CoinDesk
A Coinbase-convened advisory panel featuring Scott Aaronson (UT Austin), Dan Boneh (Stanford), and Justin Drake (Ethereum Foundation) has published a report urging Bitcoin to begin technical migration toward post-quantum signatures immediately — while explicitly refusing to weigh in on what should happen to the roughly 6.7 million BTC that could never be moved to safety.
Why it matters
Quantum computers pose no immediate threat to Bitcoin, but the panel argues the governance debate should not wait on a timeline. The exposure is concentrated and asymmetric: about 1.7 million BTC sit in early pay-to-public-key addresses — many presumed to belong to Satoshi Nakamoto or holders with lost keys — that permanently publish their public keys on-chain, making them structurally vulnerable to a sufficiently powerful quantum attacker. Another 5 million or so are exposed through address reuse, per research group Project11. The fear is not abstract: a hostile state actor, the report notes, could exploit those coins to flood supply and undermine Bitcoin's legitimacy.
Market impact
The panel declines to choose between competing proposals — Hourglass (per-block spending caps on vulnerable coins), BIP-361 (quantum-resistant ownership proofs post-cutoff), and PACTs (private timestamped claims) — but notes they are compatible and could be adopted together. The core instruction is unambiguous: start the engineering work now, because it is independent of the abandoned-coins governance fight. Ethereum has spent years preparing for this transition; Bitcoin has not yet acted. The longer the community defers, the narrower the window for an orderly migration.
Frequently asked questions
-
Why can't the 1.7 million BTC linked to Satoshi simply be moved to a quantum-safe address?
Those coins sit in early pay-to-public-key addresses where the private keys are either lost or permanently inaccessible, meaning no one can authorize a migration transaction — leaving them structurally exposed to any future quantum attacker.
-
What are the three main proposals for handling Bitcoin's quantum-vulnerable coins?
Hourglass caps how many vulnerable coins can be spent per block; BIP-361 lets migrated holders prove ownership post-cutoff with a quantum-resistant proof; PACTs allow owners to timestamp a private claim now and move funds later without revealing keys today. The panel notes all three are compatible.
-
How does Bitcoin's quantum preparedness compare to Ethereum's?
Ethereum has spent years actively preparing for a post-quantum signature transition, while Bitcoin has yet to begin the technical migration work — a gap the Coinbase panel explicitly flags as the core urgency of its report.
Glassnode
WuBlockchain
CryptoSlate
TheBlock
WatcherGuru