Over 1.7 million BTC or face an attack? Bitcoin falls into quantum controversy again, public chain starts defense battle.

Author: Nancy, PANews

Quantum attacks have long existed in the narrative of Bitcoin. In the past, this threat was more regarded as a theoretical black swan. However, with the rapid evolution of quantum computing technology, this controversy seems to be shifting.

Recently, Nic Carter, co-founder of Castle Island Ventures, pointed out that quantum computing is only an “engineering problem” away from breaking Bitcoin. This assertion has sparked division in the community, with some denouncing it as a deliberate attempt to sow panic, while others believe it is a survival crisis that needs to be addressed urgently. Meanwhile, many cryptocurrency projects are already taking precautions and actively exploring and deploying defenses against quantum attacks.

Quantum attack alert upgrade? Protocol modifications could take ten years.

The threat of quantum computing to Bitcoin is not a new topic. Recently, the rapid advancement of quantum computing technology has brought this issue back to the forefront. For instance, Google's latest quantum processor, released not long ago, has empirically surpassed the world's most powerful supercomputer in computational speed for specific tasks. While such breakthroughs do not directly threaten Bitcoin, they have reignited discussions about the security of Bitcoin.

Last weekend, Bitcoin advocate Nic Carter published a lengthy article criticizing Bitcoin developers for heading towards a crisis that could lead to systemic collapse in a dreamlike state.

The core of the article points out that the elliptical curve cryptography (ECC) on which Bitcoin relies can theoretically be broken by the algorithm proposed by computer scientist Peter Shor. Satoshi Nakamoto considered this when designing Bitcoin and believed that Bitcoin would need to upgrade when quantum computing became powerful enough. Although the current quantum computing power is still several orders of magnitude away from breaking the theoretical threshold, breakthroughs in quantum technology are accelerating. The renowned quantum theorist Scott Aaronson refers to it as an “extremely difficult engineering problem” rather than a question requiring new foundational physical discoveries. This year, significant progress has been made in the quantum field in error correction technology and funding, and institutions such as NIST (National Institute of Standards and Technology) have called for the abandonment of existing encryption algorithms between 2030 and 2035.

2025 Quantum Computing Panorama Carter pointed out that there are currently about 6.7 million BTC (worth over $600 billion) directly exposed to the risk of quantum attacks. More tricky is that among these, about 1.7 million belong to Satoshi Nakamoto and early miners' P2PK address Bitcoin, which are in a state of “permanently lost.” Even if Bitcoin upgrades to quantum-resistant signatures, these unclaimed “zombie coins” cannot complete the migration. At that time, the community will be caught in a brutal dilemma: either violate the absolute tenet of “private property is inviolable” by forcibly freezing these assets through a hard fork, which would trigger a crisis of faith, or allow quantum attackers to steal these coins and become the largest holders, leading to a market collapse.

In theory, Bitcoin can undergo a soft fork and adopt a post-quantum (PQ) signature scheme. Currently, there are indeed some quantum-resistant cryptographic signature schemes available. However, the main problem lies in how to determine the specific post-quantum scheme, organize the soft fork, and painstakingly migrate the tens of millions of addresses with balances. Referring to the past upgrade processes of SegWit and Taproot, the discussions, development, and consensus on completing the quantum-resistant migration could take up to ten years, and such delay is fatal. Carter criticizes developers for falling into a serious strategic misjudgment; over the past decade, a vast amount of resources has been wasted on scaling the Lightning Network or minor debates, showing extreme cautiousness towards slight modifications of block size and scripts, yet displaying a puzzling indifference and complacency towards this threat that could bring the system to zero.

In contrast, Ethereum and other public chains have far superior resilience to Bitcoin due to their more flexible governance mechanisms or the post-quantum tests that have already been initiated. Carter finally warned that if this “elephant in the room” continues to be ignored, when a crisis arises, a hasty panic response, emergency forks, or even civil war within the community may destroy institutional trust in Bitcoin even more than the quantum attacks themselves.

Carter's remarks quickly sparked community discussions. Bitcoin Core developer Jameson Lopp responded, stating, “I have been publicly discussing the risks posed by quantum computing to Bitcoin for 18 months. My main conclusion is: I sincerely hope that the development of quantum computing can stagnate or even recede because the modifications required for Bitcoin to adapt to the post-quantum era will be very tricky for many reasons. Quantum computers will not disrupt Bitcoin in the short term. We will continue to monitor their development. However, thoughtful modifications to the protocol (and unprecedented capital migration) may take 5 to 10 years. We should hope for the best but also prepare for the worst.”

