Bitcoin’s quantum migration plan forces the network to choose between frozen and stolen coins

Bitcoin's debate about quantum computers produced a published draft with real political consequences on Apr. 14. Bitcoin Improvement Proposal 361 (BIP 361), titled “Post Quantum Migration and Legacy Signature Sunset,” landed in Bitcoin's official proposal repository with a three-phase plan to phase out ECDSA and Schnorr signature spends entirely once a quantum-resistant output type exists on the network. The proposal builds directly on BIP 360 , published in February, which introduced a new address format that strips Taproot's quantum-vulnerable key-path spend, called Pay-to-Merkle-Root (P2MR) . The proposal also preserved compatibility with Lightning, BitVM, and multi-signature setups. Together, the two drafts constitute the most explicit governance posture Bitcoin has adopted regarding quantum migration to date. Why this matters Halfway through this debate, the real split is no longer just about cryptography but about governance: who has the authority to force a migration, on what timeline, and at what political cost if quantum attacks arrive sooner than expected. What makes this moment sharp is the external calendar hardening around it, as NIST finalized FIPS 203, 204, and 205 in August 2024 and urged organizations to begin migrating immediately. The UK's NCSC has set migration milestones for 2028, 2031, and 2035, while US federal agencies face a 2035 quantum-transition target . Governments, banks, and national cyber agencies already have migration deadlines on their calendars, making blockchains late arrivals to that debate. A timeline maps post-quantum cryptography milestones from NIST's 2024 standards through Bitcoin's BIP 361, Ethereum's 2029 L1 window, and the 2035 UK/US transition target. Bitcoin's coercive logic What separates BIP 361 from prior Bitcoin post-quantum (PQ) discussions is its deliberate coerciveness. Phase A, three years past the activation of a quantum-resistant address type, blocks new sends to vulnerable address formats. Phase B, two years later, invalidates ECDSA and Schnorr spends from quantum-vulnerable UTXOs at the consensus layer. Coins that have not migrated get frozen. A possible Phase C would allow frozen coin holders to prove ownership via zero-knowledge proofs linked to a BIP-39 seed phrase and to recover their funds via a later recovery mechanism. The proposal's authors, including Jameson Lopp of Casa , frame this as a defense. As of Mar. 1, over 34% of all Bitcoin sat in addresses whose public keys had already been exposed on-chain, making those coins theoretically readable by a quantum machine running Shor's algorithm. Google researchers estimated in recent work that a sufficiently powerful quantum computer could crack a Bitcoin private key in roughly nine minutes, with one analysis citing 2029 as a plausible outer bound for a cryptographically relevant machine. The counterargument arrived on the mailing list immediately. Tadge Dryja, a Bitcoin developer and Lightning Network co-author, said that the plan is not viable in its current form because it ties the activation of quantum-resistant outputs to the deactivation of elliptic-curve outputs. That link, Dryja argued, could destroy coins preemptively and relies on definitions of “quantum-vulnerable UTXO” still contested in practice. The BIPs repository explicitly states that inclusion certifies only that a proposal met formal editorial criteria, with community endorsement and activation timing being separate determinations. BIP 360 is already running on Bitcoin's quantum testnet, deployed by BTQ Technologies in early 2026. BIP 361 co-author Ethan Heilman has estimated that a full Bitcoin migration to quantum resilience would take seven years from the day consensus forms. Tron's calculated entry Justin Sun published his own declaration on post-quantum resistance. In a post on X , the Tron founder announced that the network is officially launching a post-quantum upgrade initiative to become the first major public blockchain to deploy NIST-standardized post-quantum cryptographic signatures on mainnet. Sun wrote that “while Bitcoin debates whether to freeze vulnerable coins and Ethereum forms research committees, Tron is building.” He added that a technical roadmap is “coming soon.” Tron holds roughly $86.7 billion in stablecoins , about 97.78% of which is USDT , alongside approximately $5.1 billion in total value locked in DeFi . Post-quantum readiness on a chain of that scale becomes a question of custody and settlement infrastructure. The networks, exchanges, and custodians moving dollar liquidity through Tron have operational keys, admin paths, and bridge mechanisms that a quantum attacker targeting high-value addresses would prioritize first. Tron's current public posture is narrative compression, consisting of decisive language and competitive positioning of the scheme selection, migration model, wallet compatibility plan , and activation path needed to verify what “first major public blockchain” actually means in p