Quantum computers could one day put some Bitcoin at risk — but the network isn’t sleepwalking into that future, according to a new research note from Galaxy Digital. The firm’s March 19 report says a sufficiently powerful quantum machine could exploit exposed public keys, yet Bitcoin developers are actively building defenses and migration paths to blunt the threat.
Galaxy’s analyst Will Owens frames the conversation as more polarized than the facts warrant. Some observers argue quantum attacks are decades away; others say the window is much shorter and demand immediate action. Galaxy’s middle-ground conclusion: urgency is justified, but so is perspective. The clock is ticking, but Bitcoin’s structure and the developer response narrow and sequence the real danger.
Not all bitcoin is equally exposed
A key takeaway: only coins whose public keys are visible on-chain are directly vulnerable to quantum attacks. That means legacy wallet formats, address reuse, certain custodian or exchange practices, and long-unused outputs — including some coins linked to Satoshi Nakamoto — carry the highest long-term risk. Citing Project Eleven, Galaxy notes that roughly 7 million BTC (about $470 billion at recent prices) could be considered vulnerable under a broad “long exposure” definition, while acknowledging other methods yield lower figures.
Bitcoin’s UTXO model offers a practical buffer. Unlike account-based chains, Bitcoin typically reveals public keys only when spending, so many coins remain protected behind hashed addresses until they're actually moved. “This distinction does not eliminate risk for Bitcoin, but it does materially affect the scope and sequencing of exposure in a potential Q-day event,” Galaxy writes — in short, the attack surface is narrower than many headlines suggest.
Developers are already working
Galaxy pushes back against the narrative that the developer community is ignoring quantum risk. The report highlights active work and strong engagement: BIP 360 (Pay-to-Merkle-Root) has attracted unprecedented comment, according to Ethan Heilman, and contributors publicly state they’re tackling the problem. “Yes, developers are working on [quantum resistance],” said Matt Corallo. Hunter Beast added, “We are working very hard on this very serious problem.”
Roadmap and mitigation proposals
Galaxy lays out a set of technical directions that are starting to cohere:
- BIP 360 (Pay-to-Merkle-Root): Seen as the leading near-term protective measure, it would remove Taproot’s always-visible key-path spend and create outputs that are more quantum-resilient via a soft fork. This reduces long-exposure risk without forcing an immediate choice of a post-quantum signature scheme.
- Hourglass: A “harm reduction” design aimed at coins already exposed. Rather than freezing vulnerable outputs or letting attackers sweep them unchecked, Hourglass would limit how quickly exposed coins could be extracted and sold during a quantum event.
- Fallback and emergency ideas: The report surveys hash-based signatures (e.g., SLH-DSA), Tadge Dryja’s commit/reveal approach for worst-case scenarios, and seed-phrase zero-knowledge proofs for recovery and authentication. No single proposal is a silver bullet, but together they broaden Bitcoin’s practical options.
Governance remains a constraint
Galaxy is candid about timelines: Bitcoin upgrades move slowly by design, as history with SegWit and Taproot shows. That governance friction matters, but Owens points to one mitigating factor: there’s little to gain for any constituency from leaving Bitcoin vulnerable to quantum attack. That alignment of incentives, he suggests, could help drive consensus if the risk grows more immediate.
Bottom line
Galaxy’s message is clear: quantum risk to Bitcoin is real and worth preparing for, but the situation is not apocalyptic. Bitcoin’s protocol design limits exposure, developers are engaged, and a mix of technical proposals offers concrete mitigation and migration paths. The debate has moved from theoretical to practical — and the work is already underway.
At press time, BTC traded at $70,360.
Read more AI-generated news on: undefined/news
