Bitcoin's proposed quantum defense would abandon 1.7 million BTC to the void, and the community is pretending it's a gentle upgrade.
The Summary
- Charles Hoskinson argues BIP-361 is mislabeled as a soft fork when it's actually a hard fork that can't protect pre-2013 Bitcoin holdings.
- Roughly 1.7 million BTC, including Satoshi's coins, would remain vulnerable under the current quantum protection proposal.
- The zero-knowledge recovery plan won't save all at-risk Bitcoin, exposing a hard truth about protocol upgrades and immutability.
- Bitcoin faces a choice between quantum security and preserving access to early-era coins that predate modern wallet standards.
The Signal
BIP-361 is being sold as a soft fork, a backward-compatible upgrade that doesn't split the network. But Hoskinson is calling the bluff. If you're fundamentally changing which transactions the network accepts as valid, that's a hard fork no matter how carefully you label it. The proposal attempts to protect Bitcoin from quantum computers that could crack the cryptography securing wallets, but it hits a wall with old coins.
The 1.7 million BTC at risk sit in pay-to-public-key (P2PK) addresses from Bitcoin's early years. These predate the wallet standards that came after 2013, when the network shifted to more secure address formats. Satoshi's estimated million coins are in this bucket. So are hundreds of thousands of others from miners and early adopters who either lost their keys or walked away.
"It's not possible to save all vulnerable Bitcoin from quantum computing under the current proposal."
BIP-361's zero-knowledge recovery mechanism is designed to let owners prove control of at-risk coins without exposing their private keys. But it only works if you still have those keys. For the lost coins, the abandoned wallets, the Satoshi stash, there's no recovery path. They become permanent artifacts, locked forever or vulnerable to future quantum attacks.
This creates a strange new category in Bitcoin's supply: coins that exist on the ledger but can never move again without breaking. It's the ultimate test of immutability versus survival. Do you preserve the protocol's promise that no one can change the rules retroactively, even if it means leaving billions of dollars exposed? Or do you hard fork to save the network, knowing you're drawing a line between the saved and the abandoned?
Key tensions in the debate:
- Soft fork vs. hard fork classification matters for network consensus and miner coordination
- Quantum threat timeline is uncertain, making the urgency of action debatable
- Preserving lost or dormant coins conflicts with protecting active users from quantum risk
Hoskinson's critique matters because it names what Bitcoin maximalists hate admitting: sometimes there's no elegant solution. You can't have perfect immutability and perfect security when the threat model changes. The quantum question forces Bitcoin to choose which principle it values more. The proposal leaves 1.7 million BTC unrecoverable not because it's broken, but because those coins exist in a pre-quantum-aware era of the protocol.
The Implication
If you hold Bitcoin in modern wallets, you're probably fine. The proposal protects most active users. But if you're sitting on old keys, or you know someone who mined in 2009 and lost access, the quantum clock is ticking. The community is deciding whether to save the network or save Satoshi's coins. It's probably choosing the network.
Watch how Bitcoin's developer community responds. If they accept Hoskinson's framing and call this a hard fork, it changes the political calculus. Hard forks are contentious. They require broad consensus. They can split chains. Calling it a soft fork was the path of least resistance. Calling it what it actually is makes the upgrade harder to execute, but more honest about the cost.