Cardano founder Charles Hoskinson has challenged the effectiveness of Bitcoin Improvement Proposal 361, arguing that its zero-knowledge recovery mechanism cannot rescue approximately 1.7 million Bitcoin locked in pre-2013 addresses. The supporting evidence appears in the cited X post.
This limitation includes roughly 1.1 million Bitcoin attributed to Satoshi Nakamoto, representing one of the largest concentrations of early cryptocurrency holdings.
The critique targets BIP 361, authored by Casa co-founder Jameson Lopp and five collaborators, which proposes sunsetting legacy ECDSA and Schnorr signatures to protect against future quantum computing threats.
Current estimates suggest over 34% of all Bitcoin exists in addresses potentially vulnerable to quantum attacks, making the proposal’s scope and limitations particularly significant for the network’s long-term security.
Technical Limitations of Legacy Bitcoin Addresses
BIP 361 outlines a three-phase approach to address quantum vulnerabilities in Bitcoin’s signature schemes. Phase A would block new transactions to vulnerable addresses, while Phase B would reject all transactions relying on legacy ECDSA and Schnorr signatures.
The controversial Phase C proposes allowing holders to recover frozen coins by submitting zero-knowledge proofs of BIP 39 seed phrase possession.
However, Hoskinson pointed out fundamental technical barriers in a recent video analysis. “1.7 million coins can’t do that.
It’s not possible. 1.1 million of which belong to Satoshi,” he stated, explaining that these early Bitcoin holdings predate modern wallet standards entirely.
The technical challenge stems from Bitcoin’s early architecture, which existed before BIP 39 seed phrases and hierarchical deterministic key generation became standard.
These legacy systems fall outside the assumptions required for zero-knowledge-based recovery mechanisms, creating an insurmountable gap between old and new wallet technologies.
“If you build a ZK system based upon proof of a statement, your BIP 39 key, say I have these things, you can recover some of the 8 million Bitcoin, but 1.7 million are not under this scheme. All of the 2013 Bitcoin and before,” Hoskinson added, highlighting the temporal divide in Bitcoin’s technical evolution.
Acknowledgment of Recovery Limitations
The BIP 361 proposal itself acknowledges these technical constraints, explicitly stating it is “not possible to construct a proof of HD wallet ownership for UTXOs created before BIP 32 existed.” This admission underscores the fundamental incompatibility between quantum protection measures and Bitcoin’s earliest transaction outputs.
Lopp, who shared details about the proposal on X, has characterized BIP 361 as a contingency plan requiring additional research rather than an immediate implementation priority. The draft attempts to address legacy fund recovery through compatibility with potential “Hourglass” style proposals for spending Pay-to-Public-Key encumbered funds, though such mechanisms remain theoretical.
The proposal’s Phase C includes provisions stating: “Phase C is also compatible with an ‘Hourglass’ style BIP for spending P2PK encumbered funds, provided such a BIP has activated by the time Phase C activates.” This language suggests awareness of the legacy fund problem while offering no concrete solution for pre-BIP 32 addresses.
Beyond recovery mechanisms, Hoskinson disputes BIP 361’s classification as a soft fork, arguing the changes would require a hard fork due to their fundamental alterations to Bitcoin’s consensus rules.
The proposal text acknowledges this possibility, noting that consensus rules may eventually need loosening after Phase B implementation, when both senders and receivers would require upgraded address formats.
The quantum threat timeline remains uncertain, with current quantum computing capabilities insufficient to break Bitcoin’s cryptographic protections.
However, the eventual emergence of sufficiently powerful quantum computers could theoretically compromise addresses where public keys have been exposed through spending transactions, making proactive measures increasingly relevant for long-term network security.
The 1.7 million Bitcoin in pre-2013 addresses represents approximately 8% of Bitcoin’s total supply, with Satoshi’s estimated 1.1 million coins comprising the largest single concentration.
These holdings have remained dormant since Bitcoin’s earliest days, leading to ongoing speculation about their ultimate fate and potential market impact should they ever move.
Current market dynamics make the quantum protection debate particularly relevant, as institutional adoption continues expanding Bitcoin’s role in traditional finance.
The permanent loss of early Bitcoin holdings through quantum vulnerability or technical incompatibility could have deflationary effects on the remaining supply, though such scenarios remain speculative given current technological limitations.
Not Financial Advice: This article is for informational purposes only. Crypto investments are highly volatile. Always do your own research.
