Over 1.7 million BTC face attack? Bitcoin faces quantum attack controversy again, public chains initiate defense battle

Author: Nancy, PANews

Quantum attacks have long been part of Bitcoin’s narrative. In the past, this threat was mostly viewed as a theoretical black swan. However, with the rapid advancement of quantum computing technology, this debate seems to be shifting. Recently, Nic Carter, co-founder of Castle Island Ventures, pointed out that quantum computing is only “an engineering challenge” away from cracking Bitcoin. This argument has sparked disagreement within the community—some accuse it of deliberately inciting panic, while others see it as a survival crisis that must be addressed. Meanwhile, many projects are already preparing, actively exploring and deploying defenses against quantum attacks. Quantum attack alert escalation? Protocol modifications may take a decade The threat of quantum computing to Bitcoin is not a new issue. Recently, the rapid progress in quantum technology has brought this problem back to the forefront. For example, Google’s latest quantum processor, released not long ago, has demonstrated computational speeds on certain tasks that surpass the world’s most powerful supercomputers. While this breakthrough does not directly threaten Bitcoin, it has reignited discussions about Bitcoin’s security. Last weekend, Bitcoin advocate Nic Carter published a lengthy article criticizing Bitcoin developers for being in a “sleepwalking” state, heading toward a crisis that could lead to system collapse. The core of the article states that Bitcoin’s reliance on elliptic curve cryptography (ECC) could theoretically be broken by the algorithm proposed by computer scientist Peter Shor. Satoshi Nakamoto considered this when designing Bitcoin and believed that Bitcoin would need an upgrade when quantum computing becomes sufficiently powerful. Although current quantum computing power is still several orders of magnitude away from breaking the theoretical threshold, breakthroughs are accelerating. Renowned quantum theorist Scott Aaronson calls this “an extremely difficult engineering problem,” rather than an issue requiring new fundamental physics discoveries. Since the beginning of this year, significant progress has been made in quantum error correction and funding, with institutions like NIST (National Institute of Standards and Technology) already calling for the deprecation of existing cryptographic algorithms between 2030 and 2035.

2025 Quantum Computing Landscape

Carter points out that approximately 6.7 million BTC (worth over 600 billion USD) are directly exposed to the risk of quantum attacks. More troubling is that about 1.7 million of these BTC belong to early Bitcoin addresses (such as Satoshi’s and early miners’ P2PK addresses), which are in a “permanently lost” state. Even if Bitcoin upgrades to quantum-resistant signatures, these unclaimed “zombie coins” cannot be migrated. At that point, the community will face a cruel dilemma—either violate the absolute principle of “inviolability of private property” by hard forking to freeze these assets, risking a crisis of faith, or allow quantum attackers to steal these coins, becoming the largest holders and causing market collapse. Theoretically, Bitcoin could perform a soft fork and adopt post-quantum (PQ) signature schemes. Currently, some quantum-resistant cryptographic signature schemes do exist. But the main challenge lies in determining which specific post-quantum scheme to adopt, organizing a soft fork, and the enormous effort required to migrate tens of millions of addresses with balances. Based on past upgrade processes like SegWit and Taproot, discussions, development, and consensus on a quantum-resistant migration could take up to ten years—such delays are fatal. Carter criticizes developers for falling into a serious strategic misjudgment; over the past decade, vast resources have been spent on Lightning Network scaling or minor debates, with extreme caution over small changes to block size and scripts, yet showing baffling indifference and complacency toward this threat that could wipe out the system. In contrast, Ethereum and other public chains, leveraging more flexible governance mechanisms or already initiated post-quantum testing, are far more resilient than Bitcoin. Carter warns that if this “elephant in the room” continues to be ignored, rushed panic reactions, emergency forks, or community wars when the crisis hits could destroy trust in Bitcoin even more than the quantum attack itself. Carter’s comments quickly sparked community discussion. Bitcoin Core developer Jameson Lopp