Quantum computing risk puts 7 million BTC including Satoshi Nakamoto's 1 million at stake - CoinDesk

In the event that quantum computers one day become capable of breaking Bitcoin’s cryptography, roughly 1 million BTC attributed to Satoshi Nakamoto, the creator of the Bitcoin network, could become vulnerable to theft. At today’s price of about $67,600 per bitcoin, that stash alone would be worth approximately $67.6 billion. Estimates circulating among analysts suggest that roughly 6.98 million bitcoin may be vulnerable in a sufficiently advanced quantum attack, Ki Young Ju, the founder of CryptoQuant, recently wrote on X. At current prices, the total amount of coins currently exposed represents roughly $440 billion. The question that is now becoming increasingly prevalent in and outside bitcoin circles is simple and, at times, quite controversial The vulnerability is not uniform. In Bitcoin’s early years, pay-to-public-key (P2PK) transactions embedded public keys directly on-chain. Modern addresses typically reveal only a hash of the key until coins are spent, but once a public key is exposed through early mining or address reuse, that exposure is permanent. In a sufficiently advanced quantum scenario, those keys could, in theory, be reversed. For some, freezing those coins would undermine bitcoin’s foundational neutrality. “Bitcoin’s structure treats all UTXOs equally,” said Nima Beni, founder of Bitlease. “It does not distinguish based on wallet age, identity, or perceived future threat. That neutrality is foundational to the protocol’s credibility.” Creating exceptions, even for security reasons, alters that architecture, he said. Once authority exists to freeze coins for protection, it exists for other justifications as well. Georgii Verbitskii, founder of crypto investor app TYMIO, raised a relevant concern: the network has no reliable way to determine which coins are lost and which are simply dormant. “Distinguishing between coins that are truly lost and coins that are simply dormant is practically impossible,” Verbitskii said. “From a protocol perspective, there is no reliable way to tell the difference.” For this camp, the solution lies in upgrading cryptography and enabling voluntary migration to quantum-resistant signatures, rather than rewriting ownership conditions at the protocol layer. Others argue that intervention would violate Bitcoin’s core principle: private keys control coins. Paolo Ardoino, CEO of Tether, suggested that allowing old coins to reenter circulation, even if through quantum breakthroughs, may be preferable to altering consensus rules. "Any bitcoin in lost wallets, including Satoshi (if not alive), will be hacked and put back in circulation," he continued. "Any inflationary effect from lost coins returning to circulation would be temporary, the thinking goes, and the market would eventually absorb it.” Under this view, “code is law”: if cryptography evolves, coins move. Roya Mahboob, CEO and founder of Digital Citizen Fund, took a similar hardline stance. “No, freezing old Satoshi-era addresses would violate immutability and property rights,” she told CoinDesk. “Even coins from 2009 are protected by the same rules as coins mined today.” If quantum systems eventually crack exposed keys, she added, “whoever solves them first should claim the coins.” However, Mahboob said she expects upgrades driven by ongoing research among Bitcoin Core developers to strengthen the protocol before any serious threat materializes. Jameson Lopp said that allowing quantum attackers to sweep vulnerable coins would amount to a massive redistribution of wealth to whoever first gains access to advanced quantum hardware. In his essay Against Allowing Quantum Recovery of Bitcoin, Lopp rejects the term “confiscation” when describing a defensive soft fork. “I don't think ‘confiscation’ is the most precise term to use,” Lopp wrote. “Rather, what we're really discussing would be better described as ‘burning’ rather than placing the funds out of reach of everyone.” Such a move would likely require a soft fork, rendering vulnerable outputs unspendable unless migrated to upgraded quantum-resistant addresses before a deadline — a change that would demand broad social consensus. Allowing quantum recovery, he adds, would reward technological supremacy rather than productive participation in the network. “Quantum miners don't trade anything,” Lopp wrote. “They are vampires feeding upon the system.” While the philosophical debate intensifies, the technical timeline remains contested. Zeynep Koruturk, managing partner at Firgun Ventures, said the quantum community was “stunned” when recent research suggested fewer physical qubits than previously assumed may be required to break widely used encryption systems like RSA-2048. “If this can be proven in the lab and corroborated, the timeline for decrypting RSA-2048 could, in theory, be shortened to two to three years,” she said, noting that advances in large-scale fault-tolerant systems would eventually apply to elliptic curve cryptography as well. Aerie Trouw, co-founder and CTO of XYO, believes “we’re still far enough away that there’s no practical reason to panic,” Frederic Fosco, co-founder of OP_NET, was more direct. Even if such a machine emerged, “you upgrade the cryptography. That’s it. This isn’t a philosophical dilemma: it’s an engineering problem with a known solution.” In the end, the question is about governance, timing and philosophy — and whether the Bitcoin community can reach consensus before quantum computing becomes a real and present threat. Freezing vulnerable coins would challenge Bitcoin’s claim of immutability. Allowing them to be swept would challenge its commitment to fairness. Elliptic flags Russia-linked crypto platforms’ ongoing sanctions evasion Bitpapa, Garantex and ABCeX were among the cryptocurrency exchanges linked to Russian-tied transactions circumventing Western evasions. Disclosure & Polices: CoinDesk is an award-winning media outlet that covers the cryptocurrency industry. Its journalists abide by a strict set of editorial policies. CoinDesk has adopted a set of principles aimed at ensuring the integrity, editorial independence and freedom from bias of its publications. CoinDesk is part of Bullish (NYSE:BLSH), an institutionally focused global digital asset platform that provides market infrastructure and information services. Bullish owns and invests in digital asset businesses and digital assets and CoinDesk employees, including journalists, may receive Bullish equity-based compensation. When you visit any website, it may store or retrieve information on your browser, mostly in the form of cookies. This information might be about you, your preferences or your device and is mostly used to make the site work as you expect it to. The information does not usually directly identify you, but it can give you a more personalized web experience. Because we respect your right to privacy, you can choose not to allow some types of cookies. Click on the different category headings to find out more and change our default settings. However, blocking some types of cookies may impact your experience of the site and the services we are able to offer. More information These cookies allow us to count visits and traffic sources so we can measure and improve the performance of our site. They help us to know which pages are the most and least popular and see how visitors move around the site. All information these cookies collect is aggregated and therefore anonymous. If you do not allow these cookies we will not know when you have visited our site, and will not be able to monitor its performance. These cookies enable the website to provide enhanced functionality and personalisation. They may be set by us or by third party providers whose services we have added to our pages. If you do not allow these cookies then some or all of these services may not function properly. These cookies may be set through our site by our advertising partners. They may be used by those companies to build a profile of your interests and show you relevant adverts on other sites. They do not store directly personal information, but are based on uniquely identifying your browser and internet device. If you do not allow these cookies, you will experience less targeted advertising. These cookies are necessary for the website to function and cannot be switched off in our systems. They are usually only set in response to actions made by you which amount to a request for services, such as setting your privacy preferences, logging in or filling in forms. You can set your browser to block or alert you about these cookies, but some parts of the site will not then work. These cookies do not store any personally identifiable information. These cookies are set by a range of social media services that we have added to the site to enable you to share our content with your friends and networks. They are capable of tracking your browser across other sites and building up a profile of your interests. This may impact the content and messages you see on other websites you visit. If you do not allow these cookies you may not be able to use or see these sharing tools.