quantum attacker.

Phase C remains under research. It proposes a recovery path for frozen coins using zero-knowledge proofs linked to BIP-39 seed phrases. Owners who can prove they possess the original mnemonic could migrate their funds into quantum-safe outputs without revealing their private keys.

The catch: BIP-39 seed phrases were introduced in 2013. Coins created before that standard, including Satoshi's early mining rewards, cannot use Phase C recovery. Those coins would be frozen permanently.

Why the Quantum Clock Is Ticking

Three papers published between May 2025 and March 2026 have compressed the quantum threat timeline faster than most researchers expected.

Google's Quantum AI team published a paper in May 2025 showing that RSA-2048 could be broken with fewer than one million physical qubits, a 20x reduction from 2019 estimates. In February 2026, Iceberg Quantum demonstrated that a new architecture using QLDPC codes could push that number below 100,000 qubits.

Then in March 2026, Google dropped a follow-up paper targeting elliptic curve cryptography directly, the system that protects Bitcoin, Ethereum, and nearly every major cryptocurrency. The finding: fewer than 500,000 physical qubits could crack a 256-bit elliptic curve key in minutes, not days. The researchers estimated a 41% probability that a quantum computer could derive a private key before a Bitcoin transaction is confirmed.

As we covered in our earlier analysis of the quantum threat, ARK Invest reported that 34.6% of Bitcoin's supply, approximately 6.9 million BTC, sits in addresses where public keys have been exposed on-chain. These are the coins most at risk.

The BIP-361 authors frame the problem bluntly: "Quantum recovered coins only make everyone else's coins worth less. Think of it as a theft from everyone."

The Case for Freezing

Supporters of BIP-361 argue that voluntary migration alone cannot protect the network. Their reasoning centers on three points.

The coordination problem. Bitcoin has no central authority that can mandate wallet upgrades. If quantum computers become capable before enough holders migrate, attackers could drain billions in value from vulnerable addresses. The resulting sell pressure, similar to the dynamics that drive whale-driven market moves, could be catastrophic.

The fiduciary argument. Institutional holders, exchanges, and custodians face legal liability if quantum theft occurs on their watch. A clear, scheduled migration deadline gives them a defensible compliance framework. The proposal's activation uses BIP9 version bits with a 90% miner signaling threshold, requiring broad consensus before implementation.

The economic incentive. BIP-361 transforms quantum security into an individual economic decision rather than relying on collective coordination. Holders who migrate keep full control of their coins. Those who don't face a clear deadline. As larger post-quantum signatures increase block space demand, miners also benefit from higher fees.

The Case Against: Property Rights and Precedent

Critics have been equally forceful. The objections fall into several categories.

The precedent problem. Marty Bent and other prominent Bitcoiners argue that freezing coins based on address type sets a dangerous precedent. If consensus rules can invalidate addresses for security reasons today, governments could cite the same mechanism to justify freezing "sanctioned" or politically disfavored wallets tomorrow.

The "man in a coma" scenario. Anyone incapacitated, imprisoned, or simply unaware of the migration deadline loses their bitcoin permanently. This is not a bug in the proposal. It is the intended design, and critics say it violates Bitcoin's core promise of sovereign, permissionless control.

The philosophical split. Blockstream CEO Adam Back used Paris Blockchain Week in April 2026 to argue for optional, opt-in upgrades instead of a forced freeze. His position: "Preparation is much safer than hasty responses in a crisis." Back is betting that developers can coordinate quickly if the quantum threat accelerates. Lopp is betting they cannot.

Existing alternatives. Developers have already built quantum defense mechanisms, including SHRINCS and SHRIMPS signature schemes. Critics argue that the focus should be on creating new, voluntary quantum-safe address types rather than mandating migration through protocol-level coercion. Simple practices like stopping address reuse and implementing key rotation could also reduce the vulnerable supply significantly.

Charles Hoskinson, founder of Cardano, weighed in by arguing that Bitcoin's quantum fix would require a hard fork and cannot save Satoshi's coins regardless of the approach taken.

The Satoshi Question

The most emotionally charged aspect of BIP-361 is its implication for Bitcoin's earliest coins. An estimated one million BTC mined in Bitcoin's first years are widely attributed to Satoshi Nakamoto. These coins were created using Pay-to-Public-Key (P2PK) outputs, a format that directly exposes public keys on the blockchain.

Because P2PK predates BIP-39 seed phrases by several years, Phase C's zero-knowledge proof recovery mechanism cannot help. If BIP-361 activates and those coins do not move before Phase B, they become permanently unspendable.

For some, this is a feature. Removing over one million dormant BTC from circulation would reduce effective supply and could increase scarcity. For others, it represents an unprecedented violation of property rights within a system designed to make confiscation impossible.

A Third Path: BitMEX's Canary Proposal

Not everyone sees BIP-361 as the only option. BitMEX Research has proposed a "canary" or tripwire system as an alternative. Rather than preemptively freezing coins, this approach would create monitored bounty addresses containing small amounts of bitcoin in quantum-vulnerable formats. If those addresses are ever drained, the network would have an early warning that quantum attacks have become practical, triggering an emergency response.

This reactive approach avoids the property rights concerns of BIP-361 but assumes the community can coordinate a rapid response once an attack is detected, exactly the assumption Lopp's proposal is designed to avoid.

What This Means for Holders

Regardless of whether BIP-361 activates, the quantum threat timeline has compressed enough that holders should take practical steps now.

If you hold bitcoin in addresses where your public key has been exposed (any address you've ever sent a transaction from), consider moving those funds to a fresh address that has never been used for outgoing transactions. This simple step keeps your public key off the blockchain and buys time regardless of how the governance debate resolves.

For institutional holders, the proposal's five-year timeline provides a structured migration window. The BIP9 activation mechanism requires 90% miner signaling, meaning BIP-361 cannot activate without overwhelming consensus.

The debate itself signals something important: Bitcoin's developer community is taking the quantum threat seriously, even when the proposed solutions force uncomfortable tradeoffs between security and the network's foundational principles. For more on how Bitcoin's infrastructure is evolving amid these challenges, the broader building trend provides useful context.

Disclaimer: This article is for informational purposes only and does not constitute financial advice. Cryptocurrency investments carry significant risk. Always conduct your own research and consult with a qualified financial advisor before making investment decisions.