Over 1.7 million BTC at risk of attack? Bitcoin once again embroiled in quantum attack controversy, public chains initiate defense efforts

Author: Nancy, PANews

Quantum attacks have long been part of the narrative surrounding Bitcoin. In the past, this threat was more often viewed as a theoretical black swan. However, with the rapid advancement of quantum computing technology, this controversy seems to be shifting.

Recently, Nic Carter, co-founder of Castle Island Ventures, pointed out that quantum computing is merely an 'engineering challenge' away from breaking Bitcoin. This argument has sparked division in the community, with some dismissing it as a deliberate attempt to incite panic, while others believe it is a survival crisis that must be confronted. Meanwhile, several projects are already taking proactive measures to explore and deploy defenses against quantum attacks.

Quantum attack alarm upgraded? Protocol modification may take ten years.

The threat of quantum computing to Bitcoin is not a new topic. Recently, the rapid advancement of quantum computing technology has once again brought this issue to the forefront. For example, the latest quantum processor released by Google recently has demonstrated computational speeds that surpass the world's most powerful supercomputers for specific tasks. Although these breakthroughs do not directly threaten Bitcoin, they have intensified discussions about Bitcoin's security.

Last weekend, Bitcoin advocate Nic Carter published a lengthy article criticizing Bitcoin developers for being in a dreamy state, heading towards a crisis that could lead to system collapse.

The core of the article points out that the elliptic curve cryptography (ECC) on which Bitcoin relies could theoretically be broken by the algorithm proposed by computer scientist Peter Shor. Satoshi Nakamoto considered this when designing Bitcoin and believed that Bitcoin needs to upgrade when quantum computing becomes sufficiently powerful. Although current quantum computing power is still several orders of magnitude away from the theoretical threshold for breaking it, breakthroughs in quantum technology are accelerating. Prominent quantum theorist Scott Aaronson referred to it as an "extremely difficult engineering problem," rather than a question requiring new foundational physical discoveries. This year, the quantum field has made significant progress in error-correcting technology and funding, and institutions like NIST have requested to phase out existing cryptographic algorithms between 2030 and 2035.

2025 Quantum Computing Panorama

Carter pointed out that approximately 6.7 million BTC (worth over $600 billion) are directly exposed to the risk of quantum attacks. More troubling is that this includes about 1.7 million BTC belonging to Satoshi Nakamoto and early miners' P2PK addresses, which are in a state of "permanent loss." Even if Bitcoin upgrades to quantum-resistant signatures, these unclaimed "zombie coins" cannot be migrated. At that point, the community will face a cruel dilemma: either violate the absolute principle of "private property is inviolable" by forcibly freezing these assets through a hard fork, leading to a crisis of faith, or allow quantum attackers to steal these coins and become the largest holders, resulting in market collapse.

Theoretically, Bitcoin can undergo a soft fork and adopt post-quantum (PQ) signature schemes. There are indeed some quantum-resistant cryptographic signature schemes available. But the main problem lies in how to determine specific post-quantum schemes, organize soft forks, and laboriously migrate all the addresses with balances. Referring to the past upgrade processes of SegWit and Taproot, discussions, development, and consensus on completing quantum-resistant migration could take as long as ten years; this sluggishness is fatal. Carter criticized developers for falling into serious strategic misjudgment, stating that over the past decade, significant resources have been expended on scaling the Lightning Network or secondary disputes, showing extreme paranoid caution towards minor changes in block size and scripts, while exhibiting inexplicable indifference and complacency towards this threat that could render the system worthless.

In contrast, Ether and other public chains, with their more flexible governance mechanisms or already initiated post-quantum tests, far exceed Bitcoin in resilience. Carter finally warned that if this "elephant in the room" continues to be ignored, when a crisis approaches, the hasty panic reaction, emergency forks, and even civil wars within the community may destroy the trust institutions have in Bitcoin more than the quantum attacks themselves.

Carter's remarks quickly sparked community discussion. Bitcoin Core developer Jameson Lopp responded, saying, "I have publicly discussed the risks posed by quantum computing to Bitcoin for 18 months. My main conclusion is: I sincerely hope that the development of quantum computing can stagnate or even recede, because adapting to the post-quantum era will be very tricky for Bitcoin for many reasons."

