Satoshi's Bitcoin Frozen Forever!?

What actually defines ownership in Bitcoin?

Most people would answer the same way: if you hold the private keys, the coins are yours. This assumption has held since day one. As long as a transaction follows the rules, the network accepts it. There is no expiry, no interpretation, and no external authority deciding otherwise.

But what if that stopped being true?

A proposal known as BIP 361 introduces a scenario where it might. Framed as a response to future quantum risk, it outlines a migration path to new cryptographic standards. What makes this different is the mechanism. Under BIP 361, coins secured by today’s signature schemes would need to be moved within a defined window. If they aren’t, they would eventually no longer be considered spendable by the network.

Not because the keys are incorrect, or the owner made a mistake, but because the rules themselves have changed. That’s a subtle shift, but a meaningful one. That kind of shift is rarely presented for what it truly is. It is almost always wrapped in the language of necessity, a sensible precaution against some future threat, or a responsible step to keep the system safe.

This proposal is no different. The quantum bogeyman makes for a convenient story, doesn’t it? “We’re just protecting Bitcoin”, they say, while quietly preparing to retire perfectly acceptable legacy signatures and freeze any coins that don’t keep up with the new rulebook.

Bitcoin has always enforced rules and allowed outcomes to follow from them. This proposal introduces the idea that some outcomes, even those that remain valid under the original rules, may no longer be acceptable.

And once that line is crossed, it is no longer a question of whether it can happen, only when it will be justified again.

‍

The Risk Being Addressed

The concern behind this discussion isn’t new.

Bitcoin’s security relies on cryptographic assumptions that have held for decades. Quantum computing introduces a theoretical path to breaking some of those assumptions, particularly around signature schemes. Coins with exposed public keys on-chain would be more directly affected, as their security depends on problems that quantum algorithms are designed to solve more efficiently.

It isn’t an immediate threat. No one is waking up tomorrow to find their sats vanishing because of a quantum computer. But it is also not something to wave away entirely. It sits in that awkward category of risks that are uncertain in timing, yet serious enough that ignoring them completely would be careless.

We have explored this in more detail previously.

• Will Quantum Computing Break Bitcoin delves into the basics, explains what a quantum attack would actually involve, which coins are exposed, and how realistic current timelines are.
• This Again: A Clearer Look at Quantum and Bitcoin revisits the topic in light of recent developments, including the latest Google research, and separates what has changed from what remains speculative.

The risk explains why this conversation exists. It doesn’t explain why one proposed “solution” is to eventually make some coins unspendable.

‍

What BIP 361 Actually Proposes

BIP-361 isn't some polite "let's all upgrade eventually" memo. It’s a countdown with consequences.

Published in mid-April 2026 by Jameson Lopp and five co-authors, the draft lays out a three-phase plan where once a post-quantum signature scheme is ready, the network will activate it via a soft fork.

In Phase A, roughly three years after the upgrade activates, the network would stop accepting new Bitcoin deposits being sent to the most vulnerable old addresses. These include the very earliest format called P2PK (Pay-to-Public-Key) from 2009, which locks coins directly to a full public key that is completely visible on the blockchain right away, and P2PKH (Pay-to-Public-Key-Hash), the classic "legacy" addresses that start with the number 1 and hide the public key until you spend the coins. You could still spend coins out of any current address during this so-called “grace” period.

Then comes Phase B, about five years after activation on a fixed date. At this point, all old-style signatures would be invalidated by the network rules. Any Bitcoin still sitting in unmigrated outputs, whether in those old P2PK and P2PKH addresses, or even in more modern formats like SegWit (addresses starting with bc1q, introduced in 2017 for better efficiency and lower fees) or Taproot (addresses starting with bc1p, the newest format from 2021 that offers improved privacy) would become permanently unspendable. The coins wouldn’t disappear or get burned; they would simply turn into untouchable entries on the blockchain.

Finally, there’s Phase C, the proposal’s shaky “rescue hatch”. It would rely on zero-knowledge proofs, a complicated cryptographic method that supposedly lets legitimate owners prove they control a wallet seed phrase without revealing it. In reality, this backup plan is still under research and it probably won’t work for the very oldest P2PK coins from before 2013, which include a huge portion of early-mined Bitcoin and coins often linked to Satoshi Nakamoto.

In plain English: The proposal says, "Move your coins to the new quantum-safe system in time, or the network will stop recognizing your old signatures".

Your private keys still exist.  But the rules of what the Bitcoin network considers a legitimate spend shift beneath your feet. Coins that miss the deadline don't disappear; they just become beautiful, inert ledger entries.

The justification? Roughly 30-34% of all BTC, estimates run from 5.6M to over 7M coins, sits in outputs where public keys are exposed on-chain. If sufficiently advanced quantum systems were developed, those keys could be used to derive private keys and take control of those coins.

The argument follows from that premise. If vulnerable coins could be stolen and sold, it is better to prevent that outcome in advance by removing the conditions that make those coins spendable in the first place

‍

The Line Bitcoin Has Never Crossed

Bitcoin has survived severe stress before. Sharp drawdowns, exchange failures, systemic shocks, you name it. Prices have fallen dramatically and recovered, and the network has continued to function because its rules didn’t change under pressure.

That distinction matters.

A large-scale quantum theft, if it ever occurred, would be disruptive. It would test confidence and likely trigger a violent market reaction. But Bitcoin has never been designed to eliminate volatility, and it has endured it repeatedly. What it has never done is invalidate coins that still satisfy its rules. BIP 361 moves in that direction.

It introduces a mechanism where certain coins can become unspendable because allowing them to remain spendable is considered too risky. The long-term concern isn’t the attack itself, but the precedent it establishes.

