Google's latest quantum research paper has reset the clock on a threat bitcoin's developers have debated for years: roughly 6.9 million BTC, about a third of every coin ever mined, sit in wallets whose public keys are already permanently visible on-chain. That includes roughly 1 million BTC held by Satoshi Nakamoto, untouched since the network's early days, and any wallet that has spent from a Taproot-format address since the 2021 upgrade. Mining and the ledger itself would survive a quantum attack — the math that breaks is the elliptic-curve cryptography protecting wallet ownership, and Shor's algorithm could one day collapse the one-way relationship between public addresses and private keys.
Why it matters
Ethereum has had a formal post-quantum program since 2018. The Ethereum Foundation runs four full-time teams on the migration, with more than ten independent developer groups shipping weekly test networks, and a dedicated website at pq.ethereum.org publishing the roadmap against four upcoming network upgrades. Bitcoin has no equivalent. The two formal proposals on the table — BIP-360, which would add new quantum-safe address types holders could voluntarily migrate to, and BitMEX Research's competing detection-and-defense system — solve different halves of the problem, and neither carries broad support from core developers. Prominent figures are split: Nic Carter called bitcoin's approach "worst in class" and Ethereum's "best in class," while Blockstream CEO Adam Back argued the hardware is still essentially lab experiments but agreed the network should build optional upgrades in advance rather than scramble in a crisis.
Market impact
The exposed 6.9M BTC is not a uniform pool — early P2PK addresses, dormant Satoshi-era coins, and any post-Taproot spending residue all sit in it — but they share a structural feature: a quantum attacker could work through them at their own pace rather than racing against in-flight transactions. That makes the policy question sharper than the cryptography one. Freezing legacy address formats protects those coins from theft but makes them permanently inaccessible, including to Satoshi. Leaving them open turns the stack into a standing prize for whoever builds the first working quantum machine. The Google paper's own framing is the uncomfortable one — by the time an attack becomes visible, the window to respond may already have closed. Bitcoin's governance culture treats any central authority as a failure mode, and that prior has kept the network stable for nearly two decades.
Frequently asked questions
-
What happens to Satoshi's coins if a quantum attack ever lands?
The 1M BTC held by Satoshi sits in the exposed category. Freezing legacy address formats would protect those coins from theft but render them permanently inaccessible, including to Satoshi. Leaving old formats open makes the stack a standing prize for whoever builds the first working quantum attacker. Every option…
CoinDesk