However, this view has also sparked considerable controversy. For instance, Blockstream CEO Adam Back criticized Carter for exaggerating people's concerns about the potential threat of quantum computing to Bitcoin. Bitcoin expert Pledditor stated that Carter is deliberately creating anxiety, as his fund (Castle Island Ventures) has invested in a startup that sells tools for transitioning blockchain to be resistant to quantum attacks.

Quantum challenges from multiple perspectives, time judgment, technological responses, and implementation difficulties.

Regarding whether quantum computing poses a threat to Bitcoin's security, Bitcoin OGs, VCs, asset managers, and practitioners have all offered different assessments. Some believe this is an imminent systemic risk, while others see it as an exaggerated technological bubble. There are also those who think that the quantum threat may actually strengthen the value narrative of Bitcoin.

For ordinary investors, there is only one core issue: when will the threat arrive? The current mainstream consensus in the industry leans towards not panicking in the short term, but the long-term risks are real.

Grayscale clearly stated in the “2026 Digital Asset Outlook” that although the quantum threat is real, it is merely a “false alarm” for the market in 2026 and will not affect short-term valuations; Wang Chun, co-founder of F2Pool, bluntly stated that quantum computing is still a “bubble” at present, and even following Moore's Law, it would take 30 to 50 years to substantially crack Bitcoin's encryption standard (secp256k1); a16z also pointed out in the report that the likelihood of a computer that can crack modern encryption systems appearing before 2030 is extremely low; early Bitcoin advocate Adam Back also holds an optimistic view, believing that Bitcoin is safe for at least 20 to 40 years, and that NIST (National Institute of Standards and Technology) has already approved post-quantum encryption standards, giving Bitcoin ample time to upgrade.

However, Charles Edwards, founder of the crypto asset management firm Capriole Investment, issued a warning, believing that the threats are closer than commonly perceived, urging the community to build a defense system before 2026; otherwise, being late in the quantum race could lead to Bitcoin “going to zero.”

When quantum attacks come, the level of risk depends on how Bitcoin is stored and the duration of holding. Long-term Bitcoin holder Willy Woo and Deloitte have pointed out that P2PK (Pay to Public Key, currently holding about 1.718 million BTC) addresses will be the hardest hit. The reason is that early Bitcoin addresses (like the ones used by Satoshi Nakamoto) will expose the complete public key directly on-chain when spent or received. Theoretically, quantum computers can reverse-engineer the private key from the public key. Once the defenses are breached, these addresses will be the first to suffer. If not transferred in time, these assets may be “targeted for elimination.”

But Willy Woo also added that newer types of Bitcoin addresses are not as easily susceptible to quantum attacks because they do not expose the full public key on the chain; if the public key is unknown, quantum computers cannot generate the corresponding private key. Therefore, the assets of the vast majority of ordinary users will not immediately face risks. If the market experiences a flash crash due to quantum panic, that will be a good opportunity for Bitcoin OGs to enter the market.

From a technical perspective, there are existing solutions in the market, such as upgrading to quantum-resistant signatures, but as mentioned earlier, the issue lies in the difficulty of implementation.

a16z recently pointed out sharply that Bitcoin faces two major practical dilemmas: first, inefficient governance, Bitcoin's upgrades are extremely slow, and if the community cannot reach a consensus, it may trigger a destructive hard fork; second, the initiative to migrate, upgrades cannot be passively completed, users must actively transfer their assets to new addresses. This means that a large number of dormant coins will lose protection. It is estimated that the number of Bitcoins vulnerable to quantum attacks and potentially abandoned could reach several million, with a current market value of up to hundreds of billions of dollars.

Charles Hoskinson, the founder of Cardano, also added that a full deployment of quantum-resistant encryption is costly. The quantum-resistant encryption scheme has already been standardized by the U.S. National Institute of Standards and Technology in 2024, but without support for hardware acceleration, its computational costs and data scale will significantly reduce blockchain throughput, potentially resulting in about an order of magnitude performance loss. He pointed out that to determine whether the risks of quantum computing have entered a usable stage, more reference should be made to DARPA's quantum benchmarking program (expected to assess feasibility in 2033). Only when the scientific community confirms that quantum hardware can reliably perform destructive computations is there an urgent need to fully transition encryption algorithms. Acting too early merely wastes scarce on-chain resources on immature technology.

