Over 1.7 million BTC at risk of direct attack? Bitcoin embroiled in quantum controversy again, public blockchains launch defensive battle.

Author: Nancy, PANews

Quantum attacks have long been a part of the Bitcoin narrative. In the past, this threat was largely viewed as a theoretical black swan event. However, with the rapid evolution of quantum computing technology, this debate appears to be shifting.

Recently, Nic Carter, co-founder of Castle Island Ventures, wrote an article stating that quantum computing is only an "engineering problem" away from cracking Bitcoin. This assertion has sparked debate in the community, with some accusing it of deliberately creating panic, while others believe it represents a pressing existential crisis that needs to be addressed. Meanwhile, many crypto projects are already taking precautions, actively exploring and deploying solutions to defend against quantum attacks.

Quantum attack alert escalates? Protocol revisions may take a decade.

The threat of quantum computing to Bitcoin is not a new topic. Recent rapid advancements in quantum computing technology have once again brought this issue to the forefront. For example, Google's recently released quantum processor has empirically surpassed the world's most powerful supercomputer in terms of computing speed for specific tasks. While such breakthroughs do not directly threaten Bitcoin, they have intensified discussions about its security.

Last weekend, Bitcoin advocate Nic Carter published a lengthy article denouncing Bitcoin developers for heading toward a crisis that could lead to the collapse of the system in a sleepwalking state.

The article's core argument is that elliptic curve cryptography (ECC), the foundation of Bitcoin, can theoretically be broken by an algorithm proposed by computer scientist Peter Shor. Satoshi Nakamoto considered this when designing Bitcoin, believing it needed to be upgraded when quantum computing became sufficiently powerful. While current quantum computing power is still several orders of magnitude away from breaking the theoretical threshold, breakthroughs in quantum technology are accelerating. Renowned quantum theorist Scott Aaronson describes it as an "extremely difficult engineering problem," rather than a problem requiring new fundamental physics discoveries. This year, the quantum field has made significant progress in error correction technology and financial investment, with institutions such as NIST (National Institute of Standards and Technology) calling for the abandonment of existing encryption algorithms between 2030 and 2035.

Carter points out that approximately 6.7 million BTC (worth over $600 billion) are currently directly exposed to the risk of quantum attacks. More problematic is that this includes about 1.7 million Bitcoins belonging to Satoshi Nakamoto and early miners' P2PK addresses, which are in a state of "permanent loss." Even if Bitcoin upgrades to be quantum-resistant, these unclaimed "zombie coins" cannot be migrated. The community will then face a cruel dilemma: either violate the absolute tenet of "inviolability of private property" by forcibly freezing these assets through a hard fork, triggering a crisis of faith, or allow quantum attackers to steal these coins and become the largest holders, leading to market collapse.

In theory, Bitcoin can undergo a soft fork and adopt a post-quantum (PQ) signature scheme. Currently, some quantum-resistant cryptographic signature schemes do exist. However, the main problems lie in determining the specific post-quantum scheme, organizing the soft fork, and painstakingly migrating tens of millions of addresses with balances. Referring to the upgrade trajectories of SegWit and Taproot, completing the discussion, development, and consensus-building for quantum-resistant migration could take up to a decade—a fatal slowdown. Carter criticizes the developers for a serious strategic miscalculation: over the past decade, vast resources have been wasted on Lightning Network scaling or minor debates, exhibiting extreme, paranoid caution towards minor changes to block size and scripts, yet displaying inexplicable indifference and complacency towards this threat that could wipe out the system.

In contrast, Ethereum and other public blockchains, with their more flexible governance mechanisms or the preemptive launch of post-quantum tests, are far more resilient than Bitcoin. Carter concludes by warning that if this "elephant in the room" continues to be ignored, hasty panic reactions, emergency forks, and even community civil wars when a crisis strikes could destroy institutional trust in Bitcoin even faster than the quantum attack itself.

Carter's comments quickly sparked community discussion. Bitcoin Core developer Jameson Lopp responded, "I have been publicly discussing the risks that quantum computing poses to Bitcoin for 18 months. My main conclusion is that I sincerely hope the development of quantum computing will stagnate or even decline, because adapting Bitcoin to the post-quantum era will be extremely difficult for many reasons. Quantum computers will not disrupt Bitcoin in the short term. We will continue to monitor their development. However, thoughtful modifications to the protocol (and unprecedented fund migrations) could take 5 to 10 years. We should hope for the best, but also prepare for the worst."

