By Nancy, PANews
The Quantum Computing Threat to Bitcoin: From Theoretical Black Swan to Urgent Reality?
For years, the prospect of quantum attacks on Bitcoin remained largely a theoretical “black swan” event, a distant concern confined to academic discussions. However, the rapid advancements in quantum computing technology are now transforming this debate, pushing the threat closer to the forefront of blockchain security conversations.
Recently, Nic Carter, co-founder of Castle Island Ventures, ignited a significant discussion within the crypto community by asserting that quantum computing is merely an “engineering problem” away from potentially compromising Bitcoin. This claim has sharply divided opinions, with some dismissing it as fear-mongering and others recognizing it as an existential crisis demanding immediate attention. Simultaneously, a growing number of projects are proactively exploring and deploying solutions to defend against future quantum attacks.
Quantum Alert Level Rises: A Decade-Long Protocol Overhaul?
The threat posed by quantum computing to Bitcoin is not a new topic, but recent breakthroughs have brought it back into sharp focus. For instance, Google’s latest quantum processor has demonstrably outperformed the world’s most powerful supercomputers on specific tasks. While such advancements don’t directly threaten Bitcoin today, they intensify the urgency of discussions surrounding its long-term security.
Last weekend, Bitcoin advocate Nic Carter published a comprehensive article, accusing Bitcoin developers of “sleepwalking” towards a crisis that could lead to the system’s collapse.
At the core of his argument is the vulnerability of Bitcoin’s foundational elliptic curve cryptography (ECC) to Shor’s algorithm, a method theoretically capable of breaking it. Satoshi Nakamoto, Bitcoin’s creator, reportedly anticipated this need for an upgrade once quantum computing became sufficiently powerful. While current quantum capabilities are still several orders of magnitude away from the theoretical threshold, quantum technology is accelerating. Renowned quantum theorist Scott Aaronson characterizes it as an “extremely difficult engineering problem,” rather than one requiring new fundamental physics discoveries. This year alone, the quantum field has seen significant progress in error correction techniques and investment. Institutions like the U.S. National Institute of Standards and Technology (NIST) have even mandated the deprecation of existing cryptographic algorithms between 2030 and 2035.
Carter highlights that approximately 6.7 million BTC, valued at over $600 billion, are directly exposed to quantum attack risks. More critically, this includes about 1.7 million BTC held in P2PK addresses belonging to Satoshi Nakamoto and early miners, which are effectively “permanently lost.” Even if Bitcoin were to upgrade to quantum-resistant signatures, these unclaimed “zombie coins” could not be migrated. This presents a cruel dilemma for the community: either violate the absolute tenet of “inviolable private property” by forcibly freezing these assets through a hard fork, thereby triggering a crisis of faith, or allow quantum attackers to steal these coins and become the largest holders, leading to a market collapse.
Theoretically, Bitcoin could implement a soft fork to adopt post-quantum (PQ) signature schemes. While several quantum-resistant cryptographic signature solutions exist, the primary challenge lies in selecting a specific PQ scheme, orchestrating the soft fork, and laboriously migrating tens of millions of addresses with balances. Referencing the historical upgrade paths of SegWit and Taproot, the discussion, development, and consensus-building for a quantum-resistant migration could take up to a decade – a delay Carter argues would be fatal. He criticizes developers for a severe strategic misjudgment, claiming that over the past decade, vast resources have been spent on Lightning Network scaling or minor disputes, exhibiting extreme caution over subtle changes to block size and scripts, yet showing puzzling indifference and complacency towards a threat that could reset the entire system.
In stark contrast, Ethereum and other public blockchains, with their more flexible governance mechanisms or already initiated post-quantum testing, demonstrate far greater resilience than Bitcoin. Carter concludes with a stark warning: continued ignorance of this “elephant in the room” could lead to hurried, panic-driven reactions, emergency forks, and even community civil war, potentially destroying institutional trust in Bitcoin long before a quantum attack even materializes.
Carter’s remarks swiftly sparked community debate. Bitcoin Core developer Jameson Lopp responded, stating, “I’ve been publicly discussing the risks quantum computing poses to Bitcoin for 18 months. My main conclusion is: I sincerely hope quantum computing development stalls or even recedes because adapting Bitcoin for the post-quantum era will be very tricky, for many reasons.“
However, this view also drew significant controversy. For example, Blockstream CEO Adam Back criticized Carter for exaggerating concerns about quantum computing’s potential threat to Bitcoin. Bitcoin expert Pledditor suggested Carter was deliberately creating anxiety, noting that his fund (Castle Island Ventures) has invested in a startup that sells tools for transitioning blockchains to quantum resistance.
