Bitcoin has survived hacks, bans, crashes, and a war. But it might not survive a math problem. CoinDesk published a major investigation today warning that roughly 6.9 million Bitcoin, worth over $530 billion at current prices, are already exposed to future quantum attacks. That includes roughly 1 million BTC believed to belong to Satoshi Nakamoto.
The threat is not here today. No quantum computer powerful enough to crack Bitcoin’s encryption exists yet. But Google Quantum AI found it would take fewer than 500,000 physical qubits to break Bitcoin’s cryptography in about nine minutes. Some researchers think that hardware could arrive by 2029. And Bitcoin has no plan for what happens when it does.
What Exactly Is at Risk From Quantum Computers?
Not everything. Bitcoin mining uses a type of math called hashing that quantum computers cannot meaningfully break. The blockchain itself would keep running. Blocks would still be produced. New Bitcoin would still be mined.
What would break is ownership. Every Bitcoin wallet is protected by cryptography that turns a private key into a public address. The math works easily in one direction but not the other. That is the only thing stopping someone from spending your coins. A quantum computer powerful enough to reverse that math could derive your private key from your public key and drain your wallet.
The problem is that 6.9 million BTC already have their public keys visible on the blockchain. Old wallets from Bitcoin’s early days (called P2PK addresses) never hid their public keys. And the 2021 Taproot upgrade made things worse by exposing the public key of any Bitcoin that has been spent since it activated. A quantum attacker would not need to race against a live transaction. They could work through exposed wallets one by one, at their own pace.
Why Can’t Bitcoin Just Upgrade?
This is where the story gets uncomfortable. The technical solutions exist. Post-quantum cryptography has been standardised by NIST. Multiple proposals are on the table. BIP-360 would add new quantum-safe address types. BIP-361 would phase out vulnerable addresses over several years. A separate proposal from BitMEX Research would install a detection system that triggers defences if a quantum attack is observed.
The problem is not engineering. It is governance. Bitcoin was designed to resist coordinated change. It has no foundation, no lead developer, no formal upgrade process. Its culture treats any central authority as a failure. Changes to the protocol are supposed to be rare and hard. That philosophy has kept Bitcoin stable for nearly two decades. It also means the network might not be able to coordinate the biggest security migration in its history before the hardware catches up.
CoinDesk’s investigation put it bluntly: “By the time the threat becomes visible, the window to respond may already have closed.”
What About Satoshi’s Coins?
This is the hardest question in all of Bitcoin. Satoshi Nakamoto’s roughly 1 million BTC sits in the oldest, most exposed wallet format. Those coins have not moved since they were mined between 2009 and 2010. If Bitcoin migrates to quantum-safe addresses, Satoshi either moves the coins (revealing they are still alive) or loses them.
Binance co-founder CZ raised this directly: “If Satoshi’s coins move during a migration, it means he is still around, which is interesting to know. If they don’t move, it might be better to lock or effectively burn those addresses.”
Freezing Satoshi’s coins protects them from theft but makes them permanently inaccessible. Leaving them unfrozen means they sit as a $77 billion prize for whoever builds the first working quantum computer. Both options change Bitcoin’s character in ways the community has never been willing to accept.
How Does Ethereum Compare?
Ethereum is years ahead. The Ethereum Foundation runs four dedicated teams working on post-quantum migration full time. More than ten independent developer groups are shipping weekly test networks. A dedicated website at pq.ethereum.org tracks progress publicly. The migration plan maps specific upgrades across four upcoming network-wide changes.
Ethereum has something Bitcoin does not: a foundation that funds engineering work and a governance process that regularly passes major upgrades. Bitcoin’s decentralised culture is its greatest strength and, on this issue, its greatest vulnerability.
Cardano’s Charles Hoskinson made the same point last week, arguing that BIP-361 is mislabelled as a soft fork and would functionally require a hard fork that clashes with Bitcoin’s entire philosophy.
How Worried Should Bitcoin Holders Be Right Now?
Not panicked, but not relaxed either. The quantum hardware is not here yet. Most experts say it is at least five to ten years away. But the migration itself could take five to seven years to execute safely. Post-quantum signatures are tens to hundreds of times larger than current ones, potentially expanding block sizes by up to 38 times. The technical challenges are massive.
If you hold Bitcoin in a modern wallet that has never sent a transaction, your public key is not yet exposed. You are safer than someone using a Taproot address that has already spent. But “safer” is relative. The threat affects the entire network, not just individual wallets.
The window between “the threat is theoretical” and “the threat is real” could close faster than anyone expects. Google’s research found that progress may come in “discrete jumps” rather than gradually. One breakthrough could change the timeline overnight.
Bitcoin has survived everything thrown at it so far. But this is different. Every previous threat came from outside: governments, regulators, hackers. The quantum threat comes from physics, and physics does not negotiate.
Frequently Asked Questions
How many Bitcoin are at risk from quantum computers?
Roughly 6.9 million BTC have public keys already visible on the blockchain, making them vulnerable to a future quantum attack. This includes about 1 million BTC attributed to Satoshi Nakamoto and any coins spent since the 2021 Taproot upgrade.
When could quantum computers break Bitcoin’s encryption?
Google Quantum AI found it would take fewer than 500,000 physical qubits to break Bitcoin’s cryptography in about nine minutes. Some researchers estimate this hardware could exist by 2029, though most experts place the timeline at five to ten years.
Does Bitcoin have a plan to defend against quantum attacks?
Two main proposals exist: BIP-360 (voluntary migration to quantum-safe addresses) and BIP-361 (phased mandatory migration with eventual freezing of vulnerable addresses). Neither has broad support from Bitcoin’s core developers, and the network lacks the formal governance structure needed to push through urgent upgrades.