However, this viewpoint has also sparked considerable controversy. For example, Blockstream CEO Adam Back criticized Carter for exaggerating concerns about the potential threat of quantum computing to Bitcoin . Bitcoin expert Pledditor stated that Carter is deliberately creating anxiety, as his fund (Castle Island Ventures) has invested in a startup that sells tools for transitioning blockchains to quantum-resistant architectures.

Quantum challenges from multiple perspectives: time judgment, technological solutions, and practical applications.

Regarding whether quantum computing threatens Bitcoin's security, Bitcoin OGs, venture capitalists, asset managers, and practitioners have offered differing assessments. Some believe it poses an imminent systemic risk, others see it as an overblown technological bubble, while still others argue that the quantum threat might actually strengthen Bitcoin's value narrative.

For ordinary investors, there is only one core question: When will the threat arrive? The current mainstream consensus in the industry is that there is no need to panic in the short term, but long-term risks are real.

Grayscale explicitly stated in its "2026 Digital Asset Outlook" that although the quantum threat is real, it is only a "false alarm" for the market in 2026 and will not affect short-term valuations. F2Pool co-founder Wang Chun bluntly stated that quantum computing is still a "bubble," and even following Moore's Law, it will still take 30 to 50 years to substantially crack Bitcoin's encryption standard (secp256k1). a16z also pointed out in its report that the possibility of a computer capable of cracking modern encryption systems appearing before 2030 is extremely low. Early Bitcoin advocate Adam Back also holds an optimistic view, believing that Bitcoin will be secure for at least 20 to 40 years, and that NIST (National Institute of Standards and Technology) has approved post-quantum encryption standards, giving Bitcoin enough time to upgrade.

However, Charles Edwards, founder of crypto asset management firm Capriole Investment, warned that the threat is closer than commonly perceived, urging the community to build a defense system by 2026, otherwise being late in the quantum race could lead to Bitcoin going "to zero".

When a quantum attack occurs, the magnitude of the risk depends on how Bitcoin is stored and how long it has been held . Long-term Bitcoin holders Willy Woo and Deloitte both point to P2PK (direct public key, currently holding approximately 1.718 million BTC) addresses as the hardest hit. This is because early Bitcoin addresses (such as those used by Satoshi Nakamoto) directly expose their complete public keys on-chain when spending or receiving. Theoretically, quantum computers can deduce private keys from public keys. Once the defenses are breached, these addresses will be the first to be affected. If assets are not transferred in time, they could be "targeted wipes."

Willy Woo added that newer Bitcoin address types are less vulnerable to quantum attacks because they don't expose the complete public key on-chain; if the public key is unknown, a quantum computer cannot generate the corresponding private key. Therefore, the assets of the vast majority of ordinary users will not be immediately at risk. However, if the market experiences a flash crash due to quantum panic, it will be a good opportunity for Bitcoin OGs to enter the market.

From a technical perspective, there are already solutions on the market, such as upgrading to quantum-resistant signatures, but as mentioned earlier, the problem lies in the difficulty of implementation.

a16z recently pointed out that Bitcoin faces two major real-world dilemmas: first, inefficient governance , with upgrades being extremely slow, potentially leading to destructive hard forks if the community cannot reach consensus; and second, the lack of proactive migration , as upgrades cannot be passively completed, requiring users to actively transfer their assets to new addresses. This means a large number of dormant coins will lose their protection . It is estimated that millions of Bitcoins are vulnerable to quantum attacks and could be abandoned, with a current market capitalization value of hundreds of billions of dollars.

Cardano founder Charles Hoskinson added that a full-scale deployment of quantum-resistant encryption is prohibitively expensive. While quantum-resistant encryption schemes were standardized by the National Institute of Standards and Technology (NIST) in 2024, without hardware acceleration support, their computational costs and data scale will significantly reduce blockchain throughput, potentially resulting in a performance loss of approximately an order of magnitude. He pointed out that assessing whether quantum computing risks have reached a usable stage should rely more on DARPA's quantum benchmarking program (expected to assess feasibility in 2033). A full-scale replacement of encryption algorithms will only be urgently needed when the scientific community confirms that quantum hardware can stably perform destructive computations. Acting prematurely only wastes scarce on-chain resources on immature technologies.

