Quantum Proposal Won’t Save Satoshi’s Bitcoin, Argues Cardano Founder Charles Hoskinson
A new Bitcoin improvement proposal, BIP-361, has ignited a heated debate over the long‑term security of Bitcoin in a future where quantum computers become powerful enough to break today’s cryptography. Supporters of the proposal claim it could safeguard up to 34% of the total Bitcoin supply-more than 7 million BTC, valued at roughly $536 billion-by gradually forcing at-risk coins to migrate to quantum‑resistant addresses.
Cardano founder Charles Hoskinson, however, disputes one of the core promises being made around the proposal. In his view, even if BIP‑361 were fully implemented as described, it would still leave a substantial amount of Bitcoin exposed. He estimates that about 1.7 million BTC-around $127 billion at current prices-would remain vulnerable to quantum attacks.
What BIP‑361 Is Trying to Do
BIP‑361 is built around a phased approach to dealing with addresses that use older, quantum‑susceptible signature schemes. The overarching idea is to push holders of vulnerable coins to move them into newer, quantum‑resistant formats, and to penalize or eventually lock in coins that never move.
The plan is divided into three broad phases:
1. Phase 1: Block New Inflows to Legacy Addresses
Addresses relying on signature schemes considered weak in a post‑quantum world would no longer be allowed to receive new funds. Existing balances could still be spent, but fresh Bitcoin could not be sent to these legacy addresses.
2. Phase 2: Freeze Legacy Coins
After a long grace period, coins sitting in such vulnerable addresses would be treated as “frozen.” They could no longer be moved using the old cryptography. The implicit message to holders: upgrade your address or lose flexibility over your coins.
3. Phase 3: Recovery Mechanism for “Forgotten” Coins
The final step outlines a process for attempting to “rescue” Bitcoin that missed migration deadlines. Under various schemes proposed, these frozen coins might be recoverable or claimable by their original owners through new rules and transaction types-though the technical and social details are highly contested.
Proponents of the proposal argue that this three‑step roadmap is a pragmatic way to gradually migrate a huge portion of the supply without suddenly invalidating existing holdings or undermining user confidence.
Where Hoskinson Draws the Line
Hoskinson’s main objection is aimed squarely at the claim that the proposal could fully protect, or later recover, nearly all at-risk coins. He argues that, in reality, a significant tranche of Bitcoin will never move, never migrate, and thus never be saved by any such mechanism.
This is especially true for early coins mined in Bitcoin’s first years-most famously those believed to belong to Satoshi Nakamoto. Many of these early holdings have not moved in more than a decade, leading to widespread speculation that the keys are lost or that the owner is either dead, permanently offline, or unwilling to ever transact.
According to Hoskinson, any scheme that relies on coin owners actively performing a migration is fundamentally limited by one hard constraint: some owners are gone, private keys are lost, and those coins are effectively abandoned. No protocol change-quantum‑focused or otherwise-can force someone who no longer has their keys to safely move their coins.
Why Satoshi’s Coins Are at the Heart of the Debate
The symbolic center of this debate is Satoshi Nakamoto’s presumed stash: more than 1 million BTC mined in the early days of the network. These coins have never been spent, and the addresses involved were created under signature schemes that, in theory, could be cracked by a sufficiently powerful quantum computer in the future.
If BIP‑361 were implemented, Satoshi’s coins-and other early, dormant addresses-would be among those flagged as vulnerable and eventually frozen if they do not move. But freezing a coin does not magically protect its owner if the private key is already lost, or if no one is alive or willing to claim it.
Hoskinson’s critique, therefore, is not just technical but philosophical. He is effectively saying:
– You cannot “save” coins whose owners you can’t reach.
– Freezing or reassigning those coins raises serious questions about property rights and the social contract underlying Bitcoin.
– Quantum‑resilience plans must be honest about what they can and cannot achieve.
Technical Limits of Quantum “Rescue” Plans
One of the central challenges is the nature of Bitcoin’s current cryptography. Bitcoin uses ECDSA signatures on the secp256k1 curve. While secure against classical computers, this scheme is theoretically breakable by a sufficiently advanced quantum computer using Shor’s algorithm.
BIP‑361 and similar ideas typically revolve around:
– Introducing quantum‑resistant signature schemes (for example, based on lattice problems or hash‑based signatures).
– Allowing users to move funds from ECDSA-based addresses to new, post-quantum addresses during a long transition period.
– Penalizing or freezing coins that fail to migrate in time, under the argument that leaving them vulnerable endangers the broader ecosystem.
Where Hoskinson sees a fatal flaw is in the assumption that a protocol can retroactively “rescue” coins without cooperation from their owners. Cryptography cannot create knowledge (a private key) where it doesn’t exist. Any attempt to “reassign” or “reclaim” coins for safety risks crossing an invisible line: turning a neutral protocol into an active reallocator of wealth.
Governance and Social Consensus Risks
Even if the cryptographic details could be worked out, the governance side is explosive. Implementing BIP‑361 at scale would require:
– Broad agreement among miners, node operators, exchanges, and wallet providers.
– A willingness to accept that some coins may be frozen or subject to new spending rules.
– A shared belief that proactive intervention to save dormant coins is legitimate and aligned with Bitcoin’s ethos.
Hoskinson indicates that the social layer is being underestimated. Freezing legacy coins and later “recovering” them might be marketed as a security upgrade, but for many in the Bitcoin world, it can look like retroactive rule‑changing over someone’s property, especially if the original owner is not around to consent.
