Cardano founder: BIP-361 can’t save Bitcoin, 1.1 million coins could become quantum sacrifices

Cardano co-founder Charles Hoskinson stated on April 16 on YouTube regarding the Bitcoin improvement proposal BIP-361, saying that while the proposal has valid reasons, the “recovery mechanism” it promises in its third phase cannot be realized. He warned that about 1.7 million old versions of Bitcoin minted before the introduction of the BIP-39 mnemonic sentence mechanism may face the risk of being unrecoverable.

BIP-361 proposal’s three-phase design and key points of controversy

（Source: Youtube）

BIP-361 aims to address the long-term threat that quantum computing poses to Bitcoin encryption. It plans to gradually phase out the old signature scheme through three stages, and in theory could protect up to 7 million Bitcoins (about 34% of total supply, valued at $53.6 billion) from future quantum attacks.

The three stages are, in order: first, prevent funds from flowing into old, vulnerable addresses; second, freeze the old Bitcoins that have not completed migration; finally, open the recovery mechanism, allowing frozen tokens to apply for restoration of liquidity if they miss the migration deadline.

However, Hoskinson directly raised fundamental doubts about the third stage: “That’s a lie. It can’t happen.” He added that under this framework, the 1.7 million Bitcoins “aren’t even part of the plan.”

Why Bitcoin minted before 2013 is the biggest challenge

Hoskinson pointed out that the core issue lies in the historical timing of the BIP-39 mnemonic standard. BIP-39 is the standard private key generation mechanism for today’s mainstream Bitcoin wallets, but it was formally introduced only in 2013. This means that Bitcoins created before that time did not have the standardized mnemonics required by modern recovery processes, making it nearly impossible for legitimate holders to verify ownership and recover assets through official channels after quantum freezing.

Even so, Hoskinson did not completely deny the value of the proposal: “I understand why they wrote this document—because if they don’t, then by the 2030s, this money will be stolen. That’s a fact.”

Hoskinson’s broader criticism: governance gaps limit the scope of understanding

Hoskinson also criticized the conservative stance of the Bitcoin community, arguing that “if on-chain governance is implemented, this problem can be solved,” and citing examples such as Cardano, Polkadot, and Tezos. He pointed out that on-chain governance mechanisms have already worked successfully in other blockchains, providing a democratic solution path for similar protocol-layer decision-making.

The urgency of the quantum threat has new supporting evidence: in March 2026, Google announced its plan to transition its infrastructure to “post-quantum cryptography” by 2029, which has been viewed externally as a clear signal that the arrival speed of practical quantum computing threats may be faster than previously expected.

FAQ

Why did Hoskinson call the third phase of the BIP-361 proposal a “lie”?

The third phase of BIP-361 claims that it allows the recovery of Bitcoins that are frozen due to missing the migration deadline. Hoskinson pointed out that Bitcoins minted before 2013 used private key formats from before the introduction of BIP-39, lacking standardized mnemonics. As a result, legitimate holders cannot verify ownership through modern recovery processes, making the “recovery promise” of the third phase unachievable at the technical level.

Why do Bitcoins minted before 2013 face special quantum risks?

Before the introduction of the BIP-39 mnemonic standard in 2013, minted Bitcoins used older private key formats and did not have the standardized seed phrases required by modern recovery tools. This not only makes quantum-defense migrations harder, but also means that once these Bitcoins are locked in BIP-361’s freezing phase, legitimate holders can hardly complete recovery verification through the current proposal framework.

What is Hoskinson’s overall stance on Bitcoin’s quantum threat?

Hoskinson’s position is clearly tiered: he agrees that the proposal’s starting point is necessary, and he acknowledges that if action is not taken, after quantum computer breakthroughs in the 2030s, a large amount of old Bitcoins will face the risk of being stolen. But he also believes that, without introducing on-chain governance mechanisms, the current proposal has fundamental limitations and cannot truly solve the quantum security problems of all vulnerable Bitcoins.