Michael Saylor, co-founder of Strategy, believes that any changes to the protocol should be made very cautiously. The essence of Bitcoin is that it is a monetary protocol, and its lack of rapid changes and frequent iterations is precisely its advantage, not a flaw. Therefore, modifications to the Bitcoin protocol must be extremely conservative and must ensure global consensus is reached. “If you want to sabotage the Bitcoin network, one of the most effective ways is to give a group of exceptionally talented developers unlimited funds to continuously improve it.”

Saylor also stated that as the network eventually upgrades, active Bitcoins will migrate to secure addresses, while those Bitcoins that have lost their private keys or are inoperable (including those locked by quantum computers) will be permanently frozen. This will lead to a decrease in the effective supply of Bitcoin, making it stronger instead.

From theory to practice, public chains initiate the defense against quantum attacks.

Although the quantum storm has not yet arrived, public chains have already launched a defensive battle.

According to the Bitcoin community, on December 5th of this year, researchers Mikhail Kudinov and Jonas Nick from Blockstream published a revised paper suggesting that hash-based signature technology could be the key solution to protect the $1.8 trillion Bitcoin blockchain from threats posed by quantum computers. The researchers believe that hash-based signatures are a compelling post-quantum solution, as their security relies entirely on mechanisms similar to the assumptions of hash functions already present in Bitcoin's design. This solution has undergone extensive cryptanalysis during the post-quantum standardization process at the National Institute of Standards and Technology in the United States, enhancing the credibility of its robustness.

Ethereum incorporates post-quantum cryptography (PQC) into its long-term roadmap, particularly as a key objective of the Splurge phase, to address the threats posed by future quantum computing. The strategy adopts a tiered upgrade approach, using L2 as a testing sandbox for running anti-quantum algorithms, with candidate technologies including lattice-based and hash-based cryptography, ensuring a smooth transition while protecting L1 security. Recently, Ethereum co-founder Vitalik Buterin warned again that quantum computers could crack Ethereum's elliptic curve encryption by 2028. He urged the Ethereum community to upgrade to quantum-resistant encryption within four years to safeguard network security, and suggested that innovation should focus on layer two solutions, wallets, and privacy tools, rather than frequently changing the core protocol.

Emerging public chains are also prioritizing quantum-resistant solutions. For instance, recently Aptos announced a proposal AIP-137 that introduces quantum-resistant signatures, planning to support quantum-resistant digital signature schemes at the account level to address the long-term risks that advancements in quantum computing may pose to existing cryptographic mechanisms. This solution will be introduced as an optional feature and will not affect existing accounts. According to the proposal, Aptos intends to support the hash-based signature scheme SLH-DSA, which has been standardized as FIPS 205;

The Solana Foundation has recently announced a partnership with post-quantum security company Project Eleven to advance the quantum security framework of the Solana network. As part of the collaboration, Project Eleven has conducted a comprehensive quantum threat assessment of the Solana ecosystem, covering core protocols, user wallets, validator security, and long-term cryptographic assumptions, and has successfully prototyped a Solana testnet using post-quantum digital signatures, validating the feasibility and scalability of end-to-end quantum-resistant transactions in real-world environments.

Cardano is currently adopting a gradual approach to address the future threat of quantum computing, such as establishing post-quantum checkpoints for the blockchain using the Mithril protocol, adding redundancy without affecting the current performance of the mainnet. Once hardware acceleration matures, post-quantum solutions will be gradually integrated into the main chain, including comprehensive replacements of VRF, signatures, and more. This approach is like placing lifeboats on the deck first and then observing whether a storm actually forms, rather than hastily transforming the entire ship into a slow steel fortress before the storm arrives.

Zcash has developed a quantum recoverable mechanism that allows users to migrate old assets to a more secure post-quantum mode.

Overall, although the quantum crisis has not yet reached our doorstep, the accelerating pace of its technological evolution is an undeniable fact. Defensive strategies are becoming a reality that cryptocurrency projects must face, and more public chains are expected to join this battle of attack and defense.