Key Takeaways
- Charles Hoskinson, Cardano’s founder, claims Bitcoin’s BIP-361 quantum security proposal is wrongly categorized as a soft fork when it actually demands a hard fork implementation.
- The BIP-361 framework suggests locking quantum-susceptible Bitcoin wallets and mandating user migration to quantum-resistant addresses.
- Approximately 1.7 million Bitcoin minted before the 2013 BIP-39 seed phrase standard cannot benefit from BIP-361’s zero-knowledge recovery mechanism.
- Roughly 1.1 million of these inaccessible coins are attributed to Bitcoin creator Satoshi Nakamoto and would face permanent immobilization under this plan.
- Current data reveals that over 34% of circulating Bitcoin as of March 1, 2026, contains publicly exposed keys susceptible to quantum computing threats.
Cardano’s founder Charles Hoskinson has issued a sharp critique of Bitcoin’s planned quantum computing countermeasure, arguing the proposal is technically misclassified and fails to safeguard Bitcoin’s earliest holdings.
The controversial measure under scrutiny is BIP-361, jointly developed by Bitcoin engineer Jameson Lopp alongside fellow contributors. The framework seeks to eliminate Bitcoin addresses vulnerable to quantum attack vectors by locking these holdings and requiring users to transition to quantum-resistant alternatives.
Hoskinson delivered his analysis during a livestream earlier this week, referencing statistics indicating that by March 1, 2026, over 34% of all circulating [[LINK_START_0]]Bitcoin features an exposed public key permanently recorded on the blockchain. This translates to approximately 8 million Bitcoin potentially vulnerable to exploitation by sufficiently advanced quantum computers.
BIP-361 incorporates a zero-knowledge proof authentication mechanism designed to enable holders with standard wallet recovery phrases to verify ownership and retrieve any locked assets following migration.
However, Hoskinson contends this recovery framework fails for roughly 1.7 million Bitcoin stored in wallets created before the BIP-39 seed phrase specification gained widespread acceptance around 2013.
These legacy wallets employed an alternative key generation approach from Bitcoin’s original client software. They depended on locally stored key pools instead of recoverable seed phrases. Without seed phrase access, generating the zero-knowledge proof required for coin recovery becomes impossible.
“1.7 million coins can’t do that. It’s not possible. 1.1 million of which belong to Satoshi,” Hoskinson stated.
The Classification Controversy
Beyond the recovery limitations, Hoskinson disputed BIP-361’s technical classification. He asserted the proposal presents itself as a soft fork while functionally necessitating a hard fork since it invalidates currently active signature verification methods.
“To actually do this, you need a hard fork,” Hoskinson explained. Bitcoin has never implemented a hard fork, and the development community has traditionally resisted such fundamental changes.
Lopp, one of the proposal’s co-authors, admitted on X this week that he personally disapproves of the plan and characterized it as “a rough idea for a contingency plan” rather than a polished technical specification.
Lopp has maintained that freezing inactive coins — estimated at 5.6 million Bitcoin — would be more favorable than allowing a future quantum attacker to recover and liquidate them in public markets.
Governance Challenges and Institutional Influence
Hoskinson further contended that Bitcoin’s absence of structured on-chain governance mechanisms leaves it without an orderly framework for resolving such critical decisions. He referenced Cardano, Polkadot, and Tezos as blockchain networks with established governance protocols capable of processing these decisions through community-wide voting.
He predicted that major institutional stakeholders, including asset management firms that have accumulated substantial Bitcoin positions in recent years, will ultimately compel Bitcoin developers to implement changes despite grassroots opposition.
Should BIP-361 be adopted in its present configuration, the approximately 1.7 million pre-2013 coins would become permanently inaccessible with zero recovery options available.
