Final ultimatum! Quantum computers will trigger the biggest “ownership” crisis in $BTC history, and your coins could be “legally” emptied overnight?

Regarding the threat of quantum computing to $BTC, discussions often become confusing because people tend to conflate two entirely different issues.

The first is a technical problem: if quantum computing power is sufficient to crack $BTC’s signature algorithm, the protocol itself can respond—by introducing new addresses, establishing migration rules, implementing soft forks, phasing out old mechanisms, and rotating keys. This is indeed a real engineering challenge, but it’s only that.

The second is a legal issue: suppose someone uses a quantum computer to derive the private key of an old wallet and transfers all the tokens inside. What does that mean? Is it reclaiming abandoned property, or theft?

In April 2026, the BIP-361 proposal suggests freezing over 6.5 million $BTC stored in quantum-vulnerable UTXOs, which are estimated to include over 1 million coins associated with Satoshi Nakamoto. This is no longer an abstract discussion but a real struggle over ownership, confiscation, and what property truly means in a system that ultimately only recognizes “control.”

We are not discussing when a capable quantum computer might arrive. A more urgent question is: if it does arrive and someone begins using quantum-derived keys to transfer long-dormant $BTC, will the law see this as legitimate recovery or theft?

Classical property law gives a fairly straightforward answer: it’s theft. This answer may disappoint some $BTC enthusiasts because $BTC itself does not enforce “ownership” like courts do; it only enforces “control.” If you can produce a valid spending transaction, the network will accept it. But this highlights a key point: the more the network relies on control, the more it needs clear legal definitions of how to classify this underlying behavior. In this regard, law is not mysterious. Tokens do not become ownerless property just because they are old.

The real quantum risk is narrower than many imagine. Not all $BTC faces the same threat. Usually, an address only exposes its public key when the owner spends from it. Quantum attackers cannot simply look at any untouched address on the chain and directly extract the private key.

The true risk concentrates on a few types of outputs: early “pay to public key” (P2PK) outputs directly expose the full public key on-chain; some older script constructions are similar; Taproot (P2TR) outputs also directly submit a 32-byte output key instead of its hash; address reuse can also expose the public key after the user spends, if the remaining funds still use the same key material. These are the parts people refer to when talking about “exposed $BTC.”

The timeline for this threat has already been significantly compressed. On March 31, 2026, Google Quantum AI research showed that $BTC’s secp256k1 curve could be cracked with fewer than 500k physical qubits, reducing the previous estimate of about 9 million by 20 times. The same paper also directly simulated mempool attack vectors: during transaction confirmation, public keys are exposed within roughly 10 minutes before block confirmation, giving quantum attackers a window to derive the key before spending is confirmed.

Current hardware is still far from these thresholds: Google’s Willow chip has only 105 qubits, IBM’s Nighthawk has 120. But algorithmic optimization is outpacing hardware scaling. NIST’s post-quantum migration roadmap requires deprecating quantum-vulnerable algorithms from federal systems by 2030 and banning them entirely by 2035. While this federal timeline does not bind $BTC, it provides a benchmark for institutional holders and regulators to assess $BTC’s preparedness.

Many of these tokens are old. Some are surely lost; some belong to deceased owners; some are locked in paper wallets, forgotten backups, or unorganized estates. Others likely belong to still-living individuals who have no intention of using them. The last point is far more significant than the “lost tokens” narrative usually admits.

From an external perspective, dormancy almost says nothing. A wallet can be inactive for twelve years because the owner is deceased, the key is lost, extremely disciplined, paranoid, funds are locked in multi-party setups, or because Satoshi Nakamoto prefers to remain mysterious. Blockchain cannot tell you which explanation is true. This uncertainty is precisely why property law has never treated “silence” as a solvent for ownership.

Dormancy does not equal abandonment. The “whoever finds it owns it” argument bears little relation to actual property law. Ownership does not automatically vanish because property is idle. Ownership persists until transferred, voluntarily relinquished, extinguished by law, or replaced by some applicable principle. Mere passage of time is insufficient; mere inaction is insufficient; high value alone is insufficient.

If someone claims dormant $BTC as “fair game,” they usually invoke “abandonment.” But law is much stricter: abandonment generally requires both an intent to relinquish ownership and conduct that demonstrates that intent. The owner must genuinely intend to give it up and do something that shows this intent. Merely not moving assets for a long time is not enough, especially when the assets are clearly valuable.

This is not nitpicking; it is a core principle of property law. If mere inaction could destroy ownership, law would be an open invitation to plunder long-unclaimed property. This does not apply to land, houses, stocks, or heirlooms, nor does it apply to Bitcoin.

