The quantum computing threat to Bitcoin has moved from theoretical speculation to urgent boardroom discussion, and the world's leading cryptographers still cannot agree on the most contentious question facing the network: what happens to millions of coins that can never be moved to safety?
A newly released report from a Coinbase-assembled advisory council featuring some of the most respected names in cryptography has delivered a sobering assessment. While quantum computers do not currently threaten blockchain security, the panel argues that Bitcoin's community must begin technical preparations immediately. Yet on the explosive question of whether vulnerable coins—including those potentially belonging to Satoshi Nakamoto—should eventually be rendered unspendable, the experts have deliberately stepped aside.
The Quantum Vulnerability Landscape: 6.7 Million Bitcoin at Risk
The scale of Bitcoin's quantum exposure is staggering. According to research from Project11, a group dedicated to tracking quantum risks in cryptocurrency, approximately 6.7 million bitcoin face potential compromise from future quantum attacks. This represents roughly 32% of all bitcoin that will ever exist, a vulnerability that could fundamentally undermine confidence in the network.
The exposure breaks down into two distinct categories. Roughly 1.7 million bitcoin reside in approximately 20,000 early pay-to-public-key (P2PK) addresses—a legacy format that directly publishes the owner's public key on the blockchain. This transparency, while acceptable in Bitcoin's early days, creates a direct attack vector for quantum computers capable of deriving private keys from public ones.
Many of these P2PK addresses are believed to belong to Bitcoin's pseudonymous creator, Satoshi Nakamoto, along with other early adopters who have long since lost access to their keys. These coins cannot be migrated to quantum-resistant addresses because their owners have vanished or passed away. They sit frozen in time, waiting either for their eventual obsolescence or for a quantum attacker to claim them.
The remaining 5 million vulnerable bitcoin stem from address reuse—a practice where users receive multiple transactions to the same address, inadvertently exposing their public keys. While many of these are believed to be actively managed holdings in exchange wallets, their vulnerability remains a systemic concern.
Elite Cryptographers Sound the Alarm While Refusing to Choose Sides
The Coinbase advisory council reads like a who's who of modern cryptography. Scott Aaronson from the University of Texas at Austin, widely regarded as one of the foremost authorities on quantum computing, joined forces with Stanford's Dan Boneh, whose work on cryptographic protocols has shaped the field for decades. Even Justin Drake from the Ethereum Foundation contributed to the panel's findings.
Their collective assessment offers both reassurance and urgency. Quantum computers capable of breaking Bitcoin's current cryptographic protections—specifically the elliptic curve digital signature algorithm (ECDSA) and Schnorr signatures—do not exist today. Moreover, no one can reliably predict when such machines will emerge. This uncertainty, however, should not breed complacency.
The panel's core recommendation is unambiguous: begin technical migration planning immediately. The engineering work required to implement post-quantum signatures is entirely separate from the governance debate over abandoned coins and should not wait for that contentious discussion to resolve.
Yet when pressed on whether vulnerable coins should eventually be frozen, the council explicitly declined to take a position. The report states plainly that there is no correct answer and that the Bitcoin community must decide for itself. This diplomatic sidestep acknowledges the deeply ideological nature of the debate while attempting to prevent the governance controversy from paralyzing technical progress.
The Ideological Battle: Property Rights vs. Network Security
The abandoned coins question has split the Bitcoin community along philosophical lines that cut to the core of what the network represents.
One faction advocates for a hard deadline after which legacy signature schemes would no longer be accepted. Under this approach, any unmigrated coins would become permanently unspendable. Proponents argue this is the only responsible path forward. Leaving millions of bitcoin vulnerable to quantum theft creates an existential risk—a future attacker, potentially a sanctioned nation-state like North Korea, could seize enough bitcoin to crash prices and permanently taint the network's legitimacy.
The opposing camp views any deadline as confiscation, pure and simple. Bitcoin was built on the principle of absolute property rights, they argue. No central authority should have the power to render coins unspendable, regardless of the justification. Setting this precedent, critics warn, opens the door to future freezes under government pressure or other political motivations.
This ideological divide has paralyzed decision-making even as the quantum threat slowly materializes on the horizon.
Competing Proposals Offer Middle Ground Solutions
Several technical proposals have emerged attempting to bridge the gap between security hawks and property rights advocates. The Coinbase panel notably observed that many of these solutions are compatible and could potentially be implemented together.
The Hourglass proposal would cap how many vulnerable coins can be spent per block, preventing a sudden supply flood if a quantum attacker gains access to multiple addresses simultaneously. This rate-limiting approach would give the network time to respond to an attack without outright freezing any coins.
BIP-361, developed by prominent Bitcoin developer Jameson Lopp and collaborators, offers another path forward. Under this proposal, holders who migrate to quantum-resistant addresses could prove ownership after any cutoff date using a special quantum-resistant proof that exposes no cryptographic keys. This would protect legitimately lost access while still enabling recovery.
PACTs, proposed by Paradigm's Dan Robinson, takes a different approach entirely. Owners could timestamp a private claim to their funds now, establishing proof of ownership without revealing any information publicly. Later, when quantum-resistant infrastructure is in place, they could move their funds using this pre-established claim.
Each proposal represents a genuine attempt to balance competing concerns, yet none has achieved consensus support within the broader Bitcoin community.
Ethereum's Head Start Highlights Bitcoin's Delay
The contrast with Ethereum's approach has become increasingly stark. While Bitcoin's community continues debating the philosophical implications of various migration strategies, Ethereum has spent years actively preparing for the post-quantum future.
This divergence reflects fundamental differences in governance philosophy. Ethereum's more centralized development process allows for coordinated technical upgrades, while Bitcoin's decentralized ethos demands broad community consensus before implementing changes. What some view as Bitcoin's greatest strength—its resistance to top-down modification—others see as a dangerous inability to adapt to emerging threats.
The Coinbase panel's report implicitly acknowledges this tension. By urging immediate technical work while refusing to dictate governance outcomes, the cryptographers are attempting to separate tractable engineering challenges from intractable political ones.
The Path Forward: Clarity and Communication
Beyond technical recommendations, the advisory council emphasized the critical importance of clear communication. Users need to understand that this problem is being taken seriously, the report stressed. Uncertainty itself creates risk, potentially undermining confidence in Bitcoin even before any quantum attack materializes.
The panel's call for clarity extends to wallet providers, exchanges, and other infrastructure operators who will ultimately need to guide users through any migration process. Without coordinated messaging, confusion could lead to significant losses as users fail to protect their holdings in time.
For now, the quantum question remains Bitcoin's most significant unresolved challenge. The technical solutions exist, the expert consensus points toward action, and the clock continues ticking. What remains missing is the community will to make difficult decisions about the network's future—decisions that will define whether Bitcoin can evolve to meet threats its creators never imagined while preserving the principles that made it revolutionary in the first place.
The cryptographers have spoken. The rest is up to Bitcoin.