Bitcoin Experts Split on Freezing Satoshi's 1.1 Million BTC as Quantum Threat Grows
CZ proposed a 6-to-12-month migration window before freezing Satoshi's estimated 1.1 million BTC. BIP-361 targets 1.7 million BTC in legacy addresses. The community is split three ways with no consensus in sight.

Binance's CZ mused about a protocol freeze. A formal BIP already targets 1.7 million bitcoin. Nobody agrees on what to do next.
Key takeaways
- Binance founder CZ proposed a 6-to-12-month migration grace period on a June 18 Galaxy Brains podcast, after which Satoshi's estimated 1.1 million BTC and other dormant coins could be frozen via a protocol fork.
- BIP-361, authored by Jameson Lopp and submitted to the Bitcoin BIPs repository on April 14, 2026, outlines a phased 5-year sunset of legacy signatures that would permanently freeze unmigrated coins across roughly 1.7 million BTC in P2PK addresses.
- The community is split three ways: protocol-level freeze (BIP-361 / CZ direction), accept quantum theft risk and do nothing (Terpin), or route around the protocol using a legal trust model (Nic Carter), with no consensus and no activation timeline on any path.
Binance founder Changpeng Zhao floated freezing Satoshi Nakamoto's estimated 1.1 million BTC during the June 18, 2026 Galaxy Brains podcast hosted by Galaxy Research President Alex Thorn, proposing a 6-to-12-month migration window before any dormant, quantum-vulnerable coins get locked at the protocol level. The proposal surfaced a debate that has been building quietly in developer circles since BIP-361 was submitted in April: Bitcoin cannot honor both property rights and quantum security at the same time, and the community has no plan for choosing between them.
"If we don't do anything with it, then we're basically giving it to somebody who's going to hack it," CZ said on the podcast. On June 20, CZ clarified on X (@cz_binance) that he was not proposing Binance or any individual personally freeze the addresses, framing his remarks as a question to the community rather than a concrete proposal.
The BIP That Goes Further Than CZ
CZ's musing lands on top of a formal proposal that is already more aggressive. BIP-361, titled "Post Quantum Migration and Legacy Signature Sunset," was submitted by Jameson Lopp (co-founder and CSO at Casa) and five co-authors on April 14, 2026. It is a three-phase framework: Phase A blocks new sends to legacy addresses three years after activation; Phase B voids legacy signatures five years after activation, permanently freezing unmigrated coins; Phase C offers a ZK-proof rescue mechanism for holders who can still produce a seed phrase.
Lopp has been direct about the stakes. In April he said he would "rather freeze" Satoshi's coins and millions of other dormant BTC "than let hackers steal them." On CZ's remarks, Lopp was more measured: "I think this is not a binary debate of 'to freeze or not to freeze.'" His point is that the real issue is getting the entire Bitcoin ecosystem, users, exchanges, custodians, wallets, and institutions, to migrate to post-quantum cryptography before the threat window opens.
BIP-361 builds on BIP-360, which introduced a quantum-resistant address type. Lopp himself noted BIP-361 is not currently positioned for adoption.
The scale of the problem is larger than the Satoshi narrative suggests. Approximately 1.7 million BTC sit in P2PK addresses with exposed public keys. Satoshi's estimated 1.1 million BTC (per the Patoshi model) is the most prominent subset, but every Bitcoiner who has reused addresses or holds coins in legacy formats has exposure. According to BIP-361 itself, as of March 1, 2026, over 34% of all bitcoin have revealed a public key on-chain, making those UTXOs vulnerable to a sufficiently powerful quantum computer.
For a sense of the post-quantum migration pressure already building, the developer debate has been live for months.
Three Camps, No Consensus
The community response has sorted into three positions, each with significant tradeoffs.
Michael Terpin (founder and CEO of Transform Ventures) holds the property-rights line. "While I appreciate the proactivity in CZ's proposal, it begins a slippery slope of creating permission in a permissionless system relative to personal property," Terpin told CoinDesk. His fallback: if a quantum attacker dumps Satoshi's coins, it would "be a one-time episode and post-quantum bitcoin would recover." He also questioned whether consensus is even achievable: "Considering it took years just to implement SegWit, I doubt a quick consensus could be formed here."
