Bitcoin developers are debating a radical change to how the network would respond to a future quantum computing threat: Don’t freeze vulnerable coins unless someone proves the threat is real. But there’s a catch: The proposal assumes that the attacker will reveal the ability for a bounty instead of maximizing profit through theft.
A proposal published this week by BitMEX Research outlines a “canary” system that would only trigger a network-wide restriction on older bitcoin wallets if a quantum-capable attacker demonstrates it on-chain, replacing previous plans to impose a pre-planned freeze years in advance. At its core, the proposal is a “wait and react” strategy.
It works by placing a small number of bitcoin in a special address that only a quantum-capable attacker could unlock, with any spend from that address serving as public proof that the threat has arrived and automatically triggering a network-wide freeze of legacy wallets.
Bitcoin wallets rely on digital signature schemes that are secure against classical computers but could be broken by advances in quantum computing, and a recent Google research paper lowered estimates of the resources needed, with some observers now pointing to the end of the decade as a potential window of risk.
The approach is designed as an alternative to BIP-361, a controversial proposal that would impose the same restrictions on a fixed five-year timeline, regardless of whether quantum computers are actually able to attack Bitcoin’s blockchain. BIP-361 would phase out vulnerable addresses over several years before completely invalidating the old signature schemes, leaving any non-migrated coins permanently frozen.
Critics have called this outcome “authoritarian and confiscatory” and argue that it undermines Bitcoin’s core principle that control resides solely with private key holders.
Layered on top of BitMEX’s detection mechanism is a financial incentive. Users could contribute bitcoin to the address, creating a bounty that rewards the first device to publicly demonstrate a quantum attack instead of quietly draining vulnerable wallets. Contributors do not have to give up their funds permanently as the structure allows withdrawals at any time.
The proposal also introduces a “security window” designed to make stealth attacks more difficult. Vulnerable coins could still move, but the recipient would not be able to use them for an extended period of time, potentially around a year. If the canary is triggered during that window, those coins will be retroactively frozen, increasing the risk to any attacker trying to quietly mine money.
There is a catch
The canary reduces the risk of disrupting users prematurely, but it rests on an uncomfortable bet that the first device capable of breaking Bitcoin would demand a bounty rather than pull off what could be the biggest theft in the network’s history and walk away with millions of bitcoin.
That bet cuts off the kind of worst-case scenarios Bitcoin’s design has always tried to prevent, and the network has historically had little appetite for regretting such events after the fact. Ethereum’s response to the 2016 DAO hack, a hard fork that reversed the theft and split the network into Ethereum and Ethereum Classic, is the kind of protocol-level intervention Bitcoin’s culture has long resisted.
If the bet fails, Bitcoin risks the worst of both worlds — the disaster it was trying to prevent and the realization that a fixed-timeline defense would have stopped it.
