New Bitcoin Proposal Would Freeze Coins to Counter Quantum Threat

In brief

• A new Bitcoin proposal aims to address the risk posed by quantum attacks.
• BIP-361 would disable Bitcoin's existing signature verification over a five-year window.
• Some observers call it a necessary defense, while others see it as confiscation. A new Bitcoin proposal would phase out the network's existing signature schemes and freeze coins that fail to migrate to quantum-resistant addresses. Dubbed the "Post Quantum Migration and Legacy Signature Sunset," the proposal would stop users from sending Bitcoin to older address types vulnerable to quantum attacks, and ultimately disable the cryptographic methods the network has relied on to verify transactions since its creation.

BIP 361: "Post Quantum Migration and Legacy Signature Sunset" has been published.

You can read it here: pic.twitter.com/iH63XIWi6k

— Murch (@murchandamus) April 14, 2026 Co-author Jameson Lopp and five other developers updated the proposal in Bitcoin's official improvement repository, published as BIP-361 on Tuesday. Quantum attacks are a theoretical method of using advanced computers to derive private keys from public keys exposed on a blockchain, giving an attacker control of a wallet without the owner's credentials. The moment when a quantum computer emerges with sufficient power to break the encryption used by Bitcoin is known as "Q-Day." BIP-361 lays out a three-phase timeline: blocking inflows to vulnerable addresses roughly three years after activation, freezing all legacy coins two years later, and leaving open a future recovery path through zero-knowledge proofs for holders who miss the deadline. Over 34% of all Bitcoin has exposed a public key on-chain, according to the proposal, leaving those funds vulnerable to theft by a sufficiently powerful quantum computer. No prior Bitcoin upgrade has rendered existing transactions invalid, making BIP-361 the first to force a choice between collective network defense and individual access to coins. BIP-361 remains in draft status with no activation timeline and depends on BIP-360, a separate quantum-resistant transaction framework still under review.

Security costs

Earlier in March, Google published a formal timeline to transition its infrastructure to post-quantum cryptography by 2029, calling the quantum frontier "closer than may appear." Bitcoin has historically treated a valid signature as “sufficient proof of control,” regardless of how old the coin or key is, Leo Fan, founder of decentralized compute network Cysic, told *Decrypt*. BIP-361 would change that by treating "timely migration as part of maintaining ownership.” The new proposal “shifts quantum risk from 'maybe I get robbed later' to 'if I miss the deadline, I may lose access by consensus,'" Fan said, adding that the proposal amounts to "making Bitcoin more interventionist" in order to prevent vulnerable coins from becoming "loot for the first entity with a working quantum computer." But not everyone agrees the tradeoff is warranted. Frederic Fosco, co-founder of Bitcoin metaprotocol OP\_NET, told *Decrypt* the proposal appears to turn Bitcoin's founding promise on its head. A protocol-enforced freeze "is confiscation, full stop," Fosco said, arguing the proposal rewrites "not your keys, not your coins" into "your keys, but we froze your coins anyway." "The second you cross that line, you've built a system that can freeze any coins for any reason deemed important enough by whoever controls the next soft fork," he said. "Today it's quantum. Tomorrow it's sanctions compliance." If adopted, BIP-361 would effectively mean that any coins still secured solely by ECDSA signatures, the default method Bitcoin uses to prove a transaction was authorized by the rightful owner, would be "forfeited," Chris Peikert, core researcher at cryptography firm Fhenix Research, told *Decrypt*. "For Bitcoin there is no option other than a protocol hard change/fork in order to stop funds from being withdrawn from accounts with exposed public ECDSA keys," Peikert noted. Still, a contested upgrade could also fracture the network. An unprotected chain's price “collapses the moment someone demonstrates a single quantum theft, because it proves every exposed address is now fair game," Enrico Rubboli, founder of layer-2 sidechain Mintlayer, told *Decrypt*. Bitcoin's decentralized governance is “a strength in normal times and a weakness when you're racing a clock," Rubboli said, adding that voluntary migration without a hard deadline "only works if you assume the threat arrives on a schedule. It won't.” In a tweet, Lopp conceded that, “I know folks don't like” BIP-361,” adding, “I don't like it myself. I wrote it because I like the alternative even less.”