What Happened
On April 15, a group of six Bitcoin developers and researchers published BIP-361 to the Bitcoin Improvement Proposal repository. The proposal is titled 'Post Quantum Migration and Legacy Signature Sunset' and is co-authored by Jameson Lopp, Christian Papathanasiou, Ian Smith, Joe Ross, Steve Vaile, and Pierre-Luc Dallaire-Demers. It is currently in informational draft status with no activation timeline and no changes to any live Bitcoin software. BIP-361 builds directly on BIP-360, which proposed a new Pay-to-Merkle-Root address type designed to keep public keys hidden until spending. BIP-360 protects new coins going forward. BIP-361 addresses what BIP-360 cannot: the roughly 34% of Bitcoin supply already sitting in addresses with exposed public keys.
What BIP-361 Actually Proposes
The proposal structures a three-phase migration timeline that only begins after BIP-360 or an equivalent quantum-resistant address type is live on the network. Phase A, starting approximately three years after activation, would prohibit new Bitcoin from being sent to legacy address types: P2PK, P2PKH, P2WPKH, and P2TR outputs with exposed keys. Users could still move funds out of these addresses during Phase A, but no new deposits could flow in. The practical effect is to push wallets, exchanges, and services toward quantum-resistant address formats.
Phase B, beginning two years after Phase A, escalates to consensus-level invalidation: legacy signatures would no longer be accepted by the network. Any Bitcoin still in quantum-vulnerable addresses at this point becomes permanently frozen as a UTXO. The network recognizes the coins exist but will not process any transaction to move them. A proposed Phase C, still under research and not yet specified, would offer a limited recovery mechanism based on zero-knowledge proofs tied to BIP-39 seed phrases, allowing holders to prove ownership of frozen coins without exposing private keys and migrate them to quantum-safe outputs.
The Sovereignty Argument — Both Directions
BIP-361 is the first serious proposal in Bitcoin's sixteen-year history to challenge the foundational property rights guarantee: no one can touch your coins without your private key. No government, no bank, no developer. The proposal's authors are not governments or banks. They are Bitcoin developers making the case that the quantum threat is severe enough to justify a protocol-level exception to that guarantee. This is the real debate, and it is not about whether quantum computers are a threat. It is about whether Bitcoin preserves unconditional ownership, or whether the network can compel migration when security risk is deemed existential.
Their framing is explicit: this is defensive, not confiscatory. Frozen coins only make everyone else's coins slightly more valuable by reducing active supply. Quantum-stolen coins do the opposite. They flood the market from addresses that have been cracked, destroying price and undermining miner incentives simultaneously. The authors argue that allowing a quantum actor to drain 5.6 million BTC from legacy addresses would be a more severe violation of Bitcoin's integrity than a compelled migration deadline. The community's counterargument is equally direct: the moment Bitcoin's protocol can invalidate existing UTXOs under any circumstance, the guarantee is gone, and the precedent, once set, is available for future use under other framings. The phased design amplifies this concern: Phase A stops new sends, Phase B invalidates signatures, Phase C offers recovery. The ecosystem must coordinate wallets, exchanges, custodians, and long-dormant holders across a five-year window or accept frozen coins as the outcome. Bitcoin's governance culture has historically resisted any change that touches existing economic rules. BIP-361 is that change.
What This Means for You
Nothing changes today. BIP-361 is a draft with no activation date, no implementation, and explicit dependency on BIP-360 being live first. BIP-360 itself is in testnet. The timeline from here to any network-level effect, even in the most aggressive scenario, is measured in years.
What it does change is the threat model you should be thinking about. If BIP-361 or any similar proposal eventually activates, the coins at risk of freezing are specifically: early P2PK outputs, any address that has already spent from it and therefore exposed its public key, and Taproot outputs which expose keys by default. Coins in P2PKH or P2WPKH addresses where you have never spent, where the public key has never appeared on-chain, are not in the same exposure category. The practical action is the same one that has applied since the Google paper: do not reuse addresses, understand your address format, and watch BIP-360 testnet progress as the leading indicator of whether any of this moves toward activation.
What to Watch
Watch the Bitcoin developer mailing list for formal responses to BIP-361 from Core contributors, specifically whether any significant developer voices endorse the proposal's framing or whether it remains a dissenting-but-notable draft. Watch BIP-360 testnet progress through BTQ Technologies as the prerequisite that has to clear before BIP-361's timeline can begin. And watch whether the community backlash produces alternative proposals. Rate-limited spending from vulnerable outputs and voluntary migration with supply burns have both been mentioned as less coercive paths to the same end goal.