BitMEX Proposes Canary Fund to Trigger Bitcoin Freeze

BitMEX Research on Thursday published a proposal for a canary fund and an accompanying soft fork that would activate a freeze of Bitcoin outputs judged vulnerable to quantum attacks only after a specific canary address is spent.

The plan uses a Nothing-Up-My-Sleeve Number, or NUMS, to create a valid Bitcoin address whose private key is intentionally unknown. Users can donate BTC to that address as a bounty. If any actor ever spends from the NUMS address, the transaction would provide on-chain proof that a quantum-capable actor can derive private keys and spend coins. The soft-fork mechanism would remain dormant unless that canary output is spent, at which point the protocol would enter a freeze state for designated vulnerable outputs.

BitMEX calls the arrangement a ‘canary watch state.’ Under that state, older outputs would remain spendable so long as the canary address has not been spent. The proposal lets donors protect contributions with multisignature arrangements and allows them to withdraw funds from the canary address at any time. The design also includes a delayed-lock safety window that would allow some transactions from outputs past a five-year threshold, but with temporary restrictions and output locks.

The canary proposal was offered as an alternative to BIP-361, a separate draft that recommends freezing dormant, quantum-vulnerable outputs after a set period. BIP-361 has drawn pushback from parts of the Bitcoin community, with some critics calling that draft authoritarian and confiscatory. Jameson Lopp described his BIP-361 draft as a rough idea for a contingency plan and wrote on social media that he drafted it because he preferred it to other options.

BitMEX acknowledged its canary design adds complexity and risk compared with a straightforward freeze and noted that mitigating the impact of any freeze may be worth considering given how controversial freezes are. The firm wrote that the canary approach could reduce collateral damage by tying activation to verifiable on-chain evidence of a real quantum exploit.

The technical concern behind both proposals is that advances in quantum computing could eventually break the elliptic-curve digital signature algorithm (ECDSA) used in Bitcoin transactions. Outputs whose public keys have been exposed, for example coins moved and then left unspent, could become targets if a quantum computer can derive the corresponding private keys. Supporters of contingency mechanisms say some protections may be needed to prevent large-scale theft if quantum capabilities arrive; opponents say protocol changes that enable freezes could allow majorities of developers or miners to lock user funds.

The BitMEX proposal leaves room for users to manage risk through multisig and withdrawals and for the community to decide the exact conditions for a freeze. The draft adds a trigger tied to demonstrated attack activity rather than a preemptive lock on dormant outputs. Community discussion and review are expected to continue as developers weigh risks, complexity, and governance implications.