Bitcoin developers and researchers have introduced a draft proposal, BIP‑361, that would eventually freeze coins held in quantum‑vulnerable addresses unless their owners move them. The idea builds on BIP‑360, which adds new quantum‑resistant address types so users can migrate before any freeze happens.
Researchers behind the proposal say the goal is to protect coins secured by legacy ECDSA and Schnorr signatures from future quantum computers that could crack exposed public keys. They estimate that around 6.5 million BTC, including early “Satoshi‑era” holdings worth roughly $74 billion, sit in addresses considered quantum‑vulnerable.
The authors, including Jameson Lopp and other Bitcoin security specialists, argue that this approach is “radically different” from past upgrades because it touches existing coins, but they say the quantum threat is equally unlike any other risk Bitcoin has faced.
How BIP‑361 Would Phase Out Old Addresses
BIP‑361 outlines a three‑step timeline that only starts after a quantum‑resistant output, such as the one in BIP‑360, is live on Bitcoin. First, three years after activation, Phase A would ban sending new BTC to old‑style, quantum‑vulnerable addresses, especially early pay‑to‑public‑key formats and any outputs with exposed public keys. That rule would push users and services toward new post‑quantum address types, such as P2QRH.
Then, two years later, Phase B would invalidate legacy signatures at the consensus level, which means any coins that remain in quantum‑vulnerable addresses at that point become permanently frozen UTXOs. Nodes could no longer allow anyone to move those funds using the old cryptography, even if the private keys still worked mathematically.
Lastly, Phase C is an optional recovery path that allows owners of frozen coins to liberate funds into new, quantum-safe outputs without disclosing their seed by using zero-knowledge proofs linked to their BIP-39 seed phrases. Developers treat this final step as a decision to be made later because it may require a separate soft fork or hard fork.
Today, no known quantum computer can break Bitcoin’s signatures, but the security community says the countdown has started. A recent Google‑led study showed that advances in quantum circuits have sharply reduced the resources needed to attack ECDSA‑256, and it modeled a future machine that could derive a private key from a public key within roughly one block interval. Other research from Ark Invest and Unchained calls the threat “real but not immediate,” yet still urges early planning.
READ MORE: RAVE Price Goes Parabolic as RaveDAO Team Delivers Stark Warning
