bitcoin It was based on the promise that no one can touch your coins without your private key. No government, no bank, no one.
That promise is now, for the first time in Bitcoin’s 16-year history, being questioned by the developer community itself, as part of measures to build defenses against future quantum computers that could compromise the Bitcoin blockchain and steal its coins.
the proposal
Jameson Loop, one of bitcoin’s open contributors, and other cryptographers have proposed a measure that could force bitcoin holders to migrate their coins to new quantum-resistant addresses or face having them permanently frozen by the network itself. In that scenario, holders would technically still “own” the coins, but would lose the ability to move them.
It’s called Bitcoin Improvement Proposal (BIP)-361 and was updated on the official Bitcoin proposals repository on Tuesday with the title “Post Quantum Migration and Legacy Signature Sunset.”
This comes as a recently published Google report warned that a sufficiently powerful quantum machine could require significantly less firepower to compromise the Bitcoin blockchain than initially estimated. This led some observers to cite 2029 as the quantum deadline for bitcoin.
To understand the need to freeze coins, you need to know what it protects against.
Each Bitcoin wallet is protected by a form of cryptography called ECDSA, or elliptic curve digital signature algorithm. Think of it like a lock on your wallet. When you set up a wallet, two keys are generated: Private Key, which is a unique password used to prove that you own the coins you are spending. Then there is a public key derived from the private key. This public key helps receive funds, verify transaction signatures, and ensure security without revealing the owner’s private key.
Here’s the problem: your public key is revealed on the blockchain, permanently so anyone can see it when you send funds. A sufficiently powerful quantum machine can use it to reverse engineer your private key and drain your funds.
In March, the sum of all BTC in vulnerable addresses was approximately 6.7 million BTC, according to the Google study.
BIP-361 builds on the proposal submitted in February under BIP-360, which introduced a soft fork (a network upgrade) designed to enable a new type of transaction called payment to Merkle-root (P2MR). The approach borrows from Bitcoin’s Taproot (P2TR) framework, but removes the key-based spending path, removing an element widely considered to be exposed to potential quantum-age risks.
Three phases
The BIP 361 proposal structures the migration in three phases. Phase A begins three years after possible activation, preventing anyone from sending new bitcoins to old and vulnerable quantum addresses. You can still spend from these addresses, but you can’t receive anything.
Phase B, which will begin five years after activation, will leave old-style signatures (ECDSA and Schnorr) completely invalid, so the network will reject attempts to spend from vulnerable quantum wallets. In essence, your coins will be frozen.
Finally, Phase C is a ransom proposal, still under investigation, where the holder with frozen wallets could potentially prove ownership using a zero-knowledge proof, a way to prove knowledge of a secret without revealing the secret itself. If it works, the coins frozen by Phase B could be recovered.
Community reaction
The idea of freezing currencies as a defense against quantum threats runs directly counter to one of Bitcoin’s most fundamental promises: sovereign, permissionless control over funds.
At its core, Bitcoin is designed to ensure that whoever holds the private keys controls the coins, without exception. Introducing a mechanism that allows currencies to be frozen, even in extraordinary circumstances such as a quantum attack, means that this principle can be overturned.
The community, therefore, is not happy with the proposal.
“This quantum proposal is highly authoritarian and confiscatory, but of course it is Lopp’s. There is no good reason to force the upgrade and invalidate old spending. The upgrade should be 100% voluntary,” said one X user.
“This reeks of centralized planning with deadlines, behavioral coercion, and forced migration,” said another user.
The developers, however, called it a defensive measure.
“This is not an offensive attack, but a defensive one: our thesis is that the Bitcoin ecosystem wants to defend itself and its interests against those who would rather do nothing and allow a malicious actor to destroy both value and trust,” they said.
