A top Bitcoin developer says he has created something the community has debated for years but never actually produced: a way to rescue ordinary wallets if the network is ever forced to defend itself against a quantum computer.
In the face of quantum adversary, a commonly discussed emergency soft fork for Bitcoin would be to disable the Taproot key spending path (effectively turning it into something resembling BIP-360).
assuming an existing preemptive soft fork to add a pq…
– Olaoluwa Osuntokun (@roasbeef) April 8, 2026
Olaoluwa “Roasbeef” Osuntokun, CTO of Lightning Labs, unveiled the working prototype in an April 8 post on the Bitcoin developers mailing list. The tool points to a specific and awkward flaw in Bitcoin’s long-term defense plan: a widely discussed “emergency brake” upgrade designed to protect the network from quantum attacks could also block millions of users from accessing their own funds. Osuntokun’s proposal is an escape route.
Bitcoin is based on a form of encryption that could theoretically be cracked by sufficiently powerful quantum computers. If that happens, public data already visible on the blockchain could become private keys, allowing attackers to seize funds.
A leading proposal, known as BIP-360, was merged into the Bitcoin Improvement Proposals repository in February as a draft. It would provide users with a new type of quantum-resistant wallet to migrate their funds ahead of any threat.
But migration takes time and not everyone will move in time. That’s why developers have also been discussing a more drastic backup: the “emergency brake.”
Today, every Bitcoin transaction is authorized by a digital signature, a piece of cryptographic math that proves that the sender owns the coins. Those signatures are exactly what a quantum computer could forge.
The emergency brake would shut down Bitcoin’s current network-wide signature system before an attacker could begin emptying wallets. Think of it as turning off the power to the locks when you realize the keys have been copied.
The problem is what happens to everyone who is still inside. Most modern wallets, especially the single-user Taproot wallets introduced in Bitcoin in 2021 and now common throughout the ecosystem, rely on that signature system and nothing else to authorize spending. If it goes out, those wallets will have no second way to prove ownership.
The coins they contained would remain stranded, untouchable even by their rightful owners. The same update designed to protect users could also permanently freeze them.
The Osuntokun prototype is designed to give these wallets a second way. Instead of proving ownership with a digital signature (the same mechanism that a quantum attack would break and emergency update would disable), their system allows the user to mathematically prove that they were the one who originally created the wallet, using the secret “seed” from which each Bitcoin wallet is generated.
Crucially, the test does not require revealing the seed itself, so using it to rescue a wallet does not compromise other derivatives of the same seed. In fact, replace “I can sign this transaction” with “I can prove that this wallet came from me.”
The prototype is now functional. Running on a high-end consumer MacBook, generating the test took approximately 55 seconds, while verification took less than two seconds. The resulting test file was about 1.7 MB, about the size of a high-resolution image. Osuntokun said the system was built as a side project and is not yet optimized.
There is currently no formal proposal to add it to the Bitcoin blockchain, nor an implementation timeline, and developers remain divided over how urgent the quantum threat really is.
Academic researchers note that many widely cited quantum “breakthroughs” are based on simplified test conditions, and large-scale attacks on the Bitcoin mining system would reach strict physical limits. But the risk to exposed wallets is considered so real that developers have been outlining defensive improvements for years.
The markets reflect that uncertainty. At Polymarket, traders currently assign approximately a 28% chance of BIP-360 being implemented by 2027.
But the prototype closes a gap that had persisted in theory: how to protect Bitcoin from a future threat without the collateral damage of locking users out of their wallets.
