Bitcoin has a problem that nobody has solved yet. Quantum computers are coming. When they arrive, they could crack the encryption protecting old Bitcoin wallets and steal everything inside. That includes roughly 1.1 million BTC worth over $75 billion that most researchers believe belongs to Satoshi Nakamoto, Bitcoin’s anonymous creator.
Until now, the only proposed solutions forced wallet owners to move their coins publicly or lose them. That is a problem for anyone who wants to stay private. And it is an especially big problem for Satoshi, whose coins have not moved since 2010.
On May 1, Paradigm researcher Dan Robinson published a new idea called PACTs that could fix this. PACTs let Bitcoin holders prove they own their coins right now, without moving them, without spending anything, and without telling anyone. If quantum computers show up years from now, that proof could save their funds.
What Are PACTs and How Do They Work?
PACTs stands for Provable Address-Control Timestamps. The name sounds complicated. The idea is actually pretty simple.
Imagine you want to prove you own your house, but you do not want anyone to know which house it is. You could write down a secret code, put it in a sealed envelope, and have a notary stamp the date on it. Later, if someone questions your ownership, you open the envelope and show the dated proof.
PACTs work the same way but with Bitcoin’s own technology. A holder creates a secret random number called a “salt.” They use a tool called BIP-322 to sign a message proving they control their wallet, without actually sending any Bitcoin. Then they bundle the salt and signature together, hash them into an unreadable code, and timestamp that hash using a free service called OpenTimestamps.
OpenTimestamps batches many of these hashes into one Bitcoin transaction. The whole thing costs nothing. Nobody can see whose wallet it belongs to. Nobody knows the holder even did it. But the proof exists, stamped with a date, sitting quietly on the blockchain.
Years later, if Bitcoin ever “freezes” old vulnerable wallets to protect them from quantum attackers, the holder can pull out their proof. They show a special cryptographic verification (called a STARK proof) that connects their timestamp to their wallet. The network recognises the dated proof and gives them access to their coins on a new, quantum-safe address.
No coins moved. No identity revealed. No money spent. Just a quiet, private proof that was sitting there all along.
Why Does This Matter for Satoshi?
This is the heart of the story. Satoshi Nakamoto’s wallets hold roughly 1.1 million BTC, mined between 2009 and 2010. Those wallets use the oldest, most vulnerable type of Bitcoin address. Their public keys are already visible on the blockchain. A quantum computer powerful enough to reverse the math behind those keys could drain them.
The existing solution, BIP-361, says Bitcoin should eventually freeze all old vulnerable addresses and force owners to migrate to quantum-safe ones. But that creates a terrible choice for Satoshi. If Satoshi moves the coins, the world knows Bitcoin’s creator is still alive. If Satoshi does nothing, the coins get frozen or stolen.
Robinson imagined a scenario to explain why PACTs matter: “If Satoshi had the foresight back in 2026, he could have used a cryptographic timestamping service to timestamp a signature, establishing that he knew the private key before quantum computers existed.”
That timestamp would let Satoshi reclaim the coins years later without ever revealing who they are, where they live, or even that they are still alive. The proof speaks for itself. The person behind it stays invisible.
What Are the Limitations?
Robinson was honest about what PACTs cannot do. The biggest catch is that Bitcoin does not currently support the STARK verification needed to redeem a PACTs proof. Adding that capability would require a soft fork, which means the Bitcoin community would need to agree on the upgrade. Given how slowly Bitcoin adopts changes, that could take years.
PACTs also do not work cleanly for multisig wallets, complex scripts, or custodial accounts. Those setups need their own standardisation work before PACTs can cover them.
And here is the most important limitation: PACTs only work if the wallet owner acts before quantum computers arrive. If Satoshi is truly gone and nobody controls those keys anymore, no PACT can be created. The coins would remain vulnerable to whatever happens first, quantum theft or a community-imposed freeze.
Robinson recommended that holders treat PACTs as a precaution, not a guarantee. “Holders should not rely solely on PACTs until a rescue protocol clears consensus,” he said. But the cost of creating one is essentially zero, so there is no reason not to do it once a standard format is agreed upon.
How Does This Fit Into the Bigger Quantum Debate?
We have been covering the quantum threat to Bitcoin all month. Google Quantum AI estimates that fewer than 500,000 qubits could break Bitcoin’s encryption in about nine minutes. Some researchers think that hardware could arrive by 2029. Others say it is a decade away.
The debate has produced three main proposals. BIP-360 adds voluntary quantum-safe address types. BIP-361 phases out old addresses and eventually freezes them. And now PACTs offer a middle path that lets owners protect themselves privately without waiting for a protocol upgrade.
Coinotag noted that roughly 33% of all circulating Bitcoin has exposed public keys and could be vulnerable. An independent researcher recently broke a 15-bit elliptic curve key as a proof of concept. Bitcoin uses 256 bits, which is exponentially harder to crack. But the direction of progress is clear.
PACTs do not solve the quantum problem. They do not upgrade Bitcoin’s encryption. They do not stop quantum computers from getting built. What they do is give every Bitcoin holder a free, private, zero-risk way to prepare for whatever comes next. That is not everything. But for anyone holding coins in an old wallet, it might be enough.
