A top Bitcoin developer says he’s built something the community has debated for years but never actually produced: a way to rescue ordinary wallets if the network is ever forced to defend itself against a quantum computer.
in the face of quantum adversary, a commonly discussed emergency soft fork for Bitcoin would be to disable the Taproot keyspend path (https://t.co/Gzx8NVui3N), effectively turning it into something that resembling BIP-360
assuming an existing precautionary soft-fork to add a pq…
— Olaoluwa Osuntokun (@roasbeef) April 8, 2026
Olaoluwa “Roasbeef” Osuntokun, chief technology officer at Lightning Labs, unveiled the working prototype in an April 8 post to the Bitcoin developer mailing list. The tool targets a specific and uncomfortable flaw in Bitcoin’s long-term defense plan, a widely discussed “emergency brake” upgrade designed to protect the network from quantum attacks could also lock millions of users out of their own funds. Osuntokun’s proposal is an escape hatch.
Bitcoin relies on a form of encryption that could, in theory, be broken by sufficiently powerful quantum computers. If that happens, public data already visible on the blockchain could be turned into private keys, allowing attackers to seize funds.
One leading proposal, known as BIP-360, was merged into Bitcoin’s improvement-proposal repository in February as a draft. It would give users a new, quantum-resistant type of wallet to migrate their funds into ahead of any threat.
But migration takes time, and not everyone will move in time. That’s why developers have also been discussing a more drastic backstop — the “emergency brake.”
Every Bitcoin transaction today is authorized by a digital signature, a piece of cryptographic math that proves the sender owns the coins. Those signatures are exactly what a quantum computer would be able to forge.
The emergency brake would shut off Bitcoin’s current signature system network-wide, before an attacker could start draining wallets. Think of it as cutting power to the locks when you realize the keys have been copied.
The problem is what happens to everyone still inside. Most modern wallets — especially the single-user Taproot wallets introduced to Bitcoin in 2021 and now common across the ecosystem — rely on that signature system and nothing else to authorize spending. If it gets switched off, those wallets have no second way to prove ownership.
The coins inside them would be stranded, untouchable even by their rightful owners. The same upgrade designed to protect users could also freeze them out permanently.
Osuntokun’s prototype is designed to give those wallets a second way. Instead of proving ownership with a digital signature — the very mechanism a quantum attack would break and the emergency upgrade would disable — his system lets a user mathematically prove they were the one who originally created the wallet, using the secret “seed” that every Bitcoin wallet is generated from.
Crucially, the proof doesn’t require revealing the seed itself, so using it to rescue one wallet doesn’t compromise any others derived from the same seed. In effect, it replaces “I can sign this transaction” with “I can prove this wallet came from me.”
The prototype is already functional. Running on a high-end consumer MacBook, generating the proof took about 55 seconds, while verification took under two seconds. The resulting proof file was roughly 1.7 MB, about the size of a high-resolution image. Osuntokun said the system was built as a side project and remains unoptimized.
Right now there is no formal proposal to add it to the Bitcoin blockchain, no deployment timeline, and developers remain divided on how urgent the quantum threat actually is.
Academic researchers note that many widely cited quantum “breakthroughs” rely on simplified test conditions, and large-scale attacks on Bitcoin’s mining system would run into hard physical limits. But the risk to exposed wallets is considered real enough that developers have been sketching defensive upgrades for years.
Markets reflect that uncertainty. On Polymarket, traders currently assign roughly a 28% chance that BIP-360 is implemented by 2027.
But the prototype closes a gap that had lingered in theory: how to protect Bitcoin from a future threat without the collateral damage of locking users out of their wallets.
