BIP-361 Ultimate Interpretation: Is the freezing of Satoshi's Bitcoin a security safeguard or an asset confiscation dispute

The Bitcoin community has never been short of fierce ideological battles. From the block size wars to the deployment of Segregated Witness, every major upgrade has been accompanied by profound philosophical disagreements. However, the proposal BIP-361, exposed in April 2026, pushed the intensity of the debate to an unprecedented level—because this time, the core issue is not technical parameters, but Bitcoin’s most fundamental principle: without the owner’s consent, does the network have the right to freeze a user’s assets?

On April 15, 2026, the Bitcoin Improvement Proposal BIP-361, drafted jointly by Casa CTO Jameson Lopp and five collaborators, was officially published as a draft on the official GitHub repository. The full name of the proposal is “Post-Quantum Migration and Deprecated Old Signatures,” advocating a gradual, approximately five-year timetable to encourage all Bitcoin holders to migrate their assets from quantum-vulnerable addresses to quantum-resistant addresses—assets not migrated by the deadline would be permanently frozen at the protocol level.

The next day, Adam Back, CEO of Blockstream, delivered a public speech at Paris Blockchain Week, explicitly opposing BIP-361’s mandatory freezing approach, and instead advocating for an optional quantum resistance upgrade plan. These two iconic figures in the Bitcoin space stood on opposite sides of the debate. This was not a routine code update discussion but an ultimate philosophical debate about Bitcoin governance, asset sovereignty, and security boundaries.

BIP-361 Proposal Officially Emerges

BIP-361 was officially assigned its number on February 11, 2026, and was released as a draft on April 15. The proposal was co-authored by Casa CTO Jameson Lopp and five other experts in Bitcoin quantum security. Its core goal is to counter the potential threat of future quantum computers to Bitcoin’s elliptic curve cryptography, by implementing a mandatory migration schedule that moves all network assets from vulnerable old addresses (primarily using ECDSA signatures) to quantum-resistant addresses. Assets not migrated by the deadline will be permanently frozen at the protocol level, unable to be transferred on-chain.

Lopp explicitly stated in an interview that he “does not like” this proposal and hopes it will never need to be adopted, describing it as “a rough emergency plan, not a final standard.” He wrote: “The reason I drafted it is because I dislike the alternative even more. When facing existential threats, individual economic incentives take precedence over philosophical principles.”

The technical foundation of BIP-361 inherits from BIP-360, registered in February of the same year, which introduced a quantum-resistant output type called Pay-to-Merkle-Root (P2MR), designed to protect newly issued Bitcoin from quantum attacks. However, BIP-360 only covers future assets; it cannot address the long-standing issue of existing UTXOs with exposed public keys—precisely what BIP-361 aims to resolve.

How Quantum Threats Are Accelerating

To understand why BIP-361 emerged at this moment, one must trace the rapid evolution of quantum threats over the past year.

Bitcoin’s security model relies on the computational infeasibility of elliptic curve digital signatures (ECDSA). Shor’s algorithm fundamentally overturns this premise at the mathematical level—it can reduce the complexity of solving discrete logarithms from exponential to polynomial, meaning that once quantum computers reach sufficient scale, cracking ECDSA will no longer be theoretical.

By late 2024, Google launched the Willow quantum chip with 105 physical qubits. Although this scale is still far from directly threatening Bitcoin’s encryption—estimates suggest about 13 million qubits are needed to decrypt Bitcoin within 24 hours—the error correction breakthroughs achieved by Willow, reducing quantum error rates exponentially, laid the groundwork for rapid iteration.

A true turning point occurred at the end of March 2026. An authoritative white paper published by Google’s Quantum AI team revealed that a sufficiently powerful quantum computer could theoretically crack Bitcoin’s underlying encryption with only one-twentieth of the resources previously estimated, completing the decryption in about 9 minutes. The white paper further compressed the required physical qubits to fewer than 500k—about one-twentieth of prior estimates. Based on this, Google set the deadline for quantum-safe migration to 2029.

Meanwhile, a parallel breakthrough was achieved by a research team at Caltech working on neutral atom quantum architectures. Their studies indicated that Shor’s algorithm could operate at cryptographically relevant scales with 10,000 to 22,000 qubits, drastically reducing the number of physical qubits needed from millions.

