Clock is ticking: 6.9 million BTC — including Satoshi’s stash — could be exposed if quantum computers arrive sooner than expected.
Quantum computers won’t instantly topple Bitcoin. The network’s mining process, which relies on one-way hashing functions, is effectively safe from known quantum attacks. Blocks would still be produced and the ledger would keep running. What’s in real danger is ownership: private keys that control wallets. Those are secured by elliptic-curve cryptography (the one-way math that turns a private key into a public address). Classical computers cannot reverse that process in any practical time, but a quantum algorithm called Shor’s could.
Recent research has sharpened the threat. A new paper from Google showed that the resources required to run Shor’s algorithm against elliptic-curve keys may be far lower than previously estimated — cutting the margin of safety and bringing the race against Bitcoin’s own block times into focus.
What’s actually at risk
- Roughly 6.9 million BTC — about one-third of all bitcoins mined — sit in wallets whose public keys are already exposed onchain. Many of these coins date to Bitcoin’s early years and use address formats that published the public key by default. Any wallet that has been spent from is also at risk, because spending reveals the public key for whatever remains.
- Satoshi Nakamoto’s roughly 1 million BTC, untouched since Bitcoin’s infancy, falls into this exposed category.
- A quantum attacker wouldn’t have to race a pending transaction. They could methodically target already-exposed keys at their own pace.
Taproot widened the window
The 2021 Taproot upgrade — designed to improve efficiency and privacy — had a side effect: any bitcoin spent since Taproot activated publishes the key protecting remaining funds at that address. That was considered an acceptable tradeoff when quantum timelines seemed distant; with new research, that calculus is shifting.
Responses so far: Ethereum vs Bitcoin
Ethereum has treated the threat seriously for years. Since 2018 the Ethereum Foundation has funded multiple teams to plan and test a migration to quantum-resistant cryptography, mapping upgrades across upcoming hard forks and even publishing progress on pq.ethereum.org.
Bitcoin, by contrast, has no coordinated, fully funded migration program. There are proposals — notably BIP-360, which would introduce new post-quantum address types for voluntary migration, and a BitMEX Research plan that focuses on on-chain detection and automated defenses — but neither has broad support from Bitcoin’s core developers, and they take different approaches to the problem.
The debate inside Bitcoin
The community is split. Nic Carter has warned bluntly that “elliptic curve cryptography is on the brink of obsolescence,” praising Ethereum’s organized approach and criticizing elements of Bitcoin’s response. Adam Back of Blockstream says quantum hardware still has to prove itself and urges caution, but he also recommends preparing optional upgrades in advance so migration can happen deliberately, not in panic.
Why migration is uniquely hard for Bitcoin
The engineering is one thing; the politics and social architecture are another. Ethereum benefits from a foundation, funded engineering teams, and a governance process that routinely coordinates large upgrades. Bitcoin was designed to resist central control and to make protocol changes rare and difficult — features that have delivered extraordinary stability but also make a coordinated, fast migration harder.
Key migration dilemmas that Bitcoin would face
- Freeze old formats or not? Locking legacy address formats could protect coins from theft but would also permanently lock away any owners who can’t move their funds.
- Allow moves using the exposed keys? Letting owners migrate using the keys that are already exposed could reduce losses but would still require revealing ownership.
- What about unreachable or unwilling owners? Coins whose custodians cannot be reached — including Satoshi’s — pose acute moral and technical questions.
A narrowing window
The authors of the Google paper warn that a successful quantum attack on elliptic-curve cryptography may not be a clean wake-up call; by the time the threat is obvious, the opportunity to act may already be gone. Developers face an urgent test: can a network built to minimize coordinated change organize the largest security migration in its history before quantum hardware catches up?
Bottom line
Ethereum’s eight-year head start argues for beginning the migration now. Bitcoin’s culture of cautious, slow change suggests a different path: wait until the threat is demonstrable, then react. Only one of those approaches will work if quantum timelines prove shorter than the optimists expect.
The clock is running.
Read more AI-generated news on: undefined/news
