Hoskinson Challenges Bitcoin Quantum Fix as 8M BTC Risk Debate Widens

Charles Hoskinson has sharpened his criticism of Bitcoin’s emerging quantum-security roadmap, warning that a draft plan to sunset legacy signatures could force the network into a property-rights fight over dormant coins.

The Cardano founder criticized BIP-361 as Bitcoin developers weigh how to protect coins whose public keys have already appeared onchain. The dispute centers on BIP-361, a draft proposal that would follow a future post-quantum output type with a scheduled phaseout of legacy ECDSA and Schnorr spending paths.

BIP-361 says that, as of March 1, 2026, more than 34% of all bitcoin had revealed a public key onchain. That exposure is the basis for warnings that several million BTC, often framed around an 8 million BTC risk bucket, could become vulnerable if a cryptographically relevant quantum computer can derive private keys from public keys.

That is not an active exploit claim. Coinbase’s Quantum Advisory Council said crypto is safe today, while estimating that 6.9 million BTC sits in the most exposed wallet-level category. Its warning focused on signatures and wallet ownership, not Bitcoin mining, hash functions, or the historical blockchain record.

Draft Fix Puts Dormant Coins At The Center

BIP-361 would create a staged migration. Phase A would stop new sends to quantum-vulnerable address types roughly 160,000 blocks after activation. Phase B would later restrict legacy signature spends through a quantum-safe rescue process.

Hoskinson’s objection cuts into the politics of that rescue. If users migrate, the network reduces future attack surface. If old coins never move, a sunset rule could make them unspendable by consensus. The problem is most acute for Pay-to-Public-Key outputs, including many early Bitcoin coins, because BIP-361 says no rescue protocol is currently known for P2PK UTXOs.

That is where the debate leaves pure cryptography and enters Bitcoin’s social contract. Dormant P2PK coins remain a flashpoint in the Satoshi-era holdings debate, while analysts have argued that the risk profile differs across old P2PK coins, reused institutional addresses and Taproot exposure.

The technical pressure is growing. Google Research estimated that future quantum attacks against ECDLP-256 could require fewer than 1,200 logical qubits and 90 million Toffoli gates, or fewer than 1,450 logical qubits and 70 million Toffoli gates, with execution possible in minutes on fewer than 500,000 physical qubits under its assumptions. NIST has already finalized post-quantum standards, including ML-KEM, ML-DSA and SLH-DSA.

Bitcoin also has narrower building blocks under review. BIP-360 proposes Pay-to-Merkle-Root, a Taproot-like output without the key-path spend, aimed at long-exposure attacks rather than short mempool-window attacks.

The current record is clear: BIP-361 is a draft, no public quantum computer can drain Bitcoin addresses at scale, and the hardest unresolved question is whether Bitcoin can defend exposed public keys without freezing coins that legitimate owners never migrate.

The post Hoskinson Challenges Bitcoin Quantum Fix as 8M BTC Risk Debate Widens appeared first on Crypto Adventure.