Bitcoin Quantum Defense: Why BIP-361 Could Freeze Millions of Coins

Editorial digest April 15, 2026
Last updated : 10:01

The Threat Isn't Hypothetical Anymore

The framing has shifted. For years, quantum computing's threat to Bitcoin's cryptographic foundations was discussed in the same breath as asteroid strikes — theoretically real, practically irrelevant to anything happening now. That comfortable distance is collapsing.

A proposal has been formally updated on Bitcoin's official repository: BIP-361, which calls for the network to identify and freeze coins held in quantum-vulnerable addresses. The authors are not alarmists. They are developers working inside Bitcoin's most conservative institution — its BIP (Bitcoin Improvement Proposal) process — and they are arguing that the time to act is before a cryptographically capable quantum computer exists, not after.

This is where the analysis gets genuinely uncomfortable. Because the proposed cure involves a power that Bitcoin was explicitly designed to make impossible: the network collectively deciding that certain coins can no longer be spent.

What Makes a Coin Quantum-Vulnerable?

To understand what's at stake, a brief technical detour is necessary.

Bitcoin's security rests on two cryptographic primitives: SHA-256 (used in mining) and the Elliptic Curve Digital Signature Algorithm, specifically secp256k1 (used to sign transactions). ECDSA is the layer that proves you own a private key without revealing it. A sufficiently powerful quantum computer running Shor's algorithm could, in principle, derive a private key from a public key — breaking this proof entirely.

The critical distinction is between exposed and unexposed public keys. In Bitcoin, your public key is only revealed to the network when you spend from an address. Coins sitting in an address that has never sent a transaction have not exposed their public key — they're protected by an additional hash layer (the address itself). Coins in addresses that have previously sent transactions, however, have exposed their public key. These are the quantum-vulnerable coins.

This distinction creates an actionable taxonomy. The network can identify which addresses have exposed public keys. BIP-361's authors are proposing to use that information to enforce a migration deadline — after which transactions from vulnerable addresses would be rejected.

The "Private Incentive" That Should Alarm You

Here is where the proposal reveals its most provocative layer. BIP-361's authors describe the freeze mechanism as, in their own framing, a "private incentive to upgrade" — because coins that are permanently frozen will make every remaining circulating coin worth slightly more. Scarcity increases. The living benefit from the frozen.

This is not a moral argument. It is a market mechanism dressed in the language of network health. And it is worth sitting with that framing carefully, because it normalizes something Bitcoin has never done: using collective protocol action to render specific UTXOs permanently unspendable based on a criterion their owners may not even be aware of.

The authors' logic is internally coherent. If quantum computers eventually allow bad actors to drain vulnerable wallets at scale, the damage to Bitcoin's credibility — and its price — would dwarf the disruption of a coordinated freeze. From a game-theory standpoint, preemptive action protects the majority of holders at the cost of forcing the minority to act or lose their funds.

But calling this a "private incentive" obscures what it actually is: a property rights decision made by network consensus over individual wallets. That is a precedent with implications that extend well beyond quantum computing.

The Governance Paradox at Bitcoin's Core

Bitcoin's foundational promise — the one that distinguishes it from every other financial asset — is that no authority can prevent you from spending your coins. Not governments, not banks, not developers. The rules are fixed; code is law; ownership is absolute.

BIP-361 does not formally break this promise, because it must go through Bitcoin's upgrade process: rough consensus among developers, miner adoption, node operator buy-in. No single entity can push it through. But this is precisely the governance paradox it exposes.

If the network can coordinate to freeze coins based on technical criteria, then the "no one can touch your coins" guarantee is revealed to be contingent — contingent on the network never deciding it has sufficient reason to make an exception. Quantum vulnerability is a compelling reason. Future reasons might be less compelling. The precedent, once set, does not stay neatly contained.

This is not a slippery-slope fallacy. It is an observation about how institutional constraints work. Once Bitcoin's community demonstrates willingness to enforce transaction restrictions based on address type, the debate in every subsequent governance dispute shifts from "can we do this?" to "should we do this?" That is a meaningful shift.

The Satoshi Problem Nobody Wants to Name

Any serious analysis of BIP-361 must address the elephant in the room: Satoshi Nakamoto's coins.

