BIP-361 Unveiled: Security Safeguard or Asset Seizure? The Debate Over Freezing Satoshi’s Bitcoins

The Bitcoin community has never been short on fierce debates over its direction. From the block size wars to the deployment of Segregated Witness, every major upgrade has brought deep philosophical divisions. However, the BIP-361 proposal, revealed in April 2026, has elevated the intensity of these debates to unprecedented levels—because this time, the core issue isn’t technical parameters, but Bitcoin’s foundational principle: Does the network have the authority to freeze users’ assets without their consent?

On April 15, 2026, Casa CTO Jameson Lopp, along with five collaborators, officially submitted the Bitcoin Improvement Proposal BIP-361 as a draft to the official GitHub repository. The proposal, titled "Post-Quantum Migration and Legacy Signature Deprecation," advocates for a roughly five-year phased timeline to push all Bitcoin holders to migrate assets from quantum-vulnerable addresses to quantum-resistant ones. Assets not migrated by the deadline would be permanently frozen at the protocol level.

The following day, Blockstream CEO Adam Back delivered a public speech at Paris Blockchain Week, explicitly opposing BIP-361’s forced asset freeze approach and instead promoting an optional quantum-resistant upgrade path. These two iconic figures in the Bitcoin space took opposing sides. This wasn’t just another code update discussion—it was the ultimate debate over Bitcoin’s governance philosophy, asset sovereignty, and security boundaries.

BIP-361 Proposal Officially Emerges

BIP-361 was assigned its number on February 11, 2026, and released as a draft on April 15. The proposal was co-authored by Casa CTO Jameson Lopp and five other experts in Bitcoin quantum security. Its core objective is to counter the potential threat posed by future quantum computers to Bitcoin’s elliptic curve cryptography. The method: a mandatory migration schedule that moves all assets from quantum-vulnerable legacy addresses (primarily using the ECDSA signature algorithm) to quantum-resistant addresses. Assets not migrated by the deadline would be permanently frozen at the protocol level, making any on-chain transfers impossible.

Lopp stated in interviews that he "doesn’t like" the proposal and hopes it will never be needed, describing it as "a rough contingency plan, not a final standard." He wrote, "I drafted it because I dislike the alternative even more. When facing existential threats, individual economic incentives take precedence over philosophical principles."

Technically, BIP-361 builds on BIP-360, which was officially registered in February of the same year. BIP-360 introduced Pay-to-Merkle-Root (P2MR), a quantum-resistant output type designed to protect new Bitcoin issuance from quantum attacks. However, BIP-360 only covers future assets; it offers no solution for the large volume of legacy assets whose public keys have already been exposed—precisely the historical issue BIP-361 aims to address.

How the Quantum Threat Is Accelerating

To understand why BIP-361 surfaced now, we need to look back at the rapid evolution of quantum threats over the past year.

Bitcoin’s security model relies on the computational infeasibility of the Elliptic Curve Digital Signature Algorithm (ECDSA). Shor’s algorithm fundamentally disrupts this premise—it reduces the complexity of solving discrete logarithm problems from exponential to polynomial, meaning that once quantum computers reach sufficient scale, breaking ECDSA will no longer be theoretical.

At the end of 2024, Google launched the Willow quantum chip with 105 physical qubits. While this is still far from threatening Bitcoin’s encryption—estimates suggest about 13 million qubits are needed to break Bitcoin encryption within 24 hours—Willow’s exponential reduction in quantum error rates paved the way for rapid future progress.

The real turning point came at the end of March 2026. Google’s Quantum AI team released a technical whitepaper showing that a sufficiently powerful quantum computer could theoretically break Bitcoin’s underlying encryption using only one-twentieth of the resources previously estimated. The entire process could take as little as nine minutes. The required physical qubits were further reduced to under 500,000, about one-twentieth of prior estimates. Based on this, Google moved the recommended deadline for quantum-safe migration forward to 2029.

Meanwhile, Caltech researchers achieved parallel breakthroughs on neutral atom quantum computing architectures. Their research showed Shor’s algorithm could run at cryptographically relevant scales with just 10,000 to 22,000 qubits, a dramatic reduction from millions.

