Clock is ticking for bitcoin to prevent quantum threat as it could drain 6.9 million BTC including Satoshi’s

Tech Share Share this article Copy link X icon X (Twitter) LinkedIn Facebook Email Clock is ticking for bitcoin to prevent quantum threat as it could drain 6.9 million BTC including Satoshi’s Can a network without formal governance coordinate the biggest cryptographic migration in its history? By Shaurya Malwa | Edited by Aoyon Ashraf Apr 25, 2026, 10:00 a.m. Make preferred on What to know : Quantum computers cannot disrupt bitcoin mining or the blockchain ledger itself, but they could eventually break the cryptography that protects wallet ownership. Roughly 6.9 million bitcoin, including Satoshi Nakamoto’s early holdings and any coins spent from since 2021’s Taproot upgrade, are already exposed to future quantum attacks because their public keys are visible on-chain. Unlike Ethereum, which has a coordinated, well-funded post-quantum migration plan, bitcoin lacks a unified roadmap, and its anti-centralization culture makes it harder to agree on urgent security upgrades before quantum hardware matures. Not everything in bitcoin is at risk from a quantum computer. Bitcoin mining, the process by which new blocks get added to the blockchain, uses a type of math called hashing that quantum computers cannot meaningfully break. The ledger itself and the rule that new bitcoin can only be created through mining would survive a quantum attacker. Blocks would still get produced, and the chain would keep running. What would not survive is ownership. Bitcoin wallets are protected by a different kind of math that turns a secret private key into a public address anyone can see. The math works easily in one direction and not at all in the other, which is the only thing stopping a stranger from spending your coins. Part 1 of this quantum computing series went into physics. A quantum computer is not a faster version of a regular computer. It is a fundamentally different kind of machine, starting at a very cold, very small loop of metal where particles behave in ways they do not behave anywhere else on Earth. Part 2 walked through what happens when you point that machine at bitcoin. Bitcoin wallets depend on a one-way math problem. Turning a secret private key into a public address takes milliseconds. Going the other way, from public address back to the private key, would take a regular computer longer than the age of the universe. A quantum algorithm called Shor's collapses the gap. Google's paper this month showed the attack could be run with far fewer resources than anyone previously estimated, in a window that races against bitcoin's own block times. This piece, the last in the series, is about the response. What is actually at risk, what bitcoin has done about it, and whether a network built to resist coordinated change can coordinate the biggest security upgrade in its history before the hardware catches up. What's exposed, what's safe The at-risk pool is large. Roughly 6.9 million bitcoin, about one-third of everything ever mined, sits in wallets whose public keys are already permanently visible onchain. Most of this is early bitcoin from the network's first years, stored in an address format that published the public key by default. It also includes any wallet that has ever been spent from, because spending reveals the key for whatever remains. A quantum attacker would not need to race against a transaction in progress. Rather, they could work through the wallets with already exposed keys at their own pace, one by one. Bitcoin’s pseudonymous creator, Satoshi Nakamoto, holds roughly 1 million bitcoin, untouched since the network's early days, and this stack now sits in the exposed category. The 2021 Taproot upgrade expanded the problem. Taproot is a change to how bitcoin addresses work, intended to make transactions more efficient and more private. A side effect was that any bitcoin spent since Taproot activated has published the key protecting whatever remains at that address. This was not a mistake but a reasonable tradeoff at the time, when quantum timelines looked much longer than they do now. What's in the works? While the quantum threat has sparked a heated debate in recent months, and other blockchains are preparing , nothing concrete has emerged from Bitcoin developers yet. Ethereum, which can be considered one of Bitcoin's largest competitors among institutional investors looking at the crypto market, has had a formal quantum-resistant program since 2018. The Ethereum Foundation runs four teams working on the migration full-time, with more than ten independent developer groups shipping weekly test networks. The plan maps specific upgrades across four upcoming network-wide changes, moving Ethereum's security to new math that quantum computers cannot break. It has even launched a dedicated website, pq.ethereum.org, to publish its progress. Bitcoin has no equivalent strategy so far. That doesn't mean there aren't any efforts out there to solve it. One such formal proposal is BIP-360 from a group of developers and researchers. It would add new quantum-safe address types that holders could voluntarily migrate to. A competing proposal from BitMEX Research would install a detection system that triggers defensive action if a quantum attack