Bitcoin faces a looming technical challenge that no amount of computing power can solve alone. As first reported by CoinDesk, a Coinbase-convened advisory council of leading cryptographers has issued its assessment of how the network should prepare for quantum computers—and stopped short of answering the question that matters most.
The council, which includes Scott Aaronson from the University of Texas at Austin, Dan Boneh of Stanford, and Justin Drake from the Ethereum Foundation, agrees on one point: quantum computers do not pose an immediate threat to Bitcoin today. Beyond that consensus, the cryptographers part ways on what the network should actually do.
The Scale of Bitcoin’s Quantum Exposure
The problem is measurable and significant. Approximately 6.7 million bitcoin are considered vulnerable to a future quantum attack, according to research tracked by Project11. That figure breaks down into two distinct categories: about 1.7 million bitcoin sit in roughly 20,000 early pay-to-public-key addresses, a Bitcoin format that publishes the owner’s public key directly on the blockchain. Many of these coins are assumed to belong to Satoshi Nakamoto and other early participants who lost their private keys—meaning they can never be moved to safety.
The remaining 5 million or so vulnerable coins are exposed through address reuse, though most are believed to be active holdings in cryptocurrency exchange wallets and could theoretically be migrated.
The exposure matters because quantum computers, if they reach sufficient computational power, could crack ECDSA and Schnorr signatures—the cryptographic schemes Bitcoin currently relies on. An attacker with that capability could potentially spend coins without possessing the private keys, creating what amounts to a new source of bitcoin supply.
A Community Divided on Solutions
The real tension in Bitcoin emerges not around the technical migration to quantum-resistant signatures, but around the coins that would never move.
One faction argues for imposing a hard deadline. After a specified date, they propose, Bitcoin would stop accepting transactions signed with the current ECDSA and Schnorr schemes. Any unmigrated coins would become unspendable. Proponents of this approach contend that leaving billions of dollars in vulnerable coins accessible to a future attacker—potentially a sanctioned nation-state like North Korea—would pose an existential threat to Bitcoin’s price and legitimacy.
The opposing camp views this as confiscation, a violation of the absolute property rights that Bitcoin was designed to protect. They warn that freezing coins, even in the name of security, sets a precedent that could justify government pressure to freeze coins for other reasons later.
Between these poles sit several technical proposals. Hourglass would rate-limit how many vulnerable coins can be spent per block, preventing a sudden supply flood. BIP-361, developed by Jameson Lopp and others, would allow migrated holders to prove ownership after a cutoff using quantum-resistant proofs that expose no keys. PACTs, from Paradigm’s Dan Robinson, would let owners timestamp a private claim now and move funds later without revealing anything today.
The Council’s Non-Answer
The Coinbase advisory board noted that these proposals are not mutually exclusive and could be adopted together. But when pressed on the central question—what should actually happen to abandoned coins—the council declined to choose.
“There is no correct answer,” the board wrote, placing the decision squarely on the Bitcoin community itself. Instead, the cryptographers committed to two actionable recommendations: begin technical migration planning immediately, and communicate clearly with users about the seriousness of the threat.
This separation is deliberate. The engineering work to support post-quantum signatures is independent of any governance decision about frozen coins. Bitcoin can and should move forward on the technical side without waiting for community consensus on the harder philosophical question.
Bitcoin’s Window Is Closing Relative to Ethereum
The timing matters. Ethereum has spent years preparing for quantum threats through research and protocol work. Bitcoin, by contrast, has yet to take meaningful action on either front—technical migration or community deliberation.
The council’s refusal to take a position may frustrate those seeking clarity, but it reflects a deeper reality: this is not a problem cryptographers can solve alone. It requires Bitcoin’s miners, developers, exchanges, and users to reach consensus on a question that touches fundamental questions about property rights and protocol governance.
That conversation needs to begin now. Whether Bitcoin chooses migration, freezing, rate-limiting, or some combination remains an open question. But every month of delay narrows the window for action before quantum computers become powerful enough to matter.