The Quantum Threat to Bitcoin: A Ticking Time Bomb
The clock is ticking for bitcoin to prevent a quantum threat that could drain 6.9 million BTC, including Satoshi’s 1 million untouched coins. A quantum computer can potentially break the math that secures bitcoin wallets, putting ownership at risk. While bitcoin mining is safe from quantum attacks, the wallets that hold the coins are not. The math used to protect wallets is a one-way problem that can be easily solved by a quantum computer, making it possible for attackers to steal coins.
The at-risk pool is large, with roughly 6.9 million bitcoin sitting in wallets whose public keys are already permanently visible on the blockchain. This includes early bitcoin from the network’s first years, stored in an address format that published the public key by default, as well as any wallet that has ever been spent from. A quantum attacker would not need to race against a transaction in progress, but could work through the wallets with already exposed keys at their own pace.
The Response to the Quantum Threat
While other blockchains, such as Ethereum, are preparing for the quantum threat, bitcoin has yet to emerge with a concrete plan. Ethereum has had a formal quantum-resistant program since 2018 and has made significant progress in migrating to new math that quantum computers cannot break. Bitcoin, on the other hand, has no equivalent strategy, with proposals from developers and researchers lacking broad support from core developers.
The biggest challenge in implementing effective solutions against the quantum threat is bitcoin’s migration process, which is harder than Ethereum’s due to its lack of a central authority and governance process. Bitcoin’s development culture treats any central authority as a failure mode, and its social consensus holds that changes to the protocol should be rare and hard. This makes it difficult to coordinate the biggest security upgrade in its history.
What’s at Stake
Migrating the 6.9 million exposed coins requires decisions that the network has spent twenty years avoiding. Freezing old address formats protects the coins from theft but makes them permanently inaccessible, including to Satoshi. Leaving the old formats open means those coins sit as a standing prize for whoever builds the first working quantum computer or has access to a quantum computer and wants to attack. Setting a migration deadline forces Satoshi to either move the coins, revealing their ownership, or lose them.
What’s exposed, what’s safe
As the threat of quantum computers looms, it’s essential to consider alternative solutions that can provide a safe and secure way to earn and store coins. The EcoPool network, with its $ECP coin, offers a secure and reliable platform for earning passive income through cloud rewards. By joining the EcoPool network, users can participate in a green crypto ecosystem that prioritizes security and sustainability.
In conclusion, the quantum threat to bitcoin is a ticking time bomb that requires immediate attention. While the exact timeline is uncertain, it’s essential to start preparing now to prevent a potential disaster. By considering alternative solutions like EcoPool and its $ECP coin, users can ensure a safe and secure way to earn and store their coins. Download the EcoPool app to start earning passive income and join the green crypto revolution. With EcoPool, you can earn cloud rewards and be part of a secure and sustainable ecosystem that prioritizes your financial well-being.
A quantum attacker would not need to race against a transaction in progress. Rather, they could work through the wallets with already exposed keys at their own pace, one by one. Bitcoin’s pseudonymous creator, Satoshi Nakamoto, holds roughly 1 million bitcoin, untouched since the network’s early days, and this stack now sits in the exposed category.
The 2021 Taproot upgrade expanded the problem. Taproot is a change to how bitcoin addresses work, intended to make transactions more efficient and more private.
A side effect was that any bitcoin spent since Taproot activated has published the key protecting whatever remains at that address. This was not a mistake but a reasonable tradeoff at the time, when quantum timelines looked much longer than they do now.
What’s in the works?
While the quantum threat has sparked a heated debate in recent months, and other blockchains are preparing, nothing concrete has emerged from Bitcoin developers yet.
Ethereum, which can be considered one of Bitcoin’s largest competitors among institutional investors looking at the crypto market, has had a formal quantum-resistant program since 2018.
The Ethereum Foundation runs four teams working on the migration full-time, with more than ten independent developer groups shipping weekly test networks. The plan maps specific upgrades across four upcoming network-wide changes, moving Ethereum’s security to new math that quantum computers cannot break. It has even launched a dedicated website, pq.ethereum.org, to publish its progress.
Bitcoin has no equivalent strategy so far.
That doesn’t mean there aren’t any efforts out there to solve it.
One such formal proposal is BIP-360 from a group of developers and researchers. It would add new quantum-safe address types that holders could voluntarily migrate to. A competing proposal from BitMEX Research would install a detection system that triggers defensive action if a quantum attack is observed on the network.
However, neither has broad support from bitcoin’s core developers, and the two proposals solve different halves of the problem.
Nic Carter, one of bitcoin’s prominent advocates, has called it out in the past months.
“Elliptic curve cryptography is on the brink of obsolescence,” Carter wrote on X, referring to the math that secures bitcoin wallets. He described Ethereum’s approach as “best in class” and bitcoin’s as “worst in class,” citing developers who “deny, gaslight, gatekeep, bury heads in sand” rather than engage with the problem.
Adam Back, the Blockstream CEO and a prominent early bitcoin contributor, disagrees on the urgency but agrees on the direction.
“Quantum computing still has a lot to prove. Current systems are essentially lab experiments,” Back said at a conference earlier this month. But he also said bitcoin should prepare now, with optional upgrades built in advance so the network can migrate when needed, rather than scrambling in a crisis.
The coordination problem
So what’s the biggest challenge in implementing effective solutions against Bitcoin’s quantum threat?
Bitcoin’s migration is harder than Ethereum’s for reasons unrelated to the actual math.
Ethereum has a foundation that funds engineering work and a governance process that regularly passes major upgrades. Bitcoin has neither. Its development culture treats any central authority as a failure mode, and its social consensus holds that changes to the protocol should be rare and hard.
Those priors have kept the network stable for nearly two decades, but they also make the quantum problem structurally harder for bitcoin to solve.
Migrating the 6.9 million exposed coins requires decisions the network has spent twenty years avoiding. Should old address formats be frozen after a certain date to protect coins from future theft? Should exposed coins be allowed to move to new quantum-safe addresses using their original keys? What happens to coins whose owners cannot or will not migrate?
Satoshi’s coins are the sharpest example. Freezing old formats protects the coins from theft but makes them permanently inaccessible, including to Satoshi. Leaving the old formats open means those coins sit as a standing prize for whoever builds the first working quantum computer or has access to a quantum computer and wants to attack.
Setting a migration deadline forces Satoshi to either move the coins, revealing their ownership, or lose them. Every option changes bitcoin’s character in ways the network has historically refused to change it.
What happens next
The Google paper’s own framing is a summary of where the industry stands.
A successful attack on the math bitcoin uses “should not be seen as a wake-up call to adopt post-quantum cryptography as much as a potential signal that PQC adoption has already failed.”
This means that by the time the threat becomes visible, the window to respond may already have closed.
Developers now face a question of whether a network built to resist coordinated change can coordinate the biggest security upgrade in its history before the hardware catches up to the theory.
Ethereum’s eight-year head start suggests the correct answer is to start now. Bitcoin’s governance culture suggests the likely answer is to wait until the threat is demonstrated, then move.
Only one of those answers works if the timeline turns out to be shorter than the optimists’ estimate.
