Over 1.7 million BTC are facing attacks? Bitcoin is once again embroiled in the controversy of quantum attacks, and the public chain has begun a defensive battle.

Author: Nancy, PANews

Quantum attacks have long been part of the narrative surrounding Bitcoin. In the past, this threat was often viewed as a theoretical black swan. However, with the rapid advancement of quantum computing technology, this controversy seems to be evolving.

Recently, Nic Carter, co-founder of Castle Island Ventures, pointed out that quantum computing is only one “engineering challenge” away from breaking Bitcoin. This argument has caused a divide in the community, with some condemning it as a deliberate attempt to incite panic, while others believe it is a survival crisis that must be acknowledged. At the same time, many projects have already begun to prepare in advance, actively exploring and deploying solutions to defend against quantum attacks.

Quantum attack alert upgrade? Protocol modifications may take ten years.

The threat of quantum computing to Bitcoin is not a new topic. Recently, the rapid advancement of quantum computing technology has brought this issue back to the forefront. For example, the latest quantum processor released by Google has empirically surpassed the world's strongest supercomputer in computational speed for specific tasks. While such breakthroughs do not directly threaten Bitcoin, they have reignited discussions about the security of Bitcoin.

Last weekend, Bitcoin advocate Nic Carter published a lengthy article criticizing Bitcoin developers for seemingly sleepwalking into a crisis that could lead to a system collapse.

The core of the article points out that the elliptic curve cryptography (ECC) on which Bitcoin relies can theoretically be compromised by the algorithm proposed by computer scientist Peter Shor. Satoshi Nakamoto considered this when designing Bitcoin and believed that Bitcoin would need to upgrade when quantum computing became sufficiently powerful. Although the current quantum computing power is still several orders of magnitude away from breaking the theoretical threshold, breakthroughs in quantum technology are accelerating. Renowned quantum theorist Scott Aaronson referred to it as “an extremely difficult engineering problem” rather than a problem that requires new fundamental physics discoveries. This year, the quantum field has made significant progress in error correction technology and funding, with institutions like NIST (National Institute of Standards and Technology) calling for the deprecation of existing cryptographic algorithms between 2030 and 2035.

2025 Quantum Computing Panorama

Carter pointed out that there are currently about 6.7 million BTC (worth over $600 billion) directly exposed to the risk of quantum attacks. More troubling is that among them are about 1.7 million bitcoins belonging to Satoshi Nakamoto and early miners in P2PK addresses, which are in a “permanently lost” state. Even if Bitcoin upgrades to quantum-resistant signatures, these unclaimed “zombie coins” cannot be migrated. At that time, the community will face a cruel dilemma: either violate the absolute tenet of “private property is inviolable” by forcibly freezing these assets through a hard fork, which would trigger a crisis of faith, or allow quantum attackers to steal these coins and become the largest holders, leading to a market collapse.

In theory, Bitcoin can undergo a soft fork and adopt a post-quantum (PQ) signature scheme. Currently, there are indeed some quantum-resistant cryptographic signature schemes. However, the main issue lies in how to determine the specific post-quantum scheme, organize the soft fork, and how laboriously to migrate all the addresses with balances numbering in the tens of millions. Referring to the upgrade history of SegWit and Taproot, completing discussions, development, and consensus on quantum-resistant migration could take as long as ten years, and this kind of delay is fatal. Carter criticized developers for falling into a serious strategic misjudgment; over the past decade, a large amount of resources has been spent on scaling the Lightning Network or on minor disputes, showing extreme paranoid caution towards slight changes in block size and scripts, yet displaying inexplicable indifference and complacency towards this threat that could reset the system.

In contrast, Ethereum and other public chains far exceed Bitcoin in resilience due to more flexible governance mechanisms or already initiated post-quantum testing. Carter finally warned that if this “elephant in the room” continues to be ignored, when a crisis strikes, hasty panic reactions, emergency forks, and even community civil wars may destroy institutions' trust in Bitcoin even more than quantum attacks themselves.

Carter's remarks quickly sparked community discussion. Bitcoin Core developer Jameson Lopp responded by saying, "I have publicly discussed the risks that quantum computing poses to Bitcoin for the past 18 months. My main conclusion is: I sincerely hope that the development of quantum computing can stagnate or even decline, because adapting Bitcoin for the post-quantum era will be very tricky, for many reasons.

However, this viewpoint has also sparked considerable controversy. For instance, Blockstream CEO Adam Back criticized Carter for exaggerating people's concerns about the potential threat of quantum computing to Bitcoin. Bitcoin expert Pledditor stated that Carter is deliberately creating anxiety; his fund (Castle Island Ventures) has invested in a startup that sells tools for transitioning blockchain to be resistant to quantum attacks.

Quantum challenges from multiple perspectives, time judgment, technical responses, and implementation difficulties.

Regarding whether quantum computing poses a threat to Bitcoin's security, different judgments have been made by Bitcoin OGs, VCs, asset managers, and industry practitioners. Some believe this is an imminent systemic risk, while others view it as an exaggerated technological bubble. There are also those who believe that the quantum threat could actually strengthen Bitcoin's value narrative.