However, this viewpoint has also sparked considerable controversy. For example, Blockstream CEO Adam Back criticized Carter for exaggerating people's concerns about the potential threats of quantum computing to Bitcoin. Bitcoin expert Pledditor stated that Carter is deliberately creating anxiety, as his fund (Castle Island Ventures) has invested in a startup that sells tools for transitioning the blockchain to resist quantum attacks.

The quantum challenge from multiple perspectives, timing judgments, technical responses, and implementation difficulties.

There are differing judgments among Bitcoin OGs, VCs, asset managers, and practitioners regarding whether quantum computing will threaten Bitcoin's security. Some believe this is an imminent systemic risk, others view it as an exaggerated technological bubble, while some believe that the quantum threat may actually strengthen Bitcoin's value narrative.

For ordinary investors, the core question is simply: when will the threat arrive? The current mainstream consensus in the industry leans towards no need for panic in the short term, but long-term risks do exist.

Grayscale clearly stated in its "2026 Digital Asset Outlook" that although the quantum threat is real, for the market in 2026, it is merely a "false alarm" and will not affect short-term valuations; F2Pool co-founder Wang Chun bluntly stated that quantum computing is still a "bubble"; even following Moore's Law, it would still take 30 to 50 years to materially break Bitcoin's cryptographic standards (secp256k1); a16z also pointed out in its report that the likelihood of computers capable of breaking modern cryptographic systems appearing before 2030 is extremely low; the emergence of Bitcoin promoters is also extremely low; Adam Bitcoin's emergence is also extremely low; Back maintains an optimistic attitude, believing that Bitcoin is safe for at least the next 20 to 40 years, and that NIST has approved post-quantum encryption standards, giving Bitcoin sufficient time to upgrade.

However, Charles Edwards, founder of the crypto asset management company Capriole Investment, warned that the threat is closer than generally perceived, urging the community to build a defense system before 2026, or being late in the quantum race could lead to Bitcoin "going to zero."

When quantum attacks arrive, the magnitude of the risk depends on how Bitcoin is stored and how long it has been held. Long-term Bitcoin holders Willy Woo and Deloitte both pointed out that P2PK (direct public key, currently holding about 1.718 million BTC) addresses will be disaster areas. The reason is that early Bitcoin addresses (like the ones used by Satoshi Nakamoto) would directly expose the full public key on-chain when spending or receiving. Theoretically, quantum computers could reverse-engineer the private key from the public key. Once the defense line is breached, these addresses will be the first to be hit. If not transferred in time, these assets may be subjected to "targeted elimination."

But Willy Woo also added that the newer types of Bitcoin addresses are not so easily susceptible to quantum attacks because they do not expose the full public key on-chain; if the public key is unknown, a quantum computer cannot generate the corresponding private key. Therefore, the vast majority of ordinary users' assets will not immediately face risk. And if the market experiences a flash crash due to quantum panic, it will be a good opportunity for Bitcoin OGs to enter.

From a technical perspective, solutions already exist in the market, such as upgrading to quantum-resistant signatures, but as previously mentioned, the difficulty of implementation is the problem.

a16z recently pointed out sharply that Bitcoin faces two major real dilemmas: one is low governance efficiency, and Bitcoin's upgrades are extremely slow; if the community cannot reach a consensus, it may trigger destructive hard forks; the second is the initiative for migration, as upgrades cannot be passively completed, users must actively transfer their assets to new addresses. This means that large amounts of dormant coins will lose protection. It is estimated that the number of Bitcoins that are easily susceptible to quantum attacks and may be abandoned reaches millions, with a current market value of up to hundreds of billions of dollars.

Cardano founder Charles Hoskinson also added that fully deploying quantum-resistant encryption is costly. The quantum-resistant encryption scheme itself was standardized by the National Institute of Standards and Technology in 2024, but without hardware acceleration support, its computational costs and data scale would significantly reduce blockchain throughput, potentially resulting in about an order of magnitude in performance loss. He pointed out that assessing whether the risks of quantum computing have reached a usable stage should refer more to DARPA's quantum benchmark testing program (expected to assess feasibility in 2033). Only when the scientific community determines that quantum hardware can reliably perform destructive computations will there be an urgent need to fully replace cryptographic algorithms. Acting too early would merely waste scarce on-chain resources on immature technologies.