Key Timeline:

• Late 2024: Google launches Willow quantum chip (105 qubits), demonstrating breakthroughs in quantum error correction
• February 2026: BIP-360 officially registered, introducing P2MR quantum-resistant output type
• February 11, 2026: BIP-361 assigned its number
• End of March 2026: Google white paper reduces the estimated resources for cracking Bitcoin to one-twentieth, with a suggested migration deadline moved up to 2029
• April 15, 2026: BIP-361 published as a draft on GitHub
• April 16, 2026: Adam Back publicly opposes BIP-361, proposing an optional upgrade plan

The continuous compression of the quantum threat timeline provides the urgent background for BIP-361’s proposal. The Bitcoin community’s consensus shifted from “quantum threat is still far away” to a sense of “immediate action is necessary.” Yet, whether this sense of urgency is exaggerated or real remains a point of contention.

Mechanisms and Scale: The Three-Stage Implementation Framework of BIP-361 and Asset Impact

Three-Stage Implementation

BIP-361 adopts a deployment method based on BIP9 version bits, progressing through three phases:

Impact Scope of Assets

A joint report by ARK Invest and Unchained indicates that approximately 34.6% of Bitcoin supply (about 6.9 million BTC) faces long-term quantum attack risk due to exposed public keys on-chain. Among these, about 1.7 million BTC are locked in P2PK scripts, which are the most vulnerable—these addresses expose public keys directly in their original format.

Joshua Lim, co-head of markets at FalconX, analyzed on April 16, 2026, that roughly 1.7 million BTC (valued at about $127 billion at current prices) are exposed to quantum attack risk. This includes approximately 1.1 million BTC mined early by Satoshi Nakamoto, valued at around $74 billion.

Based on market data as of April 20, 2026:
Bitcoin price: $74,237.50
Circulating supply: 20.01 million BTC
Market cap: approximately $1.49 trillion
Estimated total value of the ~1.7 million BTC at risk: about $126.2 billion.

Lopp further pointed out that about 28% of Bitcoin (around 5.6 million BTC) have not moved in over ten years; analysts generally believe most of these are permanently lost. If quantum technology recovers these dormant assets, it could trigger significant market volatility.

The actual impact of BIP-361 will depend on the community consensus process. If adopted, the frozen assets could range between 1.7 million and 5.6 million BTC, depending on how many “permanently lost” dormant addresses are ultimately recognized. Satoshi’s approximately 1.1 million BTC, as the most prominent part, will be a focal point of both technical and political debates.

Pathways of Conflict: Lopp’s “Defense First” vs. Back’s “Sovereignty First”

The debate triggered by BIP-361 centers around two main figures—Jameson Lopp (proponent of the freezing approach) and Adam Back (advocate of the optional route). Their disagreement is not merely about technical details but reflects a fundamental difference in philosophy regarding Bitcoin governance.

Lopp’s Core Argument

Jameson Lopp, as Casa CTO and long-time Bitcoin security expert, summarizes his stance as “choosing the lesser of two harms.”

In interviews, Lopp explicitly states: “Right now, I think all of this is unnecessary,” emphasizing that he is “thinking adversarially about potential future threats.” He also notes, “It’s better to move lost or dormant coins out of the reach of attackers than to let them fall into the hands of entities that probably don’t care about the ecosystem.” On X (Twitter), he wrote: “Quantum miners make no transactions… they are leeching from the system.”

His reasoning can be summarized as:

• The timeline for quantum threats is accelerating; Google’s white paper has moved Q-Day’s suggested deadline to 2029
• About 1.7 million early Bitcoin (including Satoshi’s ~1.1 million) are in a state of “no active defense”—holders have lost private keys or cannot prove ownership
• If quantum attacks occur, these assets could fall directly into attackers’ hands, causing market crashes
• Instead of letting attackers profit and undermine the network, it’s better to permanently freeze these assets at the protocol level—“individual economic incentives take precedence over philosophical principles”

Back’s Core Argument

Adam Back, a Bitcoin early contributor and CEO of Blockstream, holds a contrasting view.

In his Paris Blockchain Week speech, Back explicitly opposed the mandatory freezing path of BIP-361, calling it “confiscation, not protection.” He advocates for an optional quantum resistance upgrade, emphasizing Bitcoin’s ability to respond quickly to critical vulnerabilities through coordinated community action. In an interview with Bloomberg, Back further stated that the quantum threat “is real but still decades away from becoming a practical security concern,” noting current quantum computing capabilities are limited, “lacking full error correction and only capable of trivial calculations.”