Key Timeline:

• End of 2024: Google launches Willow quantum chip (105 qubits), demonstrating breakthroughs in quantum error correction
• February 2026: BIP-360 officially registered, introducing P2MR quantum-resistant output type
• February 11, 2026: BIP-361 assigned its official number
• End of March 2026: Google releases whitepaper, reducing required resources for breaking Bitcoin encryption to one-twentieth of previous estimates; Q-Day migration deadline moved up to 2029
• April 15, 2026: BIP-361 published as a draft on GitHub
• April 16, 2026: Adam Back publicly opposes BIP-361, proposes an optional upgrade path

The continually compressed quantum threat timeline provides the urgent backdrop for BIP-361. The Bitcoin community quickly shifted from consensus that "quantum threats are far off" to a crisis mentality of "we must act now." Whether this urgency is exaggerated or real is itself part of the controversy.

Mechanism and Scope: BIP-361’s Three-Phase Implementation Framework and Asset Impact

Three-Phase Implementation Mechanism

BIP-361 uses the BIP9 version bits deployment method, advancing in three stages:

Asset Impact Scale

A joint report from ARK Invest and Unchained shows that about 34.6% of Bitcoin’s supply (roughly 6.9 million BTC) faces long-term quantum attack risk due to on-chain public key exposure. About 1.7 million BTC are locked in P2PK scripts, making them the most vulnerable—these addresses expose public keys directly on-chain.

FalconX Co-Head of Markets Joshua Lim, in his April 16, 2026 analysis, noted that around 1.7 million BTC (valued at about $127 billion at current prices) are exposed to quantum attack risk. This includes roughly 1.1 million BTC mined early by Bitcoin creator Satoshi Nakamoto (worth about $74 billion).

Based on Gate market data as of April 20, 2026, the Bitcoin price was $74,237.5, with a circulating supply of 20.01M BTC and a market cap of about $1.49 trillion. By this estimate, the approximately 1.7 million BTC affected by BIP-361 are worth about $126.2 billion.

Lopp further pointed out that about 28% of Bitcoin (around 5.6 million BTC) hasn’t moved in over a decade, and analysts generally believe most of it is permanently lost. If quantum technology recovers these dormant assets, it could trigger extreme market volatility.

The actual impact of BIP-361 will depend on how community consensus forms. If the proposal passes, the scale of frozen assets could range from 1.7 million to 5.6 million BTC, depending on how many dormant addresses are ultimately deemed "permanently lost." Satoshi Nakamoto’s roughly 1.1 million BTC is both the technical focal point and the flashpoint for political and ideological debate.

Clash of Paths: Lopp’s "Defense First" vs. Back’s "Sovereignty Above All"

The debate sparked by BIP-361 centers on two figures—Jameson Lopp (proponent of the freeze path) and Adam Back (advocate of the optional path). Their disagreement isn’t over technical details, but fundamentally different views on Bitcoin governance philosophy.

Lopp’s Key Arguments

Jameson Lopp, Casa CTO and longtime Bitcoin security expert, frames his stance on BIP-361 as "choosing the lesser of two evils."

In interviews, Lopp stated, "Right now, I don’t think any of this is necessary," emphasizing he’s "thinking adversarially about future threats." He also said, "I’d rather see lost or dormant coins moved out of attackers’ reach than let them fall into the hands of entities that likely don’t care about the ecosystem." On X, he wrote, "Quantum miners don’t make any transactions…they’re siphoning from the system."

Lopp’s logic can be summarized as:

• The quantum threat timeline is accelerating, with Google’s whitepaper moving the Q-Day migration deadline up to 2029
• About 1.7 million early BTC (including Satoshi’s 1.1 million) are in a "no active defense" state—holders have either lost their keys or can’t prove ownership
• If we wait for a quantum attack, these assets will fall directly into attackers’ hands, causing a market crash
• Rather than let attackers profit and damage the network, it’s better to permanently freeze these assets at the protocol level—"individual economic incentives take precedence over philosophical principles"

Back’s Key Arguments

Adam Back, early Bitcoin contributor and Blockstream CEO, represents a fundamentally different path.

In his Paris Blockchain Week speech, Back explicitly opposed BIP-361’s forced freeze, saying "this is confiscation, not protection." He advocated for an optional quantum-resistant upgrade, emphasizing that the Bitcoin community can quickly coordinate responses to critical vulnerabilities. In a Bloomberg interview, Back said the quantum threat "is real, but decades away from being a practical network security risk," noting that current quantum computers lack full error correction and "can only perform trivial computations."