is observed on the network. However, neither has broad support from bitcoin's core developers, and the two proposals solve different halves of the problem. Nic Carter, one of bitcoin's prominent advocates, has called it out in the past months. "Elliptic curve cryptography is on the brink of obsolescence," Carter wrote on X , referring to the math that secures bitcoin wallets. He described Ethereum's approach as "best in class" and bitcoin's as "worst in class," citing developers who "deny, gaslight, gatekeep, bury heads in sand" rather than engage with the problem. Adam Back, the Blockstream CEO and a prominent early bitcoin contributor, disagrees on the urgency but agrees on the direction. "Quantum computing still has a lot to prove. Current systems are essentially lab experiments," Back said at a conference earlier this month. But he also said bitcoin should prepare now, with optional upgrades built in advance so the network can migrate when needed, rather than scrambling in a crisis. The coordination problem So what's the biggest challenge in implementing effective solutions against Bitcoin's quantum threat? Bitcoin's migration is harder than Ethereum's for reasons unrelated to the actual math. Ethereum has a foundation that funds engineering work and a governance process that regularly passes major upgrades. Bitcoin has neither. Its development culture treats any central authority as a failure mode, and its social consensus holds that changes to the protocol should be rare and hard. Those priors have kept the network stable for nearly two decades, but they also make the quantum problem structurally harder for bitcoin to solve. Migrating the 6.9 million exposed coins requires decisions the network has spent twenty years avoiding. Should old address formats be frozen after a certain date to protect coins from future theft? Should exposed coins be allowed to move to new quantum-safe addresses using their original keys? What happens to coins whose owners cannot or will not migrate? Satoshi's coins are the sharpest example. Freezing old formats protects the coins from theft but makes them permanently inaccessible, including to Satoshi. Leaving the old formats open means those coins sit as a standing prize for whoever builds the first working quantum computer or has access to a quantum computer and wants to attack. Setting a migration deadline forces Satoshi to either move the coins, revealing their ownership, or lose them. Every option changes bitcoin's character in ways the network has historically refused to change it. What happens next The Google paper's own framing is a summary of where the industry stands. A successful attack on the math bitcoin uses "should not be seen as a wake-up call to adopt post-quantum cryptography as much as a potential signal that PQC adoption has already failed." This means that by the time the threat becomes visible, the window to respond may already have closed. Developers now face a question of whether a network built to resist coordinated change can coordinate the biggest security upgrade in its history before the hardware catches up to the theory. Ethereum's eight-year head start suggests the correct answer is to start now. Bitcoin's governance culture suggests the likely answer is to wait until the threat is demonstrated, then move. Only one of those answers works if the timeline turns out to be shorter than the optimists' estimate. More For You Crypto is built for AI agents, not humans, says Alchemy's CEO By Will Canny | Edited by Nikhilesh De 10 hours ago Alchemy CEO Nikil Viswanathan argues the global financial system was designed for humans, but the next wave of commerce will be driven by AI agents that operate natively in crypto. What to know : Crypto matches how agents operate, being borderless, continuous, and fully digital, said Nikil Viswanathan, co-founder and CEO of Alchemy. Complexity like keys and code is a feature for agents, not a barrier. AI agents will sit on top of crypto rails, handling transactions while humans interact through simpler interfaces, he... Read full story Latest Crypto News Crypto is built for AI agents, not humans, says Alchemy's CEO 10 hours ago Trump defends crypto legislation at private event featuring boxer Mike Tyson, Tether CEO 10 hours ago BlackRock’s bitcoin ETF just hit a massive milestone that proves crypto is now a mainstream bet 10 hours ago How Anthropic’s Mythos model is forcing the crypto industry to rethink everything about security 12 hours ago Bitcoin falls after Trump reportedly canceled Steve Witkoff and Jared Kushner's Iran-talks trip 13 hours ago Mike Tyson, Tether CEO, Cathie Wood among speakers at Trump's 'most exclusive' crypto conference 13 hours ago Top Stories Coinbase’s Jesse Pollak says AI agents are the next big wave for crypto payments 16 hours ago U.S. CFTC adds New York to string of states its suing to stop prediction market pushback Apr 24, 2026 Michael Saylor says the bitcoin winter is over. Some experts agree, with caveats. Apr 24, 2026 Bitcoin at $40,000 would be 'near-unprecedented' statistical outcome, analyst says 14 hours ago SpaceX's $75 billion IPO could drain the liquidity that's helping lift bitcoin and crypto Apr 24, 2026 Trump's DOJ drops probe that stood in way of president's pick to run Federal Reserve Apr 24, 2026