Update (April 15, 6:45 am UTC): This article has been updated to include comments from Jameson Lopp.
Cypherpunk Jameson Lopp and five co-authors in the Bitcoin quantum security space have proposed freezing quantum-vulnerable coins on the Bitcoin network to prevent theft if powerful quantum computers arrive. The draft, posted as BIP-361 and titled “Post Quantum Migration and Legacy Signature Sunset,” sketches the second part of a three-stage approach to shifting Bitcoin to post-quantum-safe signatures.
The proposal responds to a major risk: roughly 1.7 million BTC in early pay-to-public-key (P2PK) addresses — including coins attributed to Satoshi — could be vulnerable to quantum attacks. In the wrong hands, those coins could be spent and materially undermine confidence and value across the network.
Lopp told Cointelegraph that BIP-361 is not ready for adoption. “Rather, it’s a rough sketch of one way we could approach the issue of a looming circulating supply shock if quantum computing advances to the point that a post-quantum signature scheme achieves consensus for being added to Bitcoin.” He expects the proposal to evolve with further research and development.
How BIP-361 fits with prior work
BIP-361 builds on BIP-360 (released in February), which proposed a soft fork introducing a new output type called pay-to-Merkle-root (P2MR). P2MR resembles Taproot (P2TR) but removes the quantum-vulnerable key-path, protecting new outputs going forward. However, BIP-360 does not address the roughly 34% of Bitcoin supply still sitting in legacy, quantum-vulnerable addresses unless owners move funds.
The three-phase BIP-361 plan
– Phase A (three years after activation): Prevents new BTC from being sent to legacy, quantum-vulnerable address types, ensuring new coins use quantum-resistant addresses.
– Phase B (five years after activation): Invalidates legacy-style signatures; any Bitcoin left in vulnerable UTXOs would effectively be frozen and unspendable by the original keys.
– Phase C: Provides a possible rescue mechanism using zero-knowledge proofs to allow owners who still possess seed phrases to recover frozen funds.
The authors frame this as a “private incentive to upgrade”: coins frozen by inaction slightly increase the value of everyone else’s coins, while quantum-recovered coins would reduce value for all. They emphasize the proposal is defensive: “our thesis is that the Bitcoin ecosystem wishes to defend itself and its interests against those who would prefer to do nothing and allow a malicious actor to destroy both value and trust.”
Community reaction
The proposal has provoked pushback. Some see BIP-361 as a philosophical departure from Bitcoin’s norms by rendering existing UTXOs unspendable if owners don’t upgrade. Protocol developer Mark Erhardt shared the draft and received criticism calling the approach “authoritarian and confiscatory.” Bitcoin Magazine editor Brian Trollz rejected the proposal; TFTC founder Marty Bent called it “laughable,” and Phil Geiger quipped, “We have to steal people’s money to prevent their money from being stolen.”
The authors and supporters argue the measure addresses a systemic risk: without coordinated migration to quantum-resistant schemes, the emergence of a quantum-capable attacker could cause a sudden circulating supply shock and widespread harm. Opponents counter that forcing the upgrade or freezing legacy funds contradicts user sovereignty and may be unacceptable to the community.
Cointelegraph is committed to independent, transparent journalism. This article follows Cointelegraph’s Editorial Policy; readers are encouraged to verify information independently.