Back’s position can be summarized as:

• The quantum threat is exaggerated; current quantum computers are far from threatening Bitcoin encryption
• Bitcoin has historically proven its ability to respond quickly in crises, so there’s no need for a forced timeline
• Upgrades should be 100% voluntary; forced freezes violate Bitcoin’s core promise as a censorship-resistant, decentralized currency
• Preparation is necessary, but should be gradual and optional, not pre-set with freeze mechanisms

Fundamental Differences Between the Two Paths

Ripple Effects: How the BIP-361 Debate Is Reshaping Bitcoin’s Ecosystem

BIP-361 and its debate have already had profound impacts on several aspects of the Bitcoin ecosystem.

Market Risk Aversion Is Rising

FalconX’s Joshua Lim noted on April 16, 2026, that quantum risk may first erupt in derivatives markets rather than on-chain. Recent options trades and long-dated put preferences show investors are hedging against extreme systemic events.

Lim estimated that 1.7 million BTC are exposed to quantum attack risk. If an institution-led hard fork occurs, it could trigger mass liquidations. He compared this to the 2017 fork, when Bitcoin was mostly retail-driven with a $45 billion market cap; today’s $1.5 trillion market would see far more dramatic ripple effects.

Regardless of whether BIP-361 is implemented, the proposal itself has sent a clear signal—Bitcoin’s community is taking quantum threats seriously, but there are deep divisions over solutions. This governance uncertainty is itself a market risk, likely to affect institutional allocation decisions in the medium to long term.

Governance Model Faces Unprecedented Stress Test

The BIP-361 debate is essentially a stress test for Bitcoin’s governance mechanism in the face of unprecedented external threats. As a decentralized network, Bitcoin’s upgrade decisions require complex coordination among developers, miners, node operators, users, and capital holders.

This debate exposes a long-ignored issue in Bitcoin governance—when external threats demand unified action, how can Bitcoin, lacking a central decision-making body, efficiently reach consensus? If quantum threats truly approach in 2029–2030, will Bitcoin’s decentralized governance structure be able to coordinate in time?

The "Non-Interference" Principle Faces a Historic Challenge

This is the core dimension of the BIP-361 controversy. Since its inception, one of Bitcoin’s fundamental value propositions has been "your keys, your coins"—no third party can access your assets without authorization.

If BIP-361 passes, it will set a precedent: under certain conditions, the network can permanently freeze users’ assets via protocol upgrade. This precedent goes far beyond quantum safety—it could be seen as a compromise of Bitcoin’s core promise, or as necessary self-protection in the face of existential threats. Regardless of interpretation, this precedent will be permanently recorded in Bitcoin’s history.

Stakeholder Camps Are Splitting

Industry analysts point out that the pro-freeze camp mainly consists of financial institutions, custodians, and some investors—for them, allowing over 1.7 million BTC to fall into potentially hostile hands is unacceptable, as they are fiduciaries of client funds. The anti-freeze camp is mostly hardcore Bitcoin maximalists and some developers—they believe Satoshi set a fixed 21 million supply cap, and any intervention in monetary supply is a fundamental betrayal of Bitcoin.

Most custodians, exchanges, and asset management firms are expected to favor the freeze plan, as regulatory pressure and fiduciary responsibility push them to eliminate quantum risk exposure. This divide between institutions and ideological purists may become the hardest axis to reconcile in future Bitcoin governance.

Conclusion

The BIP-361 proposal marks Bitcoin’s entry into the era of "post-quantum governance." The debate over "freeze or protect" touches on Bitcoin’s deepest philosophical question: When existential threats arise, should the network uphold the absolute principle of non-interference, or sacrifice some principles to protect the whole?

Jameson Lopp’s choice is defense first—proactively freezing vulnerable assets before quantum attacks occur, even if it sets an unsettling precedent. Adam Back’s choice is principle first—insisting on voluntary upgrades and maintaining Bitcoin’s core promise as a censorship-resistant system, even if it means accepting unknown risks.

There’s no absolute right or wrong between these choices—only a balance of values. As Lopp said, this is truly a "choosing the lesser of two evils" situation. The Bitcoin community’s final answer will gradually emerge in the coming years.