Charles Hoskinson has sharpened the debate over Bitcoin’s post-quantum future by arguing that BIP-361, the draft proposal meant to protect the network from a future break in current signature schemes, would not merely harden Bitcoin against a distant technical threat. In his view, the plan would force a migration that many of the network’s oldest coins could never complete, including early UTXOs widely associated with Satoshi Nakamoto.
The stakes are unusually high because the proposal itself is built around a large exposure base. As of March 1, 2026, more than 34% of bitcoin had already revealed public keys on-chain, leaving roughly 8 million BTC theoretically vulnerable if quantum computing ever reached the point where ECDSA and related schemes could be broken. That makes the issue far more than theoretical, but it also means any defensive fix immediately becomes a question of which coins can realistically be saved and which cannot.
The Dispute Is Really About Consensus, Not Just Cryptography
Hoskinson’s sharpest criticism is that BIP-361 is being described too gently. Although its authors framed it as a soft fork, he argued that the rule changes would be so restrictive that legacy nodes would no longer validate new blocks unless they adopted the updated logic. In practical terms, he sees the proposal as a hard fork in everything but name, with the potential to trigger a contentious split if the ecosystem does not move in lockstep.
That concern is not merely semantic. A network divided between upgraded and non-upgraded nodes could end up operating under different validation assumptions, introducing instability into block propagation, synchronization and finality. In that sort of mixed-rule environment, the risk shifts from future quantum theft to immediate coordination failure, with longer sync times, orphaned blocks and sporadic reorg pressure becoming part of the trade-off.
The Recovery Design May Leave Early UTXOs Behind
Hoskinson also targeted the proposal’s recovery logic, arguing that its seed-based design is far too narrow to solve the problem it claims to address. BIP-361 reportedly ties recovery to a zero-knowledge proof mechanism dependent on deterministic seed phrases built around BIP-39-style wallet standards. His objection is straightforward: Bitcoin’s earliest coins were not created in that wallet era, and many of them do not have the seed structure the proposal assumes.
That is where the Satoshi question becomes central. Hoskinson said approximately 1.7 million BTC were created using pre-2013 key-generation methods that lacked modern deterministic seeds, including an estimated 1.1 million BTC attributed to Satoshi’s addresses. If that is correct, then a migration framework built around seed-based proof would not recover those holdings at all. As he put it, “Recovery by seed is not a universal fix.”
The proposal’s phased structure only makes that concern more acute. Reports describe a sequence that would first ban new payments to legacy addresses, then invalidate older ECDSA and Schnorr signatures unless coins were migrated, and finally rely on the recovery pathway for stragglers. That design may reduce the risk of future quantum exploitation, but it also means a portion of legacy supply could become permanently unspendable if the recovery assumptions fail.
Bitcoin’s Social Governance Is Now Part of the Risk Model
The controversy has exposed a broader problem that extends beyond signature schemes and wallet history. Bitcoin has no formal on-chain mechanism for resolving existential technical disputes of this scale, so changes of this magnitude have to be negotiated socially across developers, miners, node operators and holders. In that setting, the protocol’s greatest strength—its decentralized governance—can also become a source of upgrade fragility.
That is why the BIP-361 fight is starting to look less like a narrow security discussion and more like a test of how Bitcoin handles existential change. Supporters argue that forced migration may be the only credible way to reduce long-term quantum risk. Critics counter that freezing or invalidating legacy outputs crosses a line on property rights and backward compatibility. What sits between those positions is a difficult choice between coordinated migration and preserving old assumptions at the cost of lingering exposure.