responded, “I’ve been openly discussing the risks of quantum computing to Bitcoin for 18 months. My main conclusion is: I sincerely hope the development of quantum computing stagnates or recedes because adapting Bitcoin for the post-quantum era will be very challenging for many reasons.” However, this view has also sparked considerable controversy. For example, Blockstream CEO Adam Back criticized Carter for exaggerating concerns about quantum computing threatening Bitcoin. Bitcoin expert Pledditor stated that Carter is intentionally creating anxiety; his fund (Castle Island Ventures) has invested in a startup that sells tools to transition blockchain to quantum-resistant solutions. Multiple perspectives on quantum challenges, timing, technical responses, and implementation difficulties Regarding whether quantum computing will threaten Bitcoin security, opinions vary among Bitcoin OGs, VCs, asset managers, and industry practitioners. Some see it as an imminent systemic risk, others view it as an overhyped tech bubble, and some believe that quantum threats could actually strengthen Bitcoin’s value narrative. For ordinary investors, the core question is: when will the threat arrive? The current mainstream consensus is that there is no need to panic in the short term, but long-term risks are real. Grayscale explicitly stated in its “2026 Digital Asset Outlook” that despite the real threat of quantum computing, for the 2026 market, it is just a “false alarm” and will not affect short-term valuations; F2Pool co-founder Wang Chun bluntly said that quantum computing is still a “bubble,” and even following Moore’s Law, it will take 30 to 50 years to substantially crack Bitcoin’s encryption standards (secp256k1); a16z also noted in its report that the likelihood of computers capable of breaking modern encryption systems appearing before 2030 is extremely low; the likelihood of Bitcoin proponents like Adam appearing is also very low; Back remains optimistic, believing Bitcoin will be secure for at least 20 to 40 years, and NIST has approved post-quantum cryptography standards, giving Bitcoin enough time to upgrade. However, crypto asset management firm Capriole Investment founder Charles Edwards warns that the threat is closer than generally perceived, urging the community to build defenses before 2026, or risk “going to zero” in the quantum race. When quantum attacks arrive, the risk level depends on how Bitcoin is stored and how long it has been held. Long-term holders like Willy Woo and Deloitte point out that P2PK addresses (direct public keys, currently holding about 1.718 million BTC) will be the hardest hit. Early Bitcoin addresses (like Satoshi’s) expose the full public key on-chain when spent or received. Theoretically, quantum computers can reverse-engineer private keys from public keys. Once this defense is breached, these addresses will be the first to be compromised. If not migrated in time, these assets could be “permanently wiped out.” But Willy Woo also added that newer Bitcoin address types are less vulnerable to quantum attacks because they do not expose the full public key on-chain; if the public key is unknown, quantum computers cannot generate the corresponding private key. Therefore, most ordinary users’ assets are not immediately at risk. If the market crashes due to quantum panic, it could be a good opportunity for Bitcoin OGs to enter. From a technical perspective, solutions already exist, such as upgrading to quantum-resistant signatures, but as mentioned earlier, implementation remains challenging. A16z recently pointed out sharply that Bitcoin faces two major practical dilemmas: first, low governance efficiency—Bitcoin’s slow upgrade process, which could trigger destructive hard forks if consensus cannot be reached; second, migration initiative—upgrades cannot be passively completed; users must actively transfer assets to new addresses. This means many dormant coins could lose protection. It is estimated that millions of Bitcoin vulnerable to quantum attacks and likely to be abandoned could be worth hundreds of billions of dollars at current market value. Cardano founder Charles Hoskinson also added that full deployment of post-quantum encryption is costly. Although the US National Institute of Standards and Technology completed standardization of post-quantum schemes in 2024, without hardware acceleration support, the computational costs and data sizes will significantly reduce blockchain throughput, potentially causing about an order of magnitude performance loss. He pointed out that assessing whether quantum computing risks are mature enough should refer to