A simple extreme example: if someone deliberately sends tokens to a burn address with no known private key, that begins to resemble abandonment because there is both a clear act and a clear signal. But this example actually demonstrates the opposite of what a quantum plunderer would want—when someone truly intends to give up, that’s what giving up looks like. Most dormant wallets are not like that.

A more reasonable interpretation is simply: tokens are tokens. Some are lost; some are inaccessible; some are forgotten; some are sleeping. But none of these situations turn them into ownerless property.

Recent legislation has also begun to formally recognize this point. The UK’s “2025 Property (Digital Assets, etc.) Act,” enacted on December 2, 2025, explicitly establishes a third category of personal property that includes crypto tokens. In the US, over 30 states and the District of Columbia have adopted UCC Article 12, recognizing “controllable electronic records” as a separate legal category. Both systems do not treat dormancy as abandonment.

Death does not erase ownership. The next common argument shifts from abandonment to death: “Many early holders have surely died. Wouldn’t that change the analysis?” The answer is: it will not change it in the way plunderers hope.

Some early wallets will trigger a “Schrödinger’s heir” problem: when a plunderer claims the property is ownerless, they assert the owner is dead; but when inheritance burdens appear, they treat it as still existing in name only. Property law does not tolerate this superposition.

When someone dies, ownership does not vanish; it transfers. Property passes to heirs, beneficiaries, or, if none exist, to the state. Law does not shrug and declare it open season. Even if possession becomes chaotic, inconvenient, or impossible to exercise, law maintains the continuity of ownership.

The analogy with physical property is almost offensive: if someone dies owning a ranch, the first person to break the lock and enter does not become the new owner because of initiative or optimism. The estate handles inheritance; if there are no heirs, the state claims rights. Valuable property does not become ownerless just because the original owner is gone.

$BTC is no different in this regard. Lost keys do not transfer ownership; inaccessible assets are not transferred. A stranger deriving the private key later is not discovering a treasure trove of ownerless assets. They are simply gaining the practical ability to move property that still belongs to someone else (or their estate).

This conclusion is especially important for vulnerable tokens—Satoshi’s coins. Whether Satoshi is alive, deceased, or permanently offline does not change their legal status. These coins either belong to Satoshi or to Satoshi’s estate. They will not become the bounty for the first person to arrive with a quantum crowbar.

Property law cannot save this theory. Some believe dormant $BTC can be transferred under the doctrine of abandoned property. This confusion is understandable but overlooks how these laws actually operate.

Abandoned property law generally revolves around “holders.” Banks, brokers, exchanges, or other custodians owe property to owners. If the owner disappears long enough, the state intervenes, requiring the holder to report and transfer assets, but the owner still retains the right to reclaim them later. This principle is built around intermediaries.

This framework works well for exchange balances, custodial wallets, and assets held by corporations because the state can command them to surrender assets. But it does not work the same for self-custodied $BTC. In self-custodied UTXOs, there are no banks, no exchanges to “cover” for, no transfer agents waiting for instructions. No custodian to command. Only the network, the keys, and the ability (or inability) to produce valid transactions.

This means governments can often reach custodial crypto assets, but self-custodied $BTC presents a much harder boundary to cross. Law can say who owns it, sometimes who should surrender it, but cannot conjure private keys out of thin air. If a quantum attacker derives the private key, they may in practical terms gain “control” over the assets. But control is not ownership, and never has been. A thief who finds your safe’s combination also gains control, but he still stole what was inside.

Adverse possession does not apply, and rescue theories are even worse. Whenever someone tries to cloak quantum theft in legal language, they invoke two analogies: adverse possession and rescue. Both are fundamentally flawed.

Adverse possession was developed for land disputes, with conditions suited to real estate conflicts. Possession must be open and notorious so that true owners have a fair chance to notice and object. A quantum attacker moving tokens to a new address does not do this. Yes, the chain shows the transfer, but that is not meaningful notice in legal terms.

Its policy rationale also falls apart. Adverse possession helps resolve old land disputes, clarifies ownership, and rewards visible use of idle property. $BTC does not have these structural issues; the blockchain already records the chain of possession.

Rescue theories are even worse. They reward the party that “rescues” property from danger. Quantum plunderers are not rescuing property—they are exploiting danger. In many cases, they are the reason danger exists. Calling this “rescue” is like calling pirates “lifeguards.”

This is why BIP-361 is so important. It is the first serious proposal to address the problem at the consensus layer, rather than leaving it to courts and commentators to debate after the fact.

