TL;DR
- BIP-361 leaves 1.7 million Bitcoin vulnerable to quantum theft.
- Hoskinson warns pre-2013 coins, including Satoshi’s, remain unprotected.
- Quantum computers threaten to steal old Bitcoin by 2030s.
The Bitcoin network faces a ticking clock. Quantum computers edge closer to breaking the cryptography that secures old addresses. A new proposal, BIP-361, tries to freeze vulnerable coins before attackers steal them. But Cardano founder Charles Hoskinson calls the plan incomplete. He says at least 1.7 million Bitcoin, worth roughly $127 billion, remain unprotected under the scheme. The proposal would not save them. “That’s a lie,” Hoskinson stated. “It’s not possible.”
BIP-361 aims to protect as much as 34 percent of Bitcoin’s total supply, or more than 7 million coins valued at $536 billion. The plan rolls out in three phases. First, the network blocks transactions from old addresses. Second, it freezes those coins entirely. Third, a potential recovery process would allow owners who missed deadlines to reclaim their funds. The design assumes that most holders will migrate to quantum-resistant addresses before the deadline.
Hoskinson rejects the final phase’s promise. “You could recover some of the 8 million Bitcoin, but 1.7 million are not under this scheme,” he said. He specified the vulnerable group as all Bitcoin from before 2013, held before the introduction of BIP-39, which created seed phrases.
Older addresses use simpler public key exposure. Quantum computers only need to see a public key once to derive the private key. Pre-2013 addresses often reuse keys or expose them in transactions. Those coins become sitting ducks.
Satoshi’s Stash Alone Accounts for 1.1 Million Vulnerable Coins
At least 1.1 million of the exposed 1.7 million Bitcoin belong to pseudonymous creator Satoshi Nakamoto. Arkham Intelligence data puts the value of Satoshi’s hoard near $82 billion. The remaining 600,000 coins belong to early miners and adopters from 2011 and 2012.
None of those holders can prove ownership under the BIP-361 recovery scheme, according to Hoskinson. The proposal assumes owners will voluntarily migrate. But early addresses hold coins that have never moved. Their owners may have lost keys or died. No migration means no protection.
The industry calls the looming quantum breakthrough “Q-Day.” Google issued a warning in March 2026, moving its own infrastructure to post-quantum cryptography. The move signals that quantum threats approach faster than many expected. Hoskinson acknowledges the urgency. “I understand why they wrote it,” he said of BIP-361. “Because if they don’t do this, that money will be stolen in the 2030s. That’s a fact.”
Bitcoin developers face a brutal trade-off. Freezing old coins protects the network from quantum theft. But freezing also means writing off billions in value owned by people who cannot or will not act. The alternative, doing nothing, guarantees eventual theft.
Quantum computers will crack SHA-256 and ECDSA within a decade, many physicists predict. Attackers would sweep exposed addresses instantly.
The debate now shifts from technical feasibility to political will. BIP-361 requires a soft fork. Miners and node operators must signal support. But the proposal’s incomplete coverage may kill consensus.
Why adopt a fix that leaves 1.7 million coins dangling? Hoskinson’s critique forces a hard question: should the network protect only the movable coins, or redesign the entire scheme from scratch?
