Bitcoin’s ongoing debate over how to prepare for a quantum‑computing era has shifted from simply introducing quantum‑resistant signatures to resolving what to do with billions of dollars’ worth of coins that may never move. The core technology question is not whether new signatures can be added, but how the network should treat long‑dormant and publicly exposed holdings that remain vulnerable if no action is taken.

Technology Overview

At the center of the discussion are large troves of bitcoin believed to be inaccessible and, therefore, effectively stuck. Many are assumed to belong to Bitcoin’s pseudonymous creator, Satoshi Nakamoto, and to early users who lost their keys. Because those coins cannot be transferred, they cannot be proactively relocated to safer forms of ownership. Alongside that immobile supply is another substantial category of risk: according to Project11, a research group following the issue, roughly five million coins are exposed through address reuse. Most of those are thought to sit in exchange wallets as active holdings. Together, these pools define the scale of what the community must account for as it considers a migration path.

Supporters of a decisive schedule say the obstacle is not technical substitution. In their view, swapping in quantum‑resistant signatures is relatively straightforward. The difficult part is governance around coins that remain static. Any plan that stops at enabling new signatures would still leave the network with a long tail of vulnerable funds—precisely the funds that cannot, or will not, be moved on their own.

How It Works

The dispute breaks along two clear lines. One camp favors a hard deadline that would phase out today’s signature schemes—ECDSA and Schnorr—after a set cutoff. After that point, any coins that had not migrated would become unspendable under the rules the network enforces. Proponents argue that leaving those legacy paths open indefinitely grants a future attacker a potential windfall large enough to move markets and damage confidence. In their framing, a hostile actor—possibly a sanctioned state—could weaponize those exposed coins to crash the price and call the network’s legitimacy into question.

The opposing camp rejects a deadline on principle, calling it a form of confiscation. From that perspective, Bitcoin’s premise includes absolute property rights that are not subject to revision through rule changes, even under security pressure. They warn that once the network embraces any mechanism that renders certain holdings unspendable, it establishes a precedent that could, in time, be applied under external pressure to freeze other categories of funds. What one side sees as risk containment, the other side reads as erosion of the assurances that made Bitcoin credible.

Between these poles lies a search for designs that acknowledge both the security imperative and the network’s commitment to neutral, predictable rules. Over the past two months, several proposals have emerged that attempt to manage flow, verification, and timing in ways that do not force a single, all‑or‑nothing decision.

Proposals on the Table

Hourglass is one such proposal. It would cap the number of vulnerable coins that can be spent per block. By controlling throughput at the protocol level, Hourglass aims to prevent a sudden, destabilizing flood of exposed supply from entering the market at once. The cap functions like a circuit breaker for legacy outputs, pacing their movement so that even if an attacker tried to exploit them, the system would meter the impact over time. Importantly, this approach focuses on rate‑limiting rather than outright disabling legacy signatures, seeking a middle route that prioritizes stability.

Another path is BIP‑361, associated with developer Jameson Lopp and collaborators. BIP‑361 is designed to let migrated holders prove ownership after any cutoff by presenting a quantum‑resistant proof that does not reveal a key. This aligns with the idea that users who take steps to move to safer cryptography should still be able to demonstrate control in a privacy‑preserving way, even if legacy schemes are no longer accepted. By enabling post‑cutoff proofs without key exposure, the proposal tries to reconcile two goals: deprecating older signatures while maintaining a credible, secure method for rightful owners to establish that their holdings are legitimate.

A third thread is PACTs, advanced by Dan Robinson at Paradigm. PACTs would let owners timestamp a private claim now and move funds later, all without revealing anything today. The timing mechanism is central: it records a claim in the present, anchoring it to the chain, while deferring actual movement of funds until a later moment chosen by the owner. In doing so, PACTs attempt to grant users optionality and safety without forcing premature disclosures, offering an approach that neither freezes coins nor encourages a rapid rush to migrate.

Industry Impact

Each approach reflects a different weighting of Bitcoin’s priorities. The hard‑deadline concept maximizes forward security by cleanly retiring legacy signatures, but at the cost of rendering unmigrated balances unusable. Opponents stress that such a move would redefine what ownership means on a blockchain that has historically treated valid keys and signatures as the final word.

Hourglass, BIP‑361, and PACTs, by contrast, are built to reduce systemic shock and preserve user agency. Hourglass emphasizes market stability through pacing; BIP‑361 emphasizes verifiability without key exposure; and PACTs emphasizes timing and privacy. Collectively, they illustrate a broader design philosophy: constrain the attack surface and migration stress without violating the assumptions long‑time participants rely on. None is a definitive fix on its own, but together they outline a toolkit the network could draw from as consensus forms.

The presence of dormant and exposed holdings raises stakes beyond technical elegance. If vulnerable coins remain spendable without guardrails, they present a latent vector for disruption. If they are aggressively sunset, the network risks alienating participants who view immutability and property rights as non‑negotiable. The balance will likely hinge on solutions that are precise about what is limited, what is proved, and when actions must occur.

Future Implications

What happens next depends on whether the community can converge on rules that satisfy both resilience and principle. The proposals now circulating do not attempt to resolve every philosophical disagreement; instead, they aim to operationalize migration in ways that handle supply shocks, preserve legitimate claims, and respect privacy during the transition. That pragmatic focus is why they have attracted attention: they map concrete pathways for a network that needs to move, even as it debates how far and how fast.

In practice, the clock is ticking on unmoved and publicly exposed holdings, yet the method of addressing them remains a live question. A cap on vulnerable‑coin throughput, a post‑cutoff proof that keeps keys private, and a timestamped claim that defers movement offer distinct levers that could be combined or sequenced. The immediate goal is to avoid a binary choice between permanent vulnerability and irreversible confiscation. The longer‑term objective is to demonstrate that Bitcoin can evolve its signature rules while preserving the ethos that underpins its social contract.

As the conversation continues, the dividing line is clear: safeguard the network against a future quantum adversary without undermining the very guarantees that made it worth safeguarding. The outcome will be measured not only by the cryptographic primitives adopted, but also by whether holders—active, dormant, and in between—can navigate the transition with confidence that their claims remain intact.