Not everything in bitcoin is at risk from a quantum computer.
Bitcoin mining, the process by which new blocks are added to the blockchain, uses a type of math called hashing that quantum computers cannot meaningfully decipher. The ledger itself and the rule that new bitcoins can only be created through mining would survive a quantum attacker. Blocks would continue to be produced and the chain would continue to function.
What would not survive is the property.
Bitcoin wallets are protected by a different type of math that converts a secret private key into a public address that anyone can see. The math easily works in one direction and nothing in the other, which is the only thing stopping a stranger from spending your coins.
Part 1 of this quantum computing series focused on physics. A quantum computer is not a faster version of a regular computer. It’s a fundamentally different type of machine, starting in a very cold, very small metal loop where particles behave in ways they don’t behave anywhere else on Earth.
Part 2 looked at what happens when you point that machine at bitcoin. Bitcoin wallets depend on a one-way math problem. Converting a secret private key to a public address takes milliseconds. Going the other way, from the public address to the private key, would require a normal computer to be older than the age of the universe.
A quantum algorithm called Shor collapses the gap. Google’s paper this month showed that the attack could be executed with far fewer resources than anyone had previously estimated, in a window that competes with bitcoin’s own blocking times.
This article, the last in the series, is about the answer. What’s really at risk, what Bitcoin has done about it, and whether a network built to resist coordinated change can coordinate the biggest security upgrade in its history before the hardware catches up.
What is exposed, what is safe
The group of people at risk is large.
About 6.9 million bitcoins, about a third of all that has been mined, sit in wallets whose public keys are already permanently visible on the chain. Most of it is bitcoin from the early years of the network, stored in an address format that published the public key by default. It also includes any wallet that was ever spent on, because spending reveals the key to what is left.
A quantum attacker would not need to run against an ongoing transaction. Rather, they could review wallets with already exposed keys at their own pace, one by one. Bitcoin’s pseudonymous creator, Satoshi Nakamoto, owns approximately 1 million bitcoins, untouched from the early days of the network, and this stack is now in the exposed category.
The 2021 Taproot update expanded the issue. Taproot is a change to how bitcoin addresses work, aimed at making transactions more efficient and private.
A side effect was that any bitcoin spent since Taproot was activated has released the key protecting what’s left at that address. This was not a mistake, but a reasonable trade-off at the time, when quantum timelines seemed much longer than they are now.
What is in process?
While the quantum threat has sparked heated debate in recent months and other blockchains are gearing up, nothing concrete has yet emerged from Bitcoin developers.
Ethereum, which can be considered one of Bitcoin’s biggest competitors among institutional investors analyzing the cryptocurrency market, has had a formal quantum resistance program since 2018.
The Ethereum Foundation runs four teams working on the migration full-time, and more than ten independent developer groups ship testnets weekly. The plan maps specific updates to four upcoming network-wide changes, moving Ethereum’s security to new mathematics that quantum computers cannot break. It has even launched a dedicated website, pq.ethereum.org, to publish its progress.
Bitcoin does not have an equivalent strategy so far.
That doesn’t mean efforts aren’t being made to fix it.
One of those formal proposals is BIP-360 from a group of developers and researchers. It would add new types of quantum-safe addresses that incumbents could voluntarily migrate to. A competing proposal from BitMEX Research would install a detection system that would trigger defensive action if a quantum attack is observed on the network.
However, neither proposal has broad support from leading bitcoin developers, and the two proposals solve different halves of the problem.
Nic Carter, one of bitcoin’s prominent proponents, has denounced it in recent months.
“Elliptic curve cryptography is on the verge of obsolescence,” Carter wrote in X, referring to the mathematics that protects bitcoin wallets. He described Ethereum’s approach as “best in class” and Bitcoin’s as “worst in class,” citing developers who “deny, gaslight, police, bury their heads in the sand” rather than engage with the problem.
Adam Back, CEO of Blockstream and an early prominent bitcoin contributor, disagrees with the urgency, but agrees with the direction.
“Quantum computing still has a lot to prove. Current systems are essentially laboratory experiments,” Back said at a conference earlier this month. But he also said Bitcoin should be prepared now, with optional upgrades created in advance so the network can migrate when needed, rather than having to struggle in a crisis.
The coordination problem
So what is the biggest challenge in implementing effective solutions against the quantum threat of Bitcoin?
Bitcoin migration is more difficult than Ethereum for reasons unrelated to the actual math.
Ethereum has a foundation that funds engineering work and a governance process that periodically undergoes major updates. Bitcoin has neither. Its development culture treats any central authority as failure mode, and its social consensus holds that changes to protocol should be rare and difficult.
That background has kept the network stable for nearly two decades, but it also makes the quantum problem structurally more difficult for bitcoin to solve.
Migrating the 6.9 million exposed coins requires decisions that the network has spent twenty years avoiding. Should old address formats be frozen after a certain date to protect coins from future theft? Should exposed coins be allowed to be moved to new quantum-safe addresses using their original keys? What happens to coins whose owners cannot or do not want to migrate?
Satoshi coins are the clearest example. Freezing old formats protects the coins from theft, but makes them permanently inaccessible, even to Satoshi. Leaving the old formats open means that those coins constitute a permanent prize for whoever builds the first working quantum computer or has access to a quantum computer and wants to attack.
Setting a migration deadline forces Satoshi to move the coins, revealing his ownership, or lose them. Each option changes the character of bitcoin in ways that the network has historically refused to change it.
What happens next?
The very framework of Google’s article is a summary of the state of the industry.
A successful attack on mathematics using Bitcoin “should not be seen as a wake-up call to adopt post-quantum cryptography but as a potential sign that PQC adoption has already failed.”
This means that by the time the threat becomes visible, the window to respond may already have closed.
Developers now face the question of whether a network built to resist coordinated change can coordinate the largest security upgrade in its history before the hardware catches up to the theory.
Ethereum’s eight-year lead suggests the right answer is to start now. Bitcoin’s governance culture suggests that the likely response is to wait until the threat is demonstrated and then act.
Only one of those answers works if the schedule turns out to be shorter than the optimists’ estimate.