Broadly, the proposal will be implemented in phases. First, it will prohibit users from sending new $BTC to quantum-vulnerable address types, while still allowing existing funds to be moved to safer addresses. Later, signatures in old UTXOs will no longer be considered valid for spending. The practical effect is that any remaining funds that are not migrated will be frozen.

A further recovery mechanism is proposed using zero-knowledge proofs related to BIP-39 mnemonic phrases, but this part is still in an idealized, incomplete state. The key point is that the recovery path applies only to wallets generated from BIP-39 mnemonics. Earlier wallet formats (including those related to Satoshi) have no practical recovery route under the current proposal.

This limitation is not accidental; it means that, as currently designed, Phase C will protect the property rights of newer adopters while permanently eliminating the rights of early adopters. Essentially, it is a protocol-imposed statute of limitations, not legislation.

The appeal of this proposal is clear. If the network knows certain tokens are likely to become first-come, first-served spoils, it can refuse to endorse such plunder. Substantively, this is a defense of ownership against purely technical shortcuts. It treats quantum actors as thieves and refuses to let them claim the bounty.

But that is only half the story. The proposal also creates a second legal problem, even harder to avoid. Phase B not only prevents thieves from stealing but also disables the actual owners who fail or cannot migrate in time.

This is important because property law does not only ask whether a rule’s motivation is good; it also asks what it does to owners. Calling this “theft” is too imprecise. BIP-361 does not redistribute coins to developers, miners, or new claimants. It does not profit the freeze initiator like an ordinary thief.

But “not theft” does not mean the problem ends. A more accurate analogy is “adverse possession,” or at least something very close. If the rule is: an owner had valid spending rights yesterday, but not today—not because they transferred ownership, not because they abandoned the coins, and not because courts extinguished their rights—rather because the network decided these coins are too dangerous to spend—then what the network does is far more than “protect property rights”: it actively undermines some of those rights.

This is why freezing appears so awkward legally. Supporters may argue it’s a “lesser evil,” and they might be right. But a rule that permanently prevents owners from accessing their coins increasingly resembles outright theft, enforced through consensus.

The strongest opposition appears in the most difficult cases. Time-locked UTXOs are the clearest example. If a user deliberately creates a timelock that expires after the freeze date, that owner has not ignored the coins nor abandoned them. They have actively set them to be unspendable until a future date. Yet the protocol might still freeze them before that date arrives.

Older wallet constructions can produce similar issues. If the ultimate recovery path depends on BIP-39 mnemonic ownership, some early wallet formats may have no practical way back.

Estates create a similar tension. Owners may have died, but ownership has not vanished; it has transferred somewhere else. Freezing these tokens does not eliminate the underlying property claim; it only removes the network’s willingness to fulfill that claim.

Therefore, a more accurate description of Phase B is not an “anti-theft rule,” but a confiscatory defense mechanism. It may be reasonable, even necessary, but for at least some owners, it is effectively confiscation. The proposal is not just choosing between owners and thieves; in some cases, it pits one class of owners against another, with the less favored party’s loss serving as a cost of the protective system.

This does not mean that BIP-361 is outright illegal in any direct, court-enforceable sense. $BTC consensus changes are not state actions, so the analogy of “taxation” does not fully apply—unless a government intervenes directly. But as a private law reasoning analogy, confiscation is more compelling. Ownership may be rhetorically intact, but actual control is deliberately undermined.

This is the core symmetry of the quantum debate. Moving dormant tokens via quantum attack looks like theft; freezing vulnerable coins through a soft fork may be a lesser evil, but it is not without cost—material or moral. For some owners, especially those with timelock outputs, old wallet formats, or no practical migration path, this freezing begins to look more like confiscation than protection.

The legal answer is clear: $BTC will almost certainly be considered theft if someone derives the private key of a dormant wallet using quantum computing and transfers the coins.

But BIP-361 indicates that $BTC faces not a simple choice between “theft” and “perfect ownership protection,” but between “attackers stealing” and “protocol deprivation.” Freezing vulnerable coins may be a reasonable response to extreme threats, perhaps even the only response the network can accept.

However, we must honestly acknowledge: for some owners—especially those with timelock outputs, old wallet formats, or no practical migration path—this freezing begins to resemble confiscation rather than protection.

This is why this issue is far more than a simple moral debate. $BTC blurs the usual distinction in property law between “ownership” and “possession.” Courts can say the quantum attacker stole the tokens, or that protocol-level freezing effectively interferes with owners’ rights. But on-chain, only the rules most users adopt are recognized.

Therefore, the debate is not only whether $BTC should defend property rights during the quantum transition, but also which property rights $BTC is willing to sacrifice to defend others.