• BIP-361, co-authored by Casa CTO Jameson Lopp, proposes freezing Bitcoin in legacy addresses within 5 years of activation.
• Over 34% of all Bitcoin has an exposed public key onchain, with quantum attacks potentially viable by 2027-2030, per McKinsey.
• BIP-360 entered testnet via BTQ Technologies in early 2026, setting the foundation BIP-361 requires before its phased timeline begins.

The proposal is Bitcoin Improvement Proposal (BIP)-361, titled “Post Quantum Migration and Legacy Signature Sunset.” It was formally assigned on Feb. 11, 2026, and lists six co-authors, including Casa CTO Jameson Lopp. The draft is currently in informational status and requires no immediate action from anyone holding bitcoin.

The core concern is straightforward. Bitcoin’s existing cryptography relies on elliptic curve math. A quantum computer running Shor’s algorithm could, in theory, work backward from a public key to derive a private key. Addresses that have already broadcast a public key onchain are the most exposed. As of March 1, 2026, that category reportedly covers more than 34% of all bitcoin in circulation.

BIP-361 lays out a three-phase soft fork plan. Phase A would begin approximately three years after a companion quantum-resistant address proposal, likely BIP-360, is activated. During Phase A, wallets would be blocked from sending funds to legacy address types, pushing users toward newer quantum-safe formats. Phase B would kick in two years after that, rendering all legacy signatures invalid at the consensus layer. Coins that did not migrate would become frozen, and would be unable to move.

A third phase, still under research, would allow holders of frozen coins to prove ownership through a zero-knowledge proof tied to a BIP-39 seed phrase and recover their funds. In addition to Lopp, BIP-361 co-authors include Christian Papathanasiou, Ian Smith, Joe Ross, Steve Vaile, and Pierre-Luc Dallaire-Demers. Moreover, this is not the first time Lopp has floated this idea. In a blog post published in mid-March 2025, Lopp said burning vulnerable coins may be the least-worst option.

In the blog post, Lopp argues that allowing quantum computers to “recover” bitcoin from vulnerable addresses would effectively legitimize theft and concentrate wealth in the hands of a few technologically advanced actors, undermining Bitcoin’s core security model. He contends that a better outcome is to “burn” those vulnerable coins.

This would make them permanently unspendable in order to prevent large-scale economic disruption, protect user confidence, and preserve fairness across the network. While this approach may harm inattentive users who fail to upgrade, he sees it as the lesser of two evils compared to widespread redistribution and loss of trust. Ultimately, Lopp frames the issue as a game theory problem, concluding that incentivizing users to migrate to quantum-safe systems strengthens Bitcoin long term.

At the time, the post was controversial on the Reddit forum r/ cryptocurrency with the top comment saying, “ BTC ceases to be BTC if you fork it to mute wallets you think are a risk to your investment.” Others commented that people with vulnerable addresses should deal with the possibililty that a quantum attacker could take their coins. “Let them get hacked and crash the price for a month. We’ll buy the dip, just like last time there was an existential crisis,” the Redditor wrote.

The BIP-361 authors cite accelerating quantum hardware and algorithm improvements as the reason for urgency. McKinsey and academic road maps referenced in the proposal place a cryptographically relevant quantum computer as early as 2027 to 2030. Researchers also flag the possibility of a covert attack, where a quantum actor drains addresses quietly over weeks or months without triggering any onchain alerts.

The proposal would directly affect coins long attributed to Bitcoin’s pseudonymous creator, Satoshi Nakamoto. Early pay-to-public-key outputs, the format used in Bitcoin’s first year or two, have fully exposed public keys and would be covered under the freeze. Estimates place roughly 1.1 million BTC in those early addresses. The authors argue that leaving those coins spendable creates a future attack surface large enough to destabilize bitcoin‘s price and miner incentives simultaneously.

Critics of the plan see it differently. Freezing coins that a holder never chose to move touches the third rail of Bitcoin philosophy: the network does not change the rules on existing outputs. Supporters counter that waiting for a confirmed quantum breach before acting leaves no time to coordinate wallets, exchanges, miners and custodians, a process that has historically taken years even under favorable conditions. Others called it downright authoritarian.

“This quantum proposal is highly authoritarian and confiscatory, but of course, it’s from Lopp. There is no good rationale for forcing the upgrade and rendering old spends invalid. Upgrade should be 100% voluntary,” the X account Cato the Elder wrote. Another offered a dry aside, quipping, “We have to steal people’s money to prevent their money from being stolen.” The X post, sharing BIP-361, had a significant amount of negative comments against the proposal.

We enlisted Grok to analyze the X thread, aiming to gauge whether the overall sentiment leaned positive or negative. “The comments to this post are ~95% negative (overwhelmingly mostly negative),” Grok replied. “Out of the 74 total replies (and the large sample of top/high-engagement ones visible in the thread), virtually all express strong disapproval,” the artificial intelligence (AI) chatbot wrote.

Grok added:

“No replies show clear support or enthusiasm for the proposal. The sentiment is extremely one-sided against it.”

The proposal frames the freeze as defensive rather than punitive. Holders who migrate in time lose nothing. Those who do not lose access to funds they may no longer control anyway once quantum computing matures. The authors note that abandoned keys left frozen would reduce circulating supply, a dynamic Satoshi once described as a donation to the rest of the network.

BIP-360, which introduces the quantum-resistant address types that BIP-361 depends on, moved into testnet implementation through BTQ Technologies in early 2026. That progress gives the migration timeline a concrete starting point to build from.

No activation has occurred. Bitcoin Core and the broader developer community remain cautious. Alternative proposals in circulation include rate-limited spending from vulnerable outputs and voluntary migration paired with supply burns. A failed consensus process carries its own risk: a potential chain split.

The proposal asks a question Bitcoin has not had to answer before. How much rule-change is acceptable to prevent a cryptographic threat that may not become real for years, but whose damage, once it arrives, could not be undone?

免责声明：本文章仅代表作者个人观点，不代表本平台的立场和观点。本文章仅供信息分享，不构成对任何人的任何投资建议。用户与作者之间的任何争议，与本平台无关。如网页中刊载的文章或图片涉及侵权，请提供相关的权利证明和身份证明发送邮件到support@aicoin.com，本平台相关工作人员将会进行核查。