Security

Bitcoin's Quantum Reckoning: Freeze Satoshi's Coins or Risk Losing Them

Bitcoin's Quantum Reckoning: Freeze Satoshi's Coins or Risk Losing Them

A sweeping new Bitcoin Improvement Proposal would lock quantum-vulnerable wallets holding 1.7 million BTC — including Satoshi's $74 billion stash — sparking a fierce philosophical battle over security versus sovereignty.

Key Takeaways

  • BIP-361 proposes a three-phase migration that would ultimately freeze roughly 1.7 million BTC in quantum-vulnerable addresses, including Satoshi's holdings, if not moved within five years of activation — a timeline that will be fiercely contested. [1]
  • The proposal rests on the argument that a quantum attacker recovering those coins is a greater threat to Bitcoin's value and trust than the protocol taking defensive action — a consequentialist case that directly conflicts with Bitcoin's absolutist property rights ethos. [1]
  • Presidio Bitcoin's living research repository fills a genuine information gap, giving the broader community a structured way to track quantum hardware progress and evaluate migration options as the threat evolves. [2]
  • Community opposition has been immediate and vocal, suggesting that even if the quantum threat is real, the political path to implementing BIP-361 as written is extraordinarily narrow — expect significant revisions or alternative proposals to emerge. [1]
  • Bitcoin holders with coins in legacy P2PK addresses should treat the current period as an early-warning window: the debate over forced migration is just beginning, but the case for voluntary migration to quantum-resistant address types is already compelling regardless of how BIP-361 ultimately fares. [1][2]

Bitcoin Faces Its Most Consequential Security Debate Yet

For years, quantum computing has occupied a theoretical corner of Bitcoin's threat landscape — acknowledged, studied, but never urgent enough to force hard decisions. That era of comfortable ambiguity may be ending. Two separate but deeply connected developments are converging to make 2025 the year Bitcoin's community must genuinely wrestle with one of the most difficult trade-offs in the protocol's history: how do you protect a decentralized network from a civilizational-scale technological threat without betraying the very principles that make it worth protecting?

The answer, it turns out, depends entirely on who you ask — and the disagreement is as revealing as the threat itself.

The Facts

Cypherpunk and longtime Bitcoin developer Jameson Lopp, alongside five co-authors, has published BIP-361, a draft proposal on GitHub titled "Post Quantum Migration and Legacy Signature Sunset." [1] The proposal represents the second stage of a three-part framework designed to systematically harden Bitcoin against the eventual arrival of cryptographically capable quantum computers. Its core target: approximately 1.7 million BTC sitting in early Pay-to-Public-Key (P2PK) addresses — including coins widely attributed to Bitcoin's pseudonymous creator, Satoshi Nakamoto, currently valued at roughly $74 billion. [1]

BIP-361 builds directly on BIP-360, released in February, which proposed a soft fork introducing a new address type called Pay-to-Merkle-Root (P2MR). [1] Functioning similarly to Bitcoin's existing Taproot addresses but with the quantum-vulnerable key path stripped out, BIP-360 addresses new coins going forward. However, it does nothing for the estimated 34% of Bitcoin's supply that remains exposed in legacy addresses. [1] BIP-361 aims to close that gap through a structured, time-gated migration process with three distinct phases. Phase A, triggering three years after activation, would prohibit any new BTC from being deposited into old-style addresses. Phase B, five years after activation, would invalidate legacy signatures outright, effectively freezing any coins that had not been migrated. Phase C offers a potential lifeline — a zero-knowledge proof-based recovery mechanism for those who still possess their seed phrase but missed the migration window. [1]

The authors frame the proposal not as confiscation but as a collective defense mechanism, arguing that quantum-recovered coins flowing back into circulation would erode value and trust for every participant in the network. "This is not an offensive attack, rather, it is defensive," the proposal states, describing frozen legacy coins as a "private incentive to upgrade." [1]

Separately, Bay Area-based Presidio Bitcoin has released a comprehensive quantum readiness knowledge repository on GitHub, designed to serve as a living research hub tracking the full spectrum of quantum vulnerability issues. [2] The report covers the current state of quantum hardware development, the volume of exposed coins, post-quantum cryptographic schemes being evaluated for Bitcoin compatibility, and the various migration scenarios that could unfold under different conditions. [2] The initiative arrives amid criticism that Bitcoin developers have been insufficiently transparent about acknowledging and addressing quantum risks — a perception Presidio Bitcoin explicitly aims to counter. [2]

The community reaction to BIP-361 has been swift and, in many corners, sharply negative. Bitcoin Magazine editor Brian Trollz rejected the proposal outright, TFTC founder Marty Bent dismissed it as "laughable," and Metaplanet's Phil Geiger offered a pointed summary: "We have to steal people's money to prevent their money from being stolen." [1] The friction runs deeper than optics — it cuts to fundamental questions about property rights, protocol governance, and the limits of collective action in a system designed around individual sovereignty.

Analysis & Context

The tension at the heart of BIP-361 is not new to Bitcoin, but it has rarely been expressed so starkly. Bitcoin's history is punctuated by governance crises — the block size wars, the SegWit debates, the failed SegWit2x hard fork — each of which ultimately reaffirmed the community's deep resistance to changes that appear to compromise the protocol's foundational guarantees. The principle that no external authority can confiscate or invalidate your coins is not a minor feature of Bitcoin; for a significant portion of its users, it is the entire point. A proposal that freezes coins — even theoretically recoverable ones, even ones belonging to wallets that may no longer have living owners — runs directly into that identity.

And yet the quantum threat is not hypothetical in the way it once was. The trajectory of quantum hardware development, while still measured in years rather than months, is accelerating. Coins held in P2PK addresses expose their public keys on-chain, meaning a sufficiently powerful quantum computer could derive the corresponding private key without the attacker ever having had legitimate access. The uncomfortable reality is that if the Bitcoin community waits until a quantum computer capable of breaking elliptic curve cryptography actually exists, the window for orderly migration will have already closed. The Presidio Bitcoin research repository is valuable precisely because it forces that timeline into concrete focus — tracking hardware milestones, cryptographic scheme readiness, and migration logistics in one place, making the abstract feel measurable. [2]

The zero-knowledge proof rescue mechanism in Phase C of BIP-361 is worth particular attention as a design choice. [1] It represents an attempt to thread an extraordinarily fine needle: preserving the ability of legitimate owners to recover their coins while denying that same pathway to quantum attackers. Whether ZK proofs can actually deliver that guarantee in practice — and whether they can be implemented in a way the Bitcoin community trusts — will be one of the most technically scrutinized questions in the months ahead. The proposal's authors are not naive about the stakes, but skepticism about novel cryptographic mechanisms is healthy and appropriate in a protocol that secures hundreds of billions of dollars.

AI-Assisted Content

This article was created with AI assistance. All facts are sourced from verified news outlets.

Share Article

Related Articles