Coin Metrics pointed out that quantum computing is advancing faster than many expected, shrinking the timeline for breaking the cryptographic foundations that secure major cryptocurrencies like Bitcoin and Ethereum. While no quantum machine today can crack elliptic-curve signatures at scale, recent breakthroughs—highlighted in analyses from Google’s Quantum AI and industry voices at Coinbase—have shifted the conversation from distant theory to urgent planning.
According to Coin Metrics’ State of the Network report, roughly 6.9 million BTC are currently exposed to potential quantum attacks due to legacy address formats and key-reuse patterns.
About 1.7 million BTC, or 9% of total supply, remain dormant in early “Satoshi-era” coins that are especially difficult to protect.
Bitcoin’s risk stems primarily from its UTXO model and how public keys are handled across address types.
Pay-to-Public-Key (P2PK) outputs from the network’s earliest days keep keys fully visible on-chain, making them prime long-range targets.
Reused Pay-to-Public-Key-Hash (P2PKH) and Pay-to-Script-Hash (P2SH) addresses reveal keys upon spending, leaving leftover balances vulnerable.
In contrast, modern SegWit (P2WPKH/P2WSH) and Taproot (P2TR) formats keep keys hashed until spent, offering better protection—though Taproot still embeds a visible tweaked key.
Data from the first 500,000 blocks shows about 2.3 million BTC in vulnerable legacy addresses, with the majority concentrated in early P2PK coinbase rewards.
Adoption of safer address types has grown steadily, but legacy creation and reuse persist.
The “dormant coin dilemma” adds complexity. Roughly 1.7 million BTC sit untouched since the early years, including an estimated 1.1 million BTC linked to Satoshi Nakamoto across tens of thousands of small addresses.
These coins cannot easily migrate without community coordination. Proposals range from maintaining the status quo to more drastic measures such as freezing or rate-limiting spends.
The risk is uneven: most vulnerable holdings are spread across many modest P2PK outputs, while a smaller set of high-value reused addresses could become attractive targets.
Other blockchains face different profiles.
Account-based networks like Ethereum and Solana expose public keys as soon as users send a transaction, placing a larger share of value at immediate risk compared with Bitcoin’s UTXO design.
Proof-of-stake chains add validator-key exposure, and their governance models may allow faster upgrades.
Ethereum has launched a dedicated post-quantum research team and roadmap emphasizing account abstraction plus new hash-based or lattice-based signatures.
Solana’s teams, including Anza and Firedancer, have converged on the NIST-standardized Falcon scheme and outlined a phased plan: enable post-quantum keys, incentivize rotation, then enforce full migration if needed.
Bitcoin’s mitigation efforts center on new proposals.
BIP-360 introduces Pay-to-Merkle-Root outputs to keep keys off-chain longer.
BIP-361 suggests a phased sunset of vulnerable signatures, potentially freezing unmigrated coins.
Complementary ideas like Paradigm’s PACTs would let holders prove control today without moving funds, preserving dormant assets during any future upgrade.
Quantum risk remains a long-dated concern rather than an immediate crisis.
Yet the compressed timelines mean developers, holders, and institutions must now coordinate migration paths, test new schemes, and balance security with decentralization. Coin Metrics concluded in the research report that the crypto industry’s overall response will determine how resilient its networks remain when the quantum era finally arrives.