Strategy co-founder Michael Saylor echoed this sentiment, arguing that any changes to the protocol should be approached with extreme caution. He stated that Bitcoin's essence is a monetary protocol, and its lack of rapid change and frequent iteration is precisely its strength, not its weakness. Therefore, modifications to the Bitcoin protocol must be extremely conservative and must ensure global consensus. "If you want to disrupt the Bitcoin network, one of the most effective ways is to give a group of exceptionally talented developers unlimited funding to continuously improve it."

Saylor also stated that as the network eventually upgrades, active Bitcoins will migrate to secure addresses, while those that have lost their private keys or are inoperable (including those locked by quantum computers) will be permanently frozen. This will reduce the effective supply of Bitcoin, making it even stronger.

From theory to practice, public blockchains launch their anti-quantum defense campaign.

Although the quantum storm has not yet arrived, public blockchains have already launched a defensive battle.

In the Bitcoin community, on December 5th, Blockstream researchers Mikhail Kudinov and Jonas Nick published a revised paper proposing that hash-based signature technology could be a key solution for protecting the $1.8 trillion Bitcoin blockchain from the threat of quantum computers. The researchers argue that hash-based signatures are a compelling post-quantum solution because their security relies entirely on a mechanism similar to the hash function assumptions already present in Bitcoin's design. This scheme has undergone extensive cryptanalysis during the post-quantum standardization process at the National Institute of Standards and Technology (NIST), enhancing the credibility of its robustness.

Ethereum has incorporated post-quantum cryptography (PQC) into its long-term roadmap, particularly as a key objective of the Splurge phase , to address the threats of future quantum computing. The strategy employs a hierarchical upgrade approach, utilizing L2 as a test sandbox to run quantum-resistant algorithms. Candidate technologies include lattice-based and hash-based cryptography, ensuring a smooth transition while protecting L1 security. Recently, Ethereum co-founder Vitalik Buterin reiterated his warning that quantum computers could break Ethereum's elliptic curve cryptography by 2028. He urged the Ethereum community to upgrade to quantum-resistant cryptography within four years to protect network security and suggested that innovation should focus on layer-2 solutions, wallets, and privacy tools rather than frequent changes to the core protocol.

Emerging public blockchains are also prioritizing quantum-resistant solutions. For example, Aptos recently announced an improved proposal, AIP-137, to introduce quantum-resistant signatures. This proposal aims to support quantum-resistant digital signatures at the account level to address the long-term risks that the development of quantum computing may pose to existing encryption mechanisms. This solution will be introduced as an option and will not affect existing accounts. According to the proposal, Aptos intends to support the hash-based signature scheme SLH-DSA, which has been standardized as FIPS 205.

The Solana Foundation recently announced a collaboration with post-quantum security company Project Eleven to advance the quantum-resistant security architecture of the Solana network. As part of the collaboration, Project Eleven has conducted a comprehensive quantum threat assessment of the Solana ecosystem, covering core protocols, user wallets, validator security, and long-term cryptographic assumptions. They have also successfully prototyped and deployed a Solana testnet using post-quantum digital signatures, validating the feasibility and scalability of end-to-end quantum-resistant transactions in a real-world environment.

Cardano is currently employing a gradual approach to address future quantum computing threats . For example, it uses the Mithril protocol to establish post-quantum checkpoints for the blockchain, adding redundancy without impacting the mainnet's current performance. Once the hardware accelerates and matures, the post-quantum solution will be gradually integrated into the main chain, including a complete replacement of VRF and signatures. This approach is like putting a lifeboat on the deck first and then observing whether a storm has actually formed, rather than hastily converting the entire ship into a slow, inert steel fortress before the storm arrives.

Zcash has developed a quantum recoverable mechanism that allows users to migrate old assets to a more secure post-quantum model.

In summary, although the quantum crisis has not yet reached its doorstep, the accelerated pace of its technological evolution is an undeniable fact. Defensive strategies are becoming a reality that crypto projects must confront, and it is expected that more public chains will join this battle.