DARPA’s quantum benchmarking project (expected to evaluate feasibility by 2033). Only when the scientific community confirms that quantum hardware can reliably perform destructive computations is a comprehensive upgrade of encryption necessary. Acting prematurely would only waste scarce on-chain resources on immature technology. Strategy co-founder Michael Saylor responded that any protocol change should be very cautious. Bitcoin’s essence is a monetary protocol, and its lack of rapid change and frequent iteration is its strength, not a flaw. Therefore, modifications must be extremely conservative and aim for global consensus. “If you want to destroy the Bitcoin network, one of the most effective ways is to give a group of highly talented developers unlimited funds to keep improving it.” Saylor also stated that as the network eventually upgrades, active Bitcoin addresses will migrate to secure addresses, while those with lost private keys or inaccessible Bitcoin (including those locked by quantum computers) will be permanently frozen. This would reduce the effective supply of Bitcoin, making it even stronger. From theory to practice, public chains initiate the post-quantum defense battle Although the quantum storm has not yet arrived, public chains have already begun their defense. On the Bitcoin community side, on December 5, 2023, researchers Mikhail Kudinov and Jonas Nick from Blockstream published a revised paper proposing that hash-based signature schemes could be the key solution to protect the $1.8 trillion Bitcoin blockchain from quantum threats. They believe hash-based signatures are a convincing post-quantum solution because their security relies entirely on mechanisms similar to the hash functions already used in Bitcoin’s design. This scheme has undergone extensive cryptanalysis in the US NIST post-quantum standardization process, enhancing its credibility. Ethereum has incorporated post-quantum cryptography (PQC) into its long-term roadmap, especially as a key goal during the Splurge phase, to address future quantum computing threats. Its strategy involves layered upgrades, using Layer 2 as a testing sandbox for post-quantum algorithms, including lattice-based and hash-based cryptography, ensuring a smooth transition while protecting Layer 1 security. Recently, Ethereum co-founder Vitalik Buterin warned that quantum computers could crack Ethereum’s elliptic curve encryption by 2028. He urged the community to upgrade to quantum-resistant cryptography within four years to safeguard the network and suggested focusing innovation on Layer 2 solutions, wallets, and privacy tools rather than frequent core protocol changes. Emerging public chains are also prioritizing post-quantum solutions. For example, Aptos recently proposed an improvement plan AIP-137 to introduce support for quantum-resistant signatures at the account level, aiming to address long-term risks posed by quantum development. The plan will be optional and will not affect existing accounts. According to the proposal, Aptos plans to support hash-based signatures standardized as FIPS 205 (SLH-DSA). Solana Foundation also announced a recent partnership with post-quantum security firm Project Eleven, advancing Solana’s post-quantum security layout. As part of the collaboration, Project Eleven conducted a comprehensive quantum threat assessment of the Solana ecosystem, covering core protocols, user wallets, validator security, and long-term cryptographic assumptions, successfully prototyping a Solana testnet using post-quantum digital signatures, demonstrating the feasibility and scalability of end-to-end quantum-resistant transactions in a real environment. Cardano is currently adopting a gradual approach to address future quantum threats, such as establishing post-quantum checkpoints with the Mithril protocol, adding redundancy without affecting mainnet performance. Once hardware acceleration matures, post-quantum schemes like VRF and signatures will be gradually integrated into the main chain, replacing existing mechanisms. This approach is akin to placing lifeboats on the deck first, then observing whether the storm truly forms, rather than hastily transforming the entire ship into a sluggish steel fortress before the storm arrives. Zcash has developed a quantum-recovery mechanism, allowing users to migrate old assets to more secure post-quantum modes. In summary, although the quantum crisis has not yet arrived, the pace of technological evolution is undeniable, and defense strategies are becoming a necessary reality for crypto projects. It is expected that more public chains will join this ongoing battle.