The roughly one million Bitcoin that on-chain analysis commonly attributes to the network's creator — mined in the earliest days using known-exposed addresses — have never moved. By the criteria BIP-361 would enforce, a significant portion of these coins are quantum-vulnerable. Their public keys are, in some cases, derivable from early mining patterns.

If BIP-361 is adopted with a migration deadline and Satoshi's coins are not moved — either because Satoshi is dead, because the private keys are genuinely lost, or because Satoshi chooses not to act — those coins would be frozen. Permanently removed from circulating supply.

On one reading, this is economically favorable: roughly 4.7% of total supply removed from circulation. On another reading, it forces Bitcoin to make an explicit decision about its most historically significant holder — one whose identity remains unknown and whose intentions for those coins remain unspoken.

No other asset in history has faced a governance question quite like this.

What the Timeline Actually Looks Like

It is worth being precise about what "quantum threat" means operationally, because much of the public discourse conflates different risk horizons.

Current quantum computers — including the most capable systems from IBM, Google, and others — cannot break ECDSA at Bitcoin's key length. The scientific consensus holds that a cryptographically relevant quantum computer would require millions of error-corrected physical qubits, an engineering challenge that remains years away at minimum. BIP-361's authors are not responding to an imminent threat. They are responding to the observation that Bitcoin's upgrade process is slow, that quantum hardware development is accelerating, and that the window between "quantum computers exist" and "quantum computers can drain wallets" may be shorter than the time required to safely coordinate a network-wide migration.

This is the correct frame. Bitcoin's conservatism is a feature, not a bug — but it means that changes requiring broad consensus must be planned years in advance. If the community waits until quantum hardware crosses the relevant threshold, migration would need to happen under crisis conditions, with exchanges, custodians, long-term holders, and lost-key addresses all simultaneously at risk.

The argument for acting early is pragmatic. The disagreement is about what "acting early" should look like, and specifically whether a freeze is the right instrument or whether softer measures — deprecating vulnerable address types, adding quantum-resistant signature schemes — could achieve the same result without coercive mechanics.

The Broader Moment This Lands In

BIP-361 does not arrive in a vacuum. Bitcoin is currently trading above $74,000 as geopolitical volatility — specifically, the Iran conflict that briefly rattled markets before optimism around US-Iran talks stabilized risk sentiment — is drawing attention to Bitcoin's potential role as a non-sovereign store of value. Bitwise's analysis, cited this week, suggests Bitcoin's addressable market could exceed gold's if it continues to absorb macro uncertainty flows.

Against this backdrop, a serious governance debate about quantum vulnerability is well-timed but also high-stakes. Institutional adoption of Bitcoin rests on specific guarantees: fixed supply, property rights, censorship resistance. BIP-361, if adopted, modifies two of those three — the effective supply calculation and the absoluteness of property rights — for reasons that are technically defensible but philosophically significant.

The institutional holders who have driven ETF inflows — spot ETFs posted $471 million in single-day inflows last week, according to available data — are not buying Bitcoin because of its cryptographic elegance. They are buying it because of its narrative as a neutral, rule-fixed asset. Anything that complicates that narrative deserves scrutiny well before it reaches activation.

Editorial Position: Engage Now, Not Later

BIP-361 is a proposal, not a policy. It will go through extensive review, debate, and revision before anything resembling activation. That process is working as designed.

But the instinct to defer this conversation — to treat quantum computing as a future-engineers problem — is strategically wrong. The governance questions exposed by BIP-361 are not technical edge cases. They are foundational: What can the network decide to do to individual coins? Who bears the cost of infrastructure upgrades? What happens to lost or inaccessible wallets under a freeze?

These questions deserve rigorous, adversarial public debate now, while there is no crisis forcing a hasty answer. The worst version of this story is one where a quantum-capable computer appears, Bitcoin's community scrambles to adopt a freeze mechanism under panic conditions, and the resulting governance process lacks the legitimacy that careful deliberation would have provided.

Bitcoin has survived existential governance crises before — the block size wars produced lasting institutional trauma and a lasting fork. The quantum debate, handled poorly, could be worse. Handled well, it could become the moment Bitcoin's community demonstrates that a decentralized network can make hard, proactive decisions about its own architecture without fracturing.

That outcome is possible. It is not yet likely. And the gap between those two states is where BIP-361 currently lives.