Ledger’s CTO warns old Bitcoin wallets face permanent quantum risks. BIP-361 proposes a fix, but pre-2013 coins may have no recovery path.
A new Bitcoin Improvement Proposal is becoming the talk in the crypto community. BIP-361 targets one of the most complex challenges in Bitcoin’s future: quantum migration.
The proposal outlines how Bitcoin holders can move their funds to quantum-safe addresses.
However, Ledger’s Chief Technology Officer has flagged a serious concern. Some old Bitcoin wallets may simply never be recoverable.
Related reading:
New MARA Foundation Aims to Protect Bitcoin From Quantum Breakage
BIP-361 and the Post-Quantum Bitcoin Migration Plan
BIP-361 tackles the incentive problem behind post-quantum migration. Its focus is not on choosing a specific signature scheme. Instead, it addresses how to actually get holders to move their funds safely.
The proposal defines three phases. Phase A, roughly three years after activation, bans new outputs to ECDSA or Schnorr addresses.
Existing funds can still move, but only into post-quantum scripts. Phase B, two years later, makes ECDSA and Schnorr spends entirely invalid. Unmigrated UTXOs become frozen at that point.
Phase C remains undefined and is where the real complexity begins.
The logic from Phase A to Phase B is straightforward. Cap the vulnerable exposure, then phase it out entirely.
Phase C, though, raises political and ethical questions the other phases do not.
BIP-361 (https://t.co/PJkbk1Xuu6) in one sentence: it tackles the incentive problem of the Post-Quantum migration, how you actually get holders to move, without trying to settle the technical parameters of it (which signature scheme, which output type). Those are deferred to…
— Charles Guillemet (@P3b7_) April 28, 2026
Why Quantum Computers Change the Rules of Ownership
In a post-quantum world, knowing a private key no longer proves ownership.
A cryptographically relevant quantum computer, often called a CRQC, can derive a private key directly from a public key. That breaks the assumption that Bitcoin’s security has always relied on.
BIP-361 hints at an elegant solution for Phase C. It involves a zero-knowledge proof of BIP-39 seed phrase ownership. The BIP-39 to BIP-32 derivation relies on a one-way hash chain. Quantum computers cannot reverse it.
A wallet owner would prove knowledge of their seed without revealing it, and the blockchain would verify the proof and release the funds.
This approach also carries a broader benefit. Native ZK proof verification on Bitcoin could open doors to validity rollups, privacy upgrades, and succinct proof systems.
Pre-2013 Bitcoin Coins Face a Different Problem
BIP-39 only arrived in 2013.
BIP-32 came in late 2012. Coins created before those standards have no seed phrase tied to them.
Many early Bitcoin outputs, especially Pay-to-Public-Key coins, already have their public keys exposed on-chain.
For these UTXOs, ZK-based recovery is structurally impossible. BIP-361 acknowledges this directly.
The proposal falls back on an Hourglass-style mechanism for such cases, which involves rate-limited spending rather than cryptographic proof.
This is the unresolved gap in the proposal. BIP-361 provides the right framework, but Phase C only solves part of the problem. The oldest Bitcoin holdings remain the hardest to protect.