That cut goes both ways. SegWit was a capacity feature. A forced migration with economic finality, coins permanently unspendable if you miss the window, is categorically harder to push through. If the governance fight takes as long as SegWit and quantum capability arrives sooner, the network loses by delay.
Bitwise CIO Matt Hougan rejected both extremes and pointed to a third path proposed by Castle Island Ventures general partner Nic Carter: a "salvage law" model in which a government or appointed entity holds Satoshi's coins in trust, with a finder's fee (10 to 15%), preserving them for Satoshi's estate rather than executing a protocol-level freeze. Hougan noted the market already prices Satoshi's coins as permanently unavailable: "The market already accounts for them as frozen forever." He also said he does not think "there is any way that developments around Satoshi's coins are positive for the ecosystem."
The Carter trust model is philosophically the most interesting option on the table and simultaneously the one most likely to alarm Bitcoiners who understand self-sovereignty. "The government should effectively appoint someone or some lab to salvage the coins, hold them in trust for Satoshi or Satoshi's estate," Carter said on the Bankless podcast in April 2026. A sentence that starts with "the government appoints a custodian" has no clean ending for a Bitcoin property-rights purist. On the question of permissionless systems and freeze risk, the tradeoffs have been examined in detail.
Alex Thorn, the Galaxy Research President who hosted CZ's original remarks, has been a prominent critic of any forced lock, arguing it violates Bitcoin's core principle that no one can seize another's coins.
What the Quantum Timeline Actually Means
The urgency isn't theoretical anymore. Recent research has focused on how many qubits a cryptographic attack on Bitcoin's elliptic curve cryptography would require, with estimates continuing to fall below prior projections. Trump's executive orders targeting a "scientifically relevant" quantum machine and moving the federal post-quantum cryptography deadline signal that the U.S. government is explicitly racing toward the same capability threshold.
The entity most likely to crack early quantum computation is a nation-state. That changes the threat model entirely. The Trump quantum executive orders and their implications for Bitcoin's migration timeline are worth tracking closely.
BIP-361 has no activation date and no current path to adoption. The debate remains largely theoretical, as Lopp, Hougan, and Terpin all acknowledge. But the fact that a formal BIP with a 5-year sunset mechanism exists at all is the signal: serious developers are no longer treating quantum as a far-horizon problem.
The falsifiable question is whether that urgency converts into consensus before the threat window opens. If BIP-361 is formally rejected without a successor proposal, or if new research demonstrates qubit requirements are orders of magnitude higher than current estimates, the governance crisis narrative collapses. If neither happens, the network is running out of time to disagree.
Sources
- Galaxy Brains podcast, June 18, 2026 (Galaxy Digital / Alex Thorn)
- BIP-361 on GitHub
- BIP-360 on GitHub
- Nic Carter, "How to resolve the matter of the Satoshi coins without a freeze," Substack (2026)
- First reported by CoinDesk (Olivier Acuna, July 4, 2026)
Frequently Asked Questions
BIP-361 is a three-phase proposal submitted April 14, 2026 to the Bitcoin BIPs GitHub repository by Jameson Lopp and five co-authors. Phase B, activating five years after adoption, would void legacy signatures and permanently freeze any coins that have not migrated to a quantum-resistant address type. It applies to all bitcoin in exposed legacy address formats, estimated at roughly 1.7 million BTC in P2PK addresses. Satoshi's estimated 1.1 million BTC is the most discussed subset, but the proposal's scope is much broader.
According to BIP-361, as of March 1, 2026, over 34% of all bitcoin have revealed a public key on-chain, making them vulnerable to a sufficiently powerful quantum computer running Shor's algorithm against elliptic curve cryptography. The P2PK address category alone contains roughly 1.7 million BTC. Satoshi's estimated 1.1 million BTC (per the Patoshi model) is the highest-profile portion. Any address whose public key has been broadcast to the network, including reused addresses, carries some degree of exposure.
Activation requires broad consensus across developers, miners, node operators, and the broader ecosystem. No formal activation process for BIP-361 has begun. Lopp himself characterized it as adversarial thinking about a future threat, not a near-term deployment. The SegWit precedent is instructive: a far less controversial upgrade took years of contentious debate to activate. A proposal that would render coins permanently unspendable for non-migrators is a harder political lift by an order of magnitude.