This is particularly controversial in the case of Satoshi’s coins, which have taken on an almost mythic status as a kind of untouched reserve. Any attempt to alter their status through protocol changes is likely to face fierce resistance.
The Hard Problem of Inactive and Lost Coins
A large portion of the Bitcoin supply is widely believed to be lost or inert: coins locked in wallets whose keys have disappeared, coins stuck in inaccessible hardware, and coins held by people who no longer participate in the ecosystem. Hoskinson’s 1.7 million BTC estimate falls into that category of effectively unreachable funds.
From a purely technical standpoint, these coins are indistinguishable from long‑term “hodl” positions. The network has no way of knowing if a coin’s owner is simply patient or permanently gone. That ambiguity is at the heart of why any forced migration or freezing mechanism is fraught:
– Some coins will migrate because owners are active and informed.
– Others simply cannot migrate because the private keys are lost.
– No automated rule can tell the difference ahead of time.
Thus, any protocol that attempts to “save” everything will inevitably misclassify some holdings and rely on social narratives to justify why those coins should be locked or repurposed.
Quantum Threat: Real Risk or Distant Concern?
Part of the disagreement around proposals like BIP‑361 also comes down to timelines. Quantum computers capable of breaking Bitcoin’s current cryptography do not exist today. Most expert estimates put practical, large‑scale, fault‑tolerant quantum machines decades away, though breakthroughs could accelerate that schedule.
Hoskinson doesn’t deny that quantum computing represents a real long‑term risk. But he implies that:
– Overreacting now with drastic protocol changes could do more harm to Bitcoin’s credibility than the hypothetical future attack.
– The network can begin experimenting with quantum‑resistant tools without trying to retroactively seize or freeze dormant coins.
In other words, it may be wiser to build a migration path and new tools, then allow market incentives and user choice to guide adoption, rather than imposing a rigid, protocol‑level clawback framework.
Alternative Approaches to Quantum Resilience
Instead of freezing or forcibly migrating coins, some experts favor a more optional, market‑driven approach, such as:
– Opt‑in quantum‑resistant wallets and scripts that users can choose to adopt over time.
– Layer‑2 and sidechain solutions that experiment with advanced post‑quantum cryptography before pushing anything into Bitcoin’s base layer.
– Gradual introduction of new address types that are attractive for large holders, custodians, and institutions, creating natural pressure to modernize without coercion.
Under such a model, Satoshi’s coins and permanently dormant addresses remain what they are today: part of the fixed supply, but effectively off the market. Their vulnerability to a far‑future quantum attack is treated as a narrow, specific risk, rather than a justification for sweeping protocol interventions.
Economic and Market Implications
If BIP‑361 or a similar proposal were ever adopted, the market reaction could be as significant as the technical change itself. Several scenarios are possible:
– Perceived supply reduction: If large amounts of coins are effectively frozen or made difficult to spend, some might argue that Bitcoin’s “effective” circulating supply has shrunk, potentially impacting price.
– Trust shock: Conversely, any move seen as confiscatory or as rewriting the rules of ownership could damage confidence in Bitcoin’s immutability and predictability.
– Speculation on frozen coins: Traders might begin to assign probabilities to whether certain dormant coins will ever be “recovered” under new rules, creating a complex narrative layer around what is or isn’t truly part of the usable supply.
Hoskinson’s warning underscores that these economic side effects are not hypothetical. They need to be weighed alongside the intended security benefits of any quantum‑focused proposal.
What This Means for Ordinary Bitcoin Holders
For everyday users, developers, and investors, the debate around BIP‑361 and Hoskinson’s criticism highlights several practical takeaways:
– Stay updated on address formats: Over the coming years, new address and signature schemes will likely emerge. Using modern, well‑supported wallets that adopt current best practices is the simplest hedge against future cryptographic risks.
– Avoid indefinite dormancy on outdated keys: Long‑term holders should periodically reassess their storage methods and consider moving funds to newer, more secure formats as standards evolve.
– Watch for consensus signals: Any dramatic change like BIP‑361 would require broad consensus. Monitoring what miners, node operators, and major service providers support is crucial to understanding where the network is heading.
Hoskinson’s central message, however, is clear: no matter how sophisticated a quantum‑defense proposal looks on paper, some portion of Bitcoin-particularly old, untouched coins like those attributed to Satoshi-cannot realistically be “saved” without crossing fundamental lines around property, consent, and protocol neutrality.
The Bottom Line
BIP‑361 aspires to be a sweeping answer to the looming question of quantum security in Bitcoin. Its backers say it could safeguard more than a third of the supply by forcing a migration to quantum‑resistant addresses and offering recovery paths for coins that fail to move on time.
Charles Hoskinson challenges that narrative. In his view, at least 1.7 million BTC will remain vulnerable no matter how the rules are written, because their owners are absent, their keys are lost, or their status is frozen in time-perhaps forever. For him, presenting BIP‑361 as a near‑total rescue plan, including for legendary holdings like Satoshi’s stash, is misleading.
The deeper issue, beyond any single proposal, is how far Bitcoin should go in rewriting its own rules to prepare for future threats. Quantum computing will eventually demand a response, but whether that response includes freezing or reassigning dormant coins remains one of the most contentious questions on the horizon for the world’s largest cryptocurrency.