There’s a growing concern that if quantum computers eventually break Bitcoin’s encryption, the roughly 1 million BTC thought to belong to its creator, Satoshi Nakamoto, could be at risk of theft. With Bitcoin priced at around $67,600, those coins would amount to about $67.6 billion.
But it doesn’t stop there. Analysts, including Ki Young Ju from CryptoQuant, suggest that around 6.98 million bitcoins could be susceptible to an advanced quantum attack. At current market rates, that translates to a total value in public circulation of about $440 billion.
This matter, while straightforward, remains a hot topic both in and outside the Bitcoin community, often stirring quite a bit of debate.
Why some coins are made public
The risk isn’t the same for every coin. Back in Bitcoin’s early days, transactions called pay-to-public key (P2PK) would directly place the public key on the blockchain. Nowadays, typical addresses only show the hash of that key until the coins are spent. Yet, if the public key gets exposed during initial mining or through address reuse, that exposure is permanent, making it theoretically possible for a powerful quantum attack to reverse-engineer those keys.
Neutrality and intervention
Some argue that freezing these coins would undermine Bitcoin’s core principle of neutrality. “Bitcoin’s structure treats all UTXOs equally,” says Nima Beni, founder of Bitlease. “We can’t treat wallets differently based on age or perceived threats. That neutrality is crucial for the protocol’s trustworthiness.” He believes that creating exceptions, even for security purposes, alters the foundation of Bitcoin.
Georgii Verbitskii, founder of the crypto investment app TYMIO, raises additional concerns, emphasizing the difficulty in determining which coins are genuinely lost versus those merely inactive. “It’s nearly impossible to tell,” he notes. “From a protocol perspective, there’s no reliable way to distinguish.” For him, the pathway forward involves upgrading cryptography to enable a shift towards quantum-proof signatures, not altering ownership rules at the protocol level.
Let’s decide with mathematics
Others contend that intervening undermines a fundamental aspect of Bitcoin: the notion that the private key alone governs the coin. Paolo Ardoino, CEO of Tether, suggests that reviving old coins, even in the face of quantum threats, might be a better route than changing consensus rules. “Coins in lost wallets, including Satoshi’s, may eventually reenter circulation post-hack,” he states, suggesting that the market would absorb any temporary inflation from lost coins returning to circulation.
He lives by the motto “code is law,” asserting that as cryptography evolves, so should the coins. Likewise, Roya Mahboob, CEO of the Digital Citizen Fund, maintains a strong stance: “Freezing old addresses would disrespect immutability and property rights,” she argues. “Coins from 2009 enjoy the same rights as those mined today.” If a quantum system manages to breach the public key, she adds, the first person to do so would rightfully claim the coin.
Nonetheless, Mahboob expresses hope that ongoing research from Bitcoin Core developers will prompt necessary upgrades before any significant threats arise.
Burning case
Jameson Ropp argues that permitting quantum attackers to erase vulnerable coins could lead to significant wealth redistribution favoring those with access to advanced quantum technology. In his essay opposing quantum restoration of Bitcoin, he refrains from calling it “forfeiture,” preferring the term “burning.” “What we’re really discussing is better described as creating unusable outputs unless they transition to upgraded quantum-resistant addresses,” he writes. For such a measure, a broad consensus would be essential.
Ropp stresses that allowing quantum recovery would grant technological leverage rather than encouraging genuine participation in the network, describing quantum miners as “vampires that feed off the system.”
How close is the threat?
The ongoing debate around the implications of quantum technology is profound, yet the technical timeline remains uncertain. Zeynep Korturk of Firgun Ventures points out that recent studies have surprised the quantum community, suggesting fewer physical qubits might suffice to crack widely-used cryptographic systems like RSA-2048. “If validated in labs, the timeline for decrypting RSA-2048 could shrink to two-to-three years,” he explains, while acknowledging that advancements in robust systems could also influence elliptic curve cryptography.
However, others are more cautious. Aerie Trouw, co-founder of XYO, reassures that there’s no immediate need for alarm; we’re still a ways out. Frederic Fosco of OP_NET is more straightforward, stating that if such technology does emerge, the solution would simply involve upgrading encryption. “This isn’t a philosophical quandary; it’s an engineering problem with known fixes,” he adds.
Ultimately, the challenges hinge on governance, timing, philosophical differences, and whether the Bitcoin community can reach consensus before quantum computing becomes an urgent risk. Freezing at-risk coins would strain Bitcoin’s claims of immutability, while losing them would challenge the commitment to fairness.
