A recent analysis from Coinbase’s (NASDAQ:COIN) independent Quantum Advisory Council underscores growing concerns over the long-term security of Bitcoin holdings as quantum computing technology advances. The report draws attention to the substantial portion of the Bitcoin supply—potentially up to 7 million BTC—that could become vulnerable due to practices like address reuse and legacy address formats that expose public keys on the blockchain.
Quantum computers, once sufficiently powerful, could theoretically solve the mathematical problems underlying current cryptographic systems much faster than classical computers.
This capability poses a particular threat to elliptic curve digital signature algorithms used in Bitcoin.
While today’s quantum machines lack the necessary scale, experts warn that proactive measures are essential to safeguard the ecosystem before “cryptographically relevant” quantum systems emerge, possibly within the next 10 to 20 years.
The advisory council’s findings reveal that approximately 1.7 million BTC reside in older Pay-to-Public-Key (P2PK) addresses, where public keys have been openly visible since the network’s early days.
Many of these holdings are associated with Satoshi Nakamoto-era coins or wallets whose owners may have lost access long ago.
When combined with address reuse across other address types—such as those used in modern transactions—the total quantum-vulnerable Bitcoin climbs to roughly 7 million, representing about one-third of the total supply that will ever exist.
Notably, the vulnerability extends beyond dormant or lost coins.
Digital currency exchanges and other large custodians maintain significant holdings in cold wallets that have been compromised through repeated address usage.
When funds are spent from an address, the corresponding public key becomes permanently recorded on-chain.
Reusing that same address for incoming deposits leaves the remaining balance exposed, turning what should be secure offline storage into a potential target for future quantum attacks.
This exposure creates a dual challenge for the Bitcoin ecosystem. That being, technical migration to post-quantum cryptography and difficult governance decisions about “abandoned” coins.
The research report explores what should happen to assets that are never transferred to quantum-resistant addresses before any network-wide upgrade.
Options range from allowing them to remain vulnerable (potentially leading to theft) to community-driven mechanisms like soft forks or social consensus to reallocate or burn unclaimed funds—each carrying complex implications for decentralization and user trust.
For individual users and institutions, the guidance is clear: avoid address reuse entirely, rotate addresses for every transaction, and move long-term holdings to fresh, secure formats where public keys remain hidden until spent.
Modern native SegWit or Taproot addresses offer better baseline protection when used properly, but vigilance remains key.
The Coinbase Quantum Advisory Council, composed of leading experts from institutions like Stanford, UT Austin, and the Ethereum Foundation, emphasizes that preparation must begin immediately.
While Bitcoin’s core protocol elements like mining and the blockchain history face minimal direct threat, wallet-level cryptography requires urgent attention.
The council’s position paper serves as both a technical warning and a call for coordinated industry action to preserve the integrity of digital assets in a post-quantum world.
As quantum research accelerates in 2926, this research report seemingly adds urgency to ongoing discussions within the crypto space. Stakeholders are encouraged to at least carefully review best practices and support development of so-called quantum-safe solutions to mitigate risks before they actually materialize and pose a real threat.