His position can be summarized as:

• The quantum threat is exaggerated; current quantum computers are still far from threatening Bitcoin’s encryption
• Bitcoin has historically demonstrated the ability to respond swiftly in crises, without pre-set mandatory timelines
• Upgrades should be 100% voluntary; forced freezing violates Bitcoin’s core promise as an uncensorable, decentralized currency
• Preparation is necessary, but should be achieved through gradual, optional upgrades rather than pre-emptive freezing mechanisms

Fundamental Divergence of the Two Paths

Chain Reaction: How the BIP-361 Debate Could Reshape Bitcoin Ecosystem

The proposal and the ensuing debate have already had profound impacts across multiple dimensions.

Market Hedging Sentiment Rises

Joshua Lim, co-head of markets at FalconX, analyzed on April 16, 2026, that quantum risks might first manifest in derivatives markets rather than on-chain. The recent options trading volume and long-term puts indicate investors are seeking hedges against extreme systemic events.

Lim estimates that about 1.7 million BTC are exposed to quantum attack risk. If a hard fork led by institutions occurs, it could trigger massive liquidations. He compared this to the 2017 fork, when Bitcoin’s market was mainly retail-driven, with a market cap of around $45 billion; now, with a market cap of about $1.5 trillion, the chain reaction could be far more intense.

Regardless of whether the proposal is adopted, it already signals that the Bitcoin community is taking quantum threats seriously, but with deep disagreements over solutions. This governance uncertainty itself constitutes a market risk, potentially influencing institutional investment decisions over the medium to long term.

Unprecedented Stress Test for Governance

The debate over BIP-361 essentially tests Bitcoin’s governance mechanism under an external threat of unprecedented scale. As a decentralized network, upgrading requires complex coordination among developers, miners, node operators, users, and capital holders.

This controversy exposes a long-ignored question: when external threats demand unified action, how effectively can Bitcoin’s decentralized governance achieve consensus? If quantum threats indeed approach around 2029–2030, will Bitcoin’s dispersed governance structure be capable of coordinated response within the window?

A Historic Challenge to the “Inviolability” Principle

This is the core issue of the BIP-361 controversy. Since inception, one of Bitcoin’s fundamental values has been “your keys, your coins”—no third party can move your assets without authorization.

If BIP-361 passes, it sets a precedent: under certain conditions, the network can upgrade to permanently freeze user assets. The significance of this precedent extends beyond quantum security; it could be seen as a compromise of Bitcoin’s core promise or as a necessary self-defense in the face of existential threats. Regardless of interpretation, this precedent will be permanently recorded in Bitcoin’s history.

Stakeholder Factions Diverge

Industry analysts note that the “freeze camp” mainly comprises financial institutions, custodians, and some investors—who find it unacceptable for over 1.7 million BTC to fall into potentially hostile hands, as they are entrusted with client funds. Conversely, the “no freeze” camp mainly consists of hardcore Bitcoin maximalists and some developers—who believe Satoshi Nakamoto’s fixed supply cap of 21 million must be preserved, and any human intervention is a fundamental betrayal.

Most custodians, exchanges, and asset managers are likely to favor the freeze option, given regulatory pressures and fiduciary responsibilities. This split between institutional and ideological factions could become one of the most difficult divides in future Bitcoin governance.

Conclusion

The proposal of BIP-361 marks Bitcoin’s formal entry into the “post-quantum era” governance discussion. The debate over “freeze or protect” touches on Bitcoin’s most fundamental philosophical question: when existential threats loom, should the network adhere strictly to inviolability, or accept some sacrifices to safeguard the whole?

Lopp’s choice is defense-first—actively freezing vulnerable assets before quantum attacks occur, even if it sets an unsettling precedent. Back’s choice is principle-first—insisting on voluntary upgrades and maintaining Bitcoin’s core promise as an uncensorable, decentralized currency, even if it entails unknown risks.

There is no absolute right or wrong between these options—only a value judgment. As Lopp states, it is indeed a “lesser of two harms” decision—and the community’s final answer will gradually emerge over the coming years.