The Multi-Faceted Quantum Challenge: Timelines, Technical Solutions, and Implementation Hurdles
The debate over whether quantum computing will compromise Bitcoin’s security has elicited varied judgments from Bitcoin OGs, VCs, asset managers, and industry professionals. Some perceive it as an imminent systemic risk, others as an overhyped tech bubble, and a few even believe the quantum threat could paradoxically strengthen Bitcoin’s value proposition.
For the average investor, the core question remains: When will the threat arrive? The prevailing industry consensus leans towards no immediate panic, but acknowledges a genuine long-term risk.
Grayscale, in its “2026 Digital Asset Outlook,” explicitly states that while the quantum threat is real, it’s a “false alarm” for the market by 2026, unlikely to impact short-term valuations. F2Pool co-founder Wang Chun bluntly called quantum computing a “bubble,” asserting that even following Moore’s Law, substantively breaking Bitcoin’s encryption standard (secp256k1) would still require 30 to 50 years. A report by a16z also indicated an extremely low probability of computers capable of breaking modern cryptographic systems emerging before 2030. Adam Back maintains an optimistic outlook, believing Bitcoin will remain secure for at least 20 to 40 years, noting that NIST has already approved post-quantum encryption standards, affording Bitcoin ample time for an upgrade.
Conversely, Charles Edwards, founder of crypto asset management firm Capriole Investment, warned that the threat is closer than commonly perceived, urging the community to build defense systems by 2026. He cautioned that a delay in the quantum race could lead to Bitcoin “going to zero.”
Should a quantum attack materialize, the magnitude of the risk will depend on how Bitcoin is stored and its age. Long-term Bitcoin holders Willy Woo and Deloitte both highlight P2PK (Pay-to-Public-Key-Hash) addresses, which currently hold approximately 1.718 million BTC, as the most vulnerable. This is because early Bitcoin addresses (like those used by Satoshi) directly expose the full public key on-chain when spent or received. Theoretically, a quantum computer could derive the private key from the public key. Once this defense is breached, these addresses would be the first to fall. Without timely transfers, these assets could be “surgically removed.”
However, Willy Woo also added that newer Bitcoin address types are less susceptible to quantum attacks because they do not expose the full public key on-chain. If the public key remains unknown, quantum computers cannot generate the corresponding private key. Therefore, the vast majority of ordinary users’ assets would not be immediately at risk. Furthermore, if the market were to experience a flash crash due to quantum panic, it could present an opportune moment for Bitcoin OGs to accumulate.
From a technical standpoint, market solutions exist, such as upgrading to quantum-resistant signatures. However, as previously mentioned, the primary challenge lies in implementation.
a16z recently incisively pointed out two significant practical dilemmas for Bitcoin: first, inefficient governance, which leads to extremely slow upgrades, with a lack of community consensus potentially triggering destructive hard forks; second, the need for proactive migration, as upgrades cannot be passively completed – users must actively transfer their assets to new addresses. This implies that a large number of dormant coins would lose their protection. It is estimated that millions of such Bitcoin, vulnerable to quantum attacks and potentially abandoned, could be worth hundreds of billions of dollars at current market values.
Cardano founder Charles Hoskinson further elaborated that fully deploying quantum-resistant cryptography is costly. While post-quantum cryptographic schemes were standardized by NIST in 2024, their computational cost and data scale, without hardware acceleration support, would significantly reduce blockchain throughput, potentially leading to approximately an order of magnitude performance loss. He suggested that judging whether quantum computing risk has entered an actionable phase should primarily reference DARPA’s quantum benchmark program (with feasibility assessment expected by 2033). Only when the scientific community confirms that quantum hardware can reliably perform disruptive computations will a comprehensive overhaul of encryption algorithms become urgently necessary. Acting prematurely, he argued, would merely waste scarce on-chain resources on immature technology.
