The Problem Nobody Wants to Face
Imagine waking up one day to find that Satoshi Nakamoto's Bitcoin — over one million coins worth roughly $74 billion — had been moved. Not by Satoshi. By a quantum computer. That scenario is no longer science fiction, and it's exactly the risk that pushed Jameson Lopp, CTO of Casa and one of Bitcoin's most respected developers, to publish BIP-361 on April 15, 2026.
Formally titled "Post Quantum Migration and Legacy Signature Sunset," the proposal has ignited one of the sharpest debates the Bitcoin community has seen in years — one that cuts to the heart of what Bitcoin actually is.
BIP 361: "Post Quantum Migration and Legacy Signature Sunset" has been published.
— Murch (@murchandamus) April 14, 2026
You can read it here: https://t.co/JIuMbitQQj pic.twitter.com/iH63XIWi6k
What BIP-361 Actually Proposes
The proposal's core logic is blunt: Bitcoin "legacy" addresses — those that have already exposed their public key on-chain — are vulnerable to a future quantum attack. As of March 1, 2026, according to data cited in the document, more than 34% of all circulating Bitcoin sits in these addresses. That's approximately 5.6 million BTC, dormant for over a decade, with a combined value exceeding $420 billion.
BIP-361 lays out three phases:
- Phase A — Roughly three years after activation, the network stops accepting new transactions to vulnerable addresses, forcing migration to quantum-resistant formats.
- Phase B — Two years later, legacy ECDSA and Schnorr signatures are invalidated. Unmigrated coins are frozen permanently.
- Phase C — Optional and still under research: holders of frozen coins could recover them via zero-knowledge proofs tied to their BIP-39 seed phrase.
Satoshi's coins — estimated at over one million BTC sitting in early P2PK addresses — fall squarely in the vulnerable category. Under BIP-361, they would be frozen unless moved first.
Adam Back Pushes Back at Paris Blockchain Week
The day after BIP-361 was published, Adam Back — CEO of Blockstream and the inventor of Hashcash, the proof-of-work system Bitcoin's mining is built on — spoke at the Paris Blockchain Week with a starkly different view. Back argued that quantum computers remain "laboratory experiments" and that progress over the past two decades has been incremental, not exponential.
His preferred approach: build optional, non-coercive upgrades. Let users migrate voluntarily to quantum-resistant addresses, without imposing deadlines or freezing anyone's funds.
"Preparation is key. Making changes in a controlled way is much safer than reacting in a crisis."
— Adam Back, Paris Blockchain Week, April 16, 2026
BitMEX Research added a third option to the table: a "canary fund" mechanism — a special Bitcoin address to which anyone can contribute as a bounty. If that address were ever spent, proving a quantum computer had broken the cryptography, an automatic freeze would kick in. No arbitrary deadlines. Just a real response to a real threat when it actually materializes.
→ Read also: Q-Day and Bitcoin: The Quantum Computing Threat
The Community Fractures
The reaction was immediate and fierce. Mark Erhardt, a Bitcoin Core developer, called the proposal "authoritarian and confiscatory." Marty Bent, founder of TFTC, dismissed it as "ridiculous." Phil Geiger, head of BD at Metaplanet, put it more pointedly: "We need to steal people's money to prevent it from being stolen."
Lopp didn't back down:
"I know people don't like it. I don't like it either. I wrote it because I like the alternative even less."
— Jameson Lopp, CoinDesk interview, April 15, 2026
The urgency behind BIP-361 isn't manufactured. In March 2026, Google Quantum AI published research dramatically lowering estimates of the qubit count needed to break ECDSA encryption: between 1,200 and 1,450 logical qubits. Caltech and Oratomic separately demonstrated that Shor's algorithm can be executed at cryptographically relevant scale with approximately 10,000 qubits. McKinsey places the concrete risk window between 2027 and 2030.
→ Protect your assets today: Ledger Wallet Guide | Trezor Wallet Guide
Satoshi Nakamoto: The Mysterious Genius Behind Bitcoin
A Philosophical Question as Much as a Technical One
BIP-361 forces a question that Bitcoin has never had to answer before: can a protocol built on absolute holder sovereignty accept that network consensus might override someone's private key? For US and UK investors, the parallel is uncomfortable — it resembles, at least superficially, the kind of asset freeze that crypto was built to make impossible.
The proposal remains a draft. No activation date. No consensus. But six co-authors, concrete on-chain data, and a tightening research timeline make clear that Q-Day is no longer a question to defer. Whether BIP-361 is the right answer or not, the conversation it has forced is overdue.
