Bitcoin BIP-361 Targets Legacy Wallets in Quantum Security Push

Background and Context

The Bitcoin BIP-361 proposal builds on concerns around quantum risk. Both ECDSA and Schnorr signatures, which Bitcoin currently relies on, remain theoretically vulnerable to quantum attacks. In particular, early P2PK outputs from 2009 to 2011 present the highest risk because their public keys are already visible on the blockchain. This makes them a direct target once sufficiently powerful quantum computers become available.

Recently, advances in quantum research, including work published by Google Quantum AI, have increased the urgency of these discussions. Importantly, Bitcoin BIP-361 follows BIP-360, which was merged earlier in 2026. BIP-360 introduced a quantum-resistant Pay-to-Merkle-Root (P2MR) address format as the first step in Bitcoin’s long-term post-quantum roadmap.

However, BIP-360 remained optional. By contrast, BIP-361 introduces enforcement measures. Without such enforcement, developers estimate that around 1.7 million BTC in the most exposed early P2PK addresses remain at direct risk. More broadly, legacy address exposure could affect up to 34% of Bitcoin’s supply, creating a potential systemic threat to market confidence if these coins were ever stolen.

Historically, Bitcoin has never frozen existing coins through a protocol upgrade. For example, upgrades such as Segregated Witness (2017) and Taproot (2021) introduced new capabilities without invalidating older signatures.

Details of the BIP-361 Proposal

Authored by cypherpunk Jameson Lopp and five quantum security experts BIP-361 proposes a three-phase migration plan that would activate through a soft fork.

First, Phase A, beginning three years after activation, would block any new inflows into legacy address formats. However, users would still be able to spend existing funds from those addresses. Next, Phase B, beginning five years after activation, would invalidate legacy ECDSA and Schnorr signatures entirely. At that point, any coins that remain in vulnerable formats would effectively become frozen.

Finally, Phase C leaves room for a future recovery mechanism. Under this framework, legitimate holders could potentially reclaim frozen funds using zero-knowledge proofs or similar cryptographic verification systems. Consequently, the proposal aims to create strong incentives for users to migrate funds into quantum-resistant P2MR outputs well before the sunset deadline.

Market Implications

The proposal has already sparked intense debate across the Bitcoin community. Supporters argue that the network must prepare now to prevent a future quantum-driven theft event that could release large dormant balances into circulation and damage trust in Bitcoin’s security model.

On the other hand, critics argue that freezing coins directly challenges Bitcoin’s core principle of immutability. In particular, many have raised concerns that dormant holdings, including wallets linked to Satoshi-era miners, could become permanently inaccessible.