Bitcoin devs bet a quantum attacker will play nice with a ‘wait and react’ plan
BitMEX Research proposes a canary system that pays a bounty to the first quantum attacker and activates a network-wide freeze, offering an alternative to a fixed five-year timeline.
Bitcoin devs bet a quantum attacker will play nice with a ‘wait and react’ plan
BitMEX Research proposes a canary system that pays a bounty to the first quantum attacker and activates a network-wide freeze, offering an alternative to a fixed five-year timeline.
Bitcoin developers are weighing a BitMEX Research proposal for a “canary” system that would only restrict vulnerable older wallets if a quantum-capable attacker proves the threat on-chain.
The canary address would hold a bounty that only a quantum attacker could unlock, with any spend both triggering a retroactive freeze on vulnerable coins and publicly signaling that Bitcoin’s signature scheme has been broken.
Supporters say the approach avoids an “authoritarian” pre-scheduled freeze like BIP-361, while critics warn it gambles that the first quantum attacker will claim the bounty rather than quietly steal funds on a massive scale.
It works by placing small number of bitcoin into a special address that only a quantum-capable attacker could unlock, with any spend from that address serving as public proof that the threat has arrived and automatically triggering a network-wide freeze of older wallets.
Bitcoin wallets rely on digital signature schemes that are secure against classical computers but could be broken by advances in quantum computing, and a recent Google research paper lowered estimates for the resources required, with some observers now pointing to the end of the decade as a potential risk window.
The approach is designed as an alternative to BIP-361, a controversial proposal that would impose the same restrictions on a fixed five-year timeline regardless of whether quantum computers are actually capable of attacking Bitcoin’s blockchain. BIP-361 would phase out vulnerable addresses over several years before invalidating the old signature schemes entirely, leaving any unmigrated coins permanently frozen.
Critics have called that outcome “authoritarian and confiscatory,” arguing it undermines Bitcoin’s core principle that control rests solely with private key holders.
Layered atop the of BitMEX’s detection mechanism is a financial incentive. Users could contribute bitcoin to the address, creating a bounty that rewards the first entity to demonstrate a quantum attack publicly rather than quietly drain vulnerable wallets. Contributors would not need to give up their funds permanently, as the structure allows withdrawals at any time.
The proposal also introduces a “safety window” designed to make stealth attacks harder. Vulnerable coins could still move, but the recipient would be unable to spend them for an extended period, potentially around a year. If the canary is triggered during that window, those coins would be frozen retroactively, increasing the risk to any attacker attempting to quietly extract funds.
There’s a catch
The canary reduces the risk of disrupting users prematurely, but it rests on an uncomfortable bet that the first entity capable of breaking Bitcoin would claim a bounty rather than execute what could be the largest theft in the network’s history and walkaway with millions of bitcoin.
That bet cuts against the kind of worst-case scenario Bitcoin’s design has always tried to prevent, and the network has historically shown little appetite for undoing such events after the fact. Ethereum’s response to the 2016 DAO hack, a hard fork that reversed the theft and split the network into Ethereum and Ethereum Classic, is the kind of protocol-level intervention Bitcoin’s culture has long resisted.
If the bet fails, Bitcoin risks the worst of both worlds — the catastrophe it was trying to prevent, and the realization that a fixed-timeline defense would have stopped it.
Also: AI agents & crypto payments, CoW Swap hijack, ZK proofs on XRPL.
What to know:
Welcome to The Protocol, CoinDesk’s weekly wrap of the most important stories in cryptocurrency tech development. I’m Margaux Nijkerk, a reporter at CoinDesk.
In this issue:
Bitcoin developers are trying to build quantum defenses. Your coins could pay the price.
AI agents are set to power crypto payments, but a…