Strategy co-founder Michael Saylor reacted by stating that any changes to the protocol should be made with extreme caution. The essence of Bitcoin is a monetary protocol, and its lack of rapid changes and frequent iterations is its strength, not a flaw. Therefore, modifications to the Bitcoin protocol must be extremely conservative and must ensure global consensus. "If you want to destroy the Bitcoin network, one of the most effective ways is to give a group of exceptionally talented developers unlimited funds to continuously improve it."

Saylor also stated that as the network eventually upgrades, active Bitcoins will migrate to secure addresses, while those Bitcoins that have lost private keys or are inoperable (including those locked by quantum computers) will be permanently frozen. This will lead to a reduction in the effective supply of Bitcoin, making it even stronger.

From theory to practice, public chains are launching a quantum defense war.

Although the quantum storm has not yet arrived, public chains have already sounded the alarm.

In the Bitcoin community, on December 5 this year, researchers Mikhail Kudinov and Jonas Nick from Blockstream proposed in a revised paper that hash-based signature technology could be the key solution to protect the $18 trillion Bitcoin blockchain from quantum computer threats. Researchers believe that hash-based signatures are a compelling post-quantum solution because their security relies entirely on mechanisms similar to the hash function assumptions already present in Bitcoin's design. This solution has undergone extensive cryptanalysis in the post-quantum standardization process at the National Institute of Standards and Technology.

Ethereum has incorporated post-quantum cryptography (PQC) into its long-term roadmap, particularly as a key goal of the Splurge phase, to address future threats from quantum computing. The strategy adopts a layered upgrade approach, using L2 as a test sandbox to run quantum-resistant algorithms, with candidate technologies including lattice-based and hash-based cryptography, ensuring a smooth transition while protecting L1 security. Not long ago, Ethereum co-founder Vitalik Buterin warned again that quantum computers could crack Ethereum's elliptic curve encryption by 2028. He urged the Ethereum community to upgrade to quantum-resistant encryption within four years to protect network security and suggested that the focus should be on innovations in layer two solutions, wallets, and privacy tools, rather than frequent changes to the core protocol.

Emerging public chains are also prioritizing quantum-resistant solutions. For instance, Aptos recently announced a proposal to introduce quantum-resistant signatures, AIP-137, planning to support quantum-resistant digital signature schemes at the account level to address the long-term risks that developments in quantum computing may pose to existing cryptographic mechanisms. This scheme will be introduced optionally and will not affect existing accounts. According to the proposal, Aptos intends to support the hash-based signature scheme SLH-DSA, standardized as FIPS 205.

The Solana Foundation recently announced a collaboration with post-quantum security company Project Eleven to advance the quantum security layout of the Solana network. As part of this collaboration, Project Eleven conducted a comprehensive quantum threat assessment of the Solana ecosystem, covering core protocols, user wallets, validator security, and long-term cryptographic assumptions, and successfully prototyped a Solana testnet using post-quantum digital signatures, verifying the feasibility and scalability of end-to-end quantum-resistant transactions in real-world environments.

Cardano is currently adopting a gradual approach to address future threats from quantum computing, such as establishing post-quantum checkpoints for the blockchain using the Mithril protocol, adding redundancy without affecting the current performance of the mainnet. Once hardware acceleration matures, the post-quantum solution will gradually be integrated into the main chain, including full replacements of VRF, signatures, etc. This approach is akin to first placing lifeboats on the deck and observing whether the storm really forms, rather than hurriedly transforming the entire ship into a sluggish steel fortress before the storm arrives.

Zcash has developed a quantum recoverable mechanism that allows users to migrate old assets to a more secure post-quantum mode.

In summary, although the quantum crisis has not yet arrived, the acceleration of its technological evolution is an undeniable fact, and defensive strategies are becoming a reality that crypto projects must face; it is expected that more public chains will join this offensive and defensive battle.

(The above content is excerpted and reprinted with permission from partner PANews, original link)

"Are over 1.7 million BTC under attack? Bitcoin again falls into the controversy of quantum attacks, and public chains begin defense." This article was first published on (BlockBeats).