Once the system accepts that coins can be restricted based on address type or perceived vulnerability, the boundary is no longer purely technical. It becomes a matter of judgment, and that is where Bitcoin has always drawn the line.

This is exactly what separates Bitcoin from the rest of the crypto casino. In those systems, intervention isn’t an exception but part of the design.

A recent example illustrates this clearly. A few days ago, following an exploit, the Arbitrum Security Council froze over 30,000 ETH linked to the attacker and moved the funds into a controlled wallet, coordinating the action with external parties and executing it through governance. The stated goal was to protect users and maintain system integrity.

The logic is familiar. A targeted intervention, justified by circumstances, and implemented through authority. That’s the beauty of “cryptocurrencies”, they come with built-in hall monitors ready to freeze, seize, or “rescue” your tokens whenever the narrative demands it.

Bitcoin was designed to reject that model, not inherit it from fiat like the rest of crypto. Bitcoin doesn’t rely on councils, emergency powers, or polite governance decisions about which funds should or shouldn’t move. BIP 361 wants to introduce that capability at the protocol level. Today, the justification is quantum risk. Tomorrow, it becomes whatever is considered important enough to warrant the same intervention. Once that mechanism exists, it doesn’t remain limited to its initial purpose.

Bitcoin survives risk because its rules remain non-negotiable. Once you accept that coins can be invalidated for the “greater good”, the definition of that good becomes the real attack surface.

‍

Missing the Window

In November 2016, Narendra Modi announced that 500-rupee and 1,000-rupee banknotes would cease to be valid, effectively removing 86% of the country’s cash from circulation with a fixed deadline to exchange it.

With the stroke of a pen, the state rendered most of the nation’s money worthless. They graciously gave people roughly 50 days to exchange it. In a country where millions lived cash-first and hand-to-mouth, that window was a cruel joke.

Banks and ATMs were forcibly shut for days. When they reopened, chaos reigned. The government had printed only a pathetic fraction of the new notes needed. Worse, millions of ATMs had to be physically recalibrated for the new sizes and designs; a logistical nightmare that dragged on for weeks. Cash machines ran dry within hours, sometimes minutes. Supplies trickled in at a fraction of demand while desperate crowds drained whatever little appeared.

Long queues stretched for days. Branches ran out of notes. Daily wage workers lost income standing in line instead of earning. The elderly, the rural poor, and anyone outside the banking cartel often couldn’t reach the system in time, or even learn about the rules before the clock ran out.

Their money was not stolen by thieves in the night. Worse, it was deliberately nullified by government decree. At least a common thief admits what he is. The government calls it “policy,” wraps it in pious slogans about fighting black money, and pats itself on the back for “modernizing” the economy. In truth, it proved to be the bigger, more efficient thief: one that doesn’t need to sneak around in the dark. It simply redefines your money as worthless while you sleep.

That structure should feel sickeningly familiar. Consider a different setting. You set up your wallet years ago, secured your keys properly, and stepped away. Life takes over. You are not following protocol discussions or upgrade timelines.

Then something happens. You are ill, incapacitated, or simply focused elsewhere while the clock is running. By the time you return, the window has already closed.

Your private keys still work. Your signatures still verify mathematically. Your balance still sits untouched on the blockchain. Nothing looks broken… until you try to spend.

At that moment, the network rejects your transaction.

Bitcoin was built so that no government, no central bank, and no authority can freeze your money or render it inert by decree. BIP 361 proposes doing exactly that.

‍

This Isn’t the Only Path

The strongest argument in favor of this proposal isn’t that it is ideal, but that it is necessary. That assumption doesn’t hold.

The risk isn’t  evenly distributed across the network. A significant portion of the exposed supply is the result of address reuse and custodial practices that can already be improved today. That is an operational issue, not a limitation of the protocol itself.

Bitcoin already has a path forward that doesn’t require imposing a deadline on existing coins. New cryptographic standards can be introduced, wallets can adopt them over time, and users can migrate voluntarily as better options become available. This is how Bitcoin has evolved so far, and there is no reason that process cannot continue.

Work on post-quantum schemes is ongoing, and discussion across the ecosystem has accelerated in recent years. As discussed in our previous work linked above, the tools to respond to this class of risk are already being explored. They expand Bitcoin’s capabilities without redefining what ownership means.

‍

This Isn’t About Satoshi, It’s About You

Whether BIP 361 ever gets adopted or not is almost beside the point. Most Bitcoiners will push back on it, and for good reason. The proposal is unlikely to pass in its current form.

But the underlying issue doesn’t go away. Bitcoin isn’t static. The environment changes, new risks emerge, standards evolve. And when they do, the outcome depends on whether you are in a position to respond.

That is the real risk.

Not a theoretical quantum attack. Not a future proposal. But the gap between having custody and being able to act when it matters. Most people assume the job is done once their keys are secured. It isn’t.

Consider this, if something were to happen to you, would the people you trust know what to do? Would they recognise when action is required? Would they be able to move funds safely without exposing them to unnecessary risk?

Or would your setup, secure in isolation, fail under real conditions? This is where failures occur. Not because Bitcoin breaks, but because the setup around it does.

Exposure isn’t just about cryptography.  It’s about how your Bitcoin is set up in practice, how visible it is on-chain, how access is handled, and whether there is a clear path to act if conditions change.

That can be addressed. We work with clients to reduce unnecessary exposure, design robust self-custody setups, and ensure there is a clear, practical path to act when it matters. Not just for today, but across changing conditions.

If you are not certain your setup would hold, it is worth addressing that now. You can book a free 30-minute consultation with our advisors to review your setup and understand where you stand.