A top Bitcoin developer says he’s built something the community has discussed for years but never actually produced: a way to save regular wallets if the network is ever forced to defend itself against a quantum computer.
in the face of the quantum adversary, a commonly discussed emergency fork for Bitcoin would be to disable the taproot key-spending path (effectively turning it into something similar to BIP-360
assuming an existing cautious soft-fork to add a pq…
— Olaoluwa Osuntokun (@roasbeef) April 8, 2026
Olaoluwa “Roasbeef” Osuntokun, chief technology officer at Lightning Labs, revealed the working prototype in an April 8 post to the Bitcoin developer mailing list. The tool targets a specific and unpleasant flaw in Bitcoin’s long-term defense plan, a widely discussed “emergency brake” upgrade designed to protect the network from quantum attacks could also lock millions of users out of their own funds. Osuntokun’s proposal is an escape hatch.
Bitcoin relies on a form of encryption that could, in theory, be broken by sufficiently powerful quantum computers. If that happens, public data already visible on the blockchain can be turned into private keys, allowing attackers to seize funds.
A leading proposal, known as BIP-360, was merged into Bitcoin’s repository of improvement proposals in February as a draft. It would give users a new, quantum-resistant type of wallet to migrate their funds to in advance of any threat.
But migration takes time, and not everyone will move with the times. That is why developers have also discussed a more drastic rear stopper – the “emergency brake”.
Every Bitcoin transaction today is authorized by a digital signature, a piece of cryptographic math that proves the sender owns the coins. These signatures are exactly what a quantum computer would be able to create.
The emergency brake would shut down Bitcoin’s current network-wide signature system before an attacker could start draining wallets. Think of it as cutting power to the locks when you discover the keys have been copied.
The problem is what happens to everyone still inside. Most modern wallets—notably the single-user Taproot wallets that were introduced to Bitcoin in 2021 and are now commonplace across the ecosystem—rely on this signature system and nothing else to authorize spending. If it gets turned off, these wallets have no other way to prove ownership.
The coins inside them would be stranded, untouchable even by their rightful owners. The same upgrade designed to protect users can also freeze them permanently.
Osuntokun’s prototype is designed to give these wallets a different path. Instead of proving ownership with a digital signature—the very mechanism a quantum attack would break and the emergency upgrade would disable—his system lets a user mathematically prove they were the one who originally created the wallet, using the secret “seed” from which each Bitcoin wallet is generated.
Crucially, the proof doesn’t require revealing the seed itself, so using it to save a wallet doesn’t compromise others descended from the same seed. In fact, it replaces “I can sign this transaction” with “I can prove this wallet came from me.”
The prototype is already functional. Running on a high-end consumer MacBook, it took about 55 seconds to generate the proof, while verification took under two seconds. The resulting proof file was about 1.7 MB, about the size of a high-resolution image. Osuntokun said the system was built as a side project and remains unoptimized.
Right now, there is no formal proposal to add it to the Bitcoin blockchain, no implementation timeline, and developers remain divided on how urgent the quantum threat actually is.
Academic researchers note that many widely cited quantum “breakthroughs” rely on simplistic testing conditions, and large-scale attacks on Bitcoin’s mining system would run into hard physical limits. But the risk of exposed wallets is considered real enough that developers have been outlining defensive upgrades for years.
The markets reflect this uncertainty. At Polymarket, retailers currently allocate approx. 28% chance of BIP-360 being implemented by 2027.
But the prototype closes a gap that had lingered in theory: how to protect Bitcoin from a future threat without the collateral damage of locking users out of their wallets.