Michael Saylor, co-founder of MicroStrategy, responded by emphasizing that any changes to the protocol should be made with extreme caution. Bitcoin’s essence as a monetary protocol, he asserted, derives its strength from its lack of rapid change and frequent iteration, which is an advantage, not a flaw. Therefore, modifications to the Bitcoin protocol must be extremely conservative and ensure global consensus. “If you want to destroy the Bitcoin network, one of the most effective ways is to give an extremely talented group of developers unlimited funds to constantly improve it.”
Saylor also posited that as the network eventually upgrades, active Bitcoin will migrate to secure addresses, while those with lost private keys or those that are inoperable (including those locked by quantum computers) will be permanently frozen. This would lead to a reduction in Bitcoin’s effective supply, thereby making it stronger.
From Theory to Practice: Public Blockchains Launch Quantum Defense Battle
Despite the quantum storm not yet being upon us, public blockchains are already preparing for defense.
Within the Bitcoin community, on December 5th of this year, Blockstream researchers Mikhail Kudinov and Jonas Nick published a revised paper proposing that hash-based signature technology could be a crucial solution to protect the $1.8 trillion Bitcoin blockchain from the threat of quantum computers. The researchers believe that hash-based signatures offer a compelling post-quantum solution because their security relies entirely on mechanisms similar to the hash function assumptions already present in Bitcoin’s design. This scheme has undergone extensive cryptanalysis during NIST’s post-quantum standardization process, enhancing the credibility of its robustness.
Ethereum has incorporated post-quantum cryptography (PQC) into its long-term roadmap, specifically as a key objective in the Splurge phase, to address future quantum computing threats. Its strategy involves a tiered upgrade, utilizing L2s as testing sandboxes for quantum-resistant algorithms. Candidate technologies include lattice-based and hash-based cryptography, ensuring a smooth transition while safeguarding L1 security. Recently, Ethereum co-founder Vitalik Buterin reiterated his warning that quantum computers could potentially break Ethereum’s elliptic curve encryption by 2028. He urged the Ethereum community to upgrade to quantum-resistant encryption within four years to protect network security, suggesting that innovation should focus on layer-2 solutions, wallets, and privacy tools, rather than frequent changes to the core protocol.
Emerging public blockchains are also prioritizing quantum-resistant solutions. For example, Aptos recently announced a proposal, AIP-137, to introduce quantum-resistant signatures, planning to support quantum-resistant digital signature schemes at the account level to address the long-term risks that quantum computing development might pose to existing cryptographic mechanisms. This solution will be introduced as an optional feature, not affecting existing accounts. According to the proposal, Aptos intends to support the hash-based signature scheme SLH-DSA, which has been standardized as FIPS 205.
The Solana Foundation also recently announced a partnership with post-quantum security company Project Eleven to advance Solana’s network quantum-resistant security strategy. As part of the collaboration, Project Eleven has conducted a comprehensive quantum threat assessment of the Solana ecosystem, covering the core protocol, user wallets, validator security, and long-term cryptographic assumptions. They have also successfully prototyped and deployed a Solana testnet utilizing post-quantum digital signatures, validating the feasibility and scalability of end-to-end quantum-resistant transactions in a real-world environment.
Cardano is currently adopting a progressive approach to counter future quantum computing threats, such as establishing post-quantum checkpoints for the blockchain using the Mithril protocol, adding redundancy without impacting the mainnet’s current performance. Once hardware acceleration matures, post-quantum solutions will be gradually merged into the main chain, including comprehensive replacement of VRF, signatures, and more. This approach is akin to placing lifeboats on deck and observing whether a storm truly forms, rather than frantically transforming the entire ship into a sluggish steel fortress before the storm even arrives.
Zcash, meanwhile, has developed quantum-recoverable mechanisms, allowing users to migrate old assets to more secure post-quantum modes.
In conclusion, while the quantum crisis may not yet be at our doorstep, the accelerating pace of its technological evolution is an undeniable reality. A proactive defense strategy is becoming an imperative for crypto projects, and it is anticipated that more public blockchains will join this critical battle for future security.
(The above content is an excerpt and reproduction authorized by our partner PANews. Original Article Link)
Disclaimer: This article is for market information purposes only. All content and views are for reference only and do not constitute investment advice. They do not represent the views and positions of BlockTempo. Investors should make their own decisions and trades. The author and BlockTempo will not bear any responsibility for direct or indirect losses incurred by investors’ transactions.