For the average investor, there is only one core question: When will the threat arrive? The current mainstream consensus in the industry leans towards the idea that there is no need to panic in the short term, but long-term risks do exist.

Grayscale clearly stated in the “2026 Digital Asset Outlook” that despite the real existence of quantum threats, this is merely a “false alarm” for the market in 2026 and will not affect short-term valuations; F2Pool co-founder Wang Chun bluntly said that quantum computing is still a “bubble” at present, and even if following Moore's Law, it will still take 30 to 50 years to substantively crack Bitcoin's encryption standard (secp256k1); a16z also pointed out in the report that the likelihood of computers capable of cracking modern encryption systems appearing before 2030 is extremely low; the likelihood of Adam Bitcoin promoters appearing is extremely low; the likelihood of Adam Bitcoin appearing is extremely low; Back also holds an optimistic attitude, believing that Bitcoin is safe for at least 20 to 40 years, and that NIST (National Institute of Standards and Technology) has already approved post-quantum encryption standards, giving Bitcoin sufficient time for upgrades.

However, Charles Edwards, the founder of the crypto asset management company Capriole Investment, issued a warning, believing that the threat is closer than commonly perceived. He urged the community to build a defense system before 2026, or else being late in the quantum race could lead to Bitcoin “going to zero.”

When quantum attacks arrive, the size of the risk depends on the way Bitcoin is stored and the duration of holding. Long-term Bitcoin holders Willy Woo and Deloitte have pointed out that P2PK (direct public key, currently holding about 1.718 million BTC) addresses will be the hardest hit. The reason is that early Bitcoin addresses (such as those used by Satoshi Nakamoto) directly expose the full public key on-chain when spending or receiving. Theoretically, quantum computers can reverse-engineer the private key from the public key. Once the defenses are breached, these addresses will be the first to suffer. If not transferred in time, these assets could be “targeted for elimination.”

But Willy Woo also added that newer types of Bitcoin addresses are not as easily susceptible to quantum attacks because they do not expose the full public key on-chain; if the public key is unknown, quantum computers cannot generate the corresponding private key from it. Therefore, the vast majority of general users' assets will not face immediate risks. If the market experiences a flash crash due to quantum panic, it will be a good opportunity for Bitcoin OGs to enter.

From a technical perspective, there are existing solutions in the market, such as upgrading to quantum-resistant signatures, but as mentioned earlier, the problem lies in the difficulty of implementation.

a16z recently pointed out sharply that Bitcoin faces two major practical dilemmas: first, governance inefficiency, Bitcoin's upgrades are extremely slow, and if the community cannot reach a consensus, it may trigger destructive hard forks; second, the proactivity of migration, upgrades cannot be passively completed, users must actively transfer their assets to new addresses. This means that a large number of dormant coins will lose protection. It is estimated that the number of Bitcoins that are vulnerable to quantum attacks and may be abandoned reaches millions, with a value of up to hundreds of billions of dollars based on current market value.

Cardano founder Charles Hoskinson also added that the full deployment of quantum-resistant encryption is costly. The quantum-resistant encryption scheme itself was standardized in 2024 by the National Institute of Standards and Technology in the United States, but without hardware acceleration support, its computational costs and data scale will significantly reduce blockchain throughput, potentially resulting in about an order of magnitude performance loss. He pointed out that to determine whether the risks of quantum computing are at a usable stage, one should refer more to DARPA's quantum benchmarking program (expected to assess feasibility in 2033). Only when the scientific community confirms that quantum hardware can stably perform destructive computations will there be an urgent need to fully replace encryption algorithms. Acting too soon only wastes scarce on-chain resources on immature technologies.

Michael Saylor, co-founder of Strategy, responded by saying that any changes to the protocol should be approached with great caution. The essence of Bitcoin is that it is a monetary protocol, and its lack of rapid changes and frequent iterations is its strength, not a flaw. Therefore, modifications to the Bitcoin protocol must be extremely conservative, ensuring that global consensus is reached. “If you want to destroy the Bitcoin network, one of the most effective ways to do so is to give a group of exceptionally talented developers unlimited funding to continuously improve it.”

Saylor also stated that as the network ultimately upgrades, active bitcoins will migrate to secure addresses, while those bitcoins that have lost their private keys or are unable to be accessed (including those locked by quantum computers) will be permanently frozen. This will lead to a reduction in the effective supply of bitcoins, making it stronger instead.

From theory to practice, public chains initiate the anti-quantum defense battle.

Although the quantum storm has not yet arrived, public chains have already begun the defense battle.

In terms of the Bitcoin community, on December 5 of this year, researchers Mikhail Kudinov and Jonas Nick from Blockstream published a revised paper suggesting that hash-based signature technology could be a key solution to protecting the $18 trillion Bitcoin blockchain from quantum computer threats. The researchers believe that hash-based signatures are a compelling post-quantum solution because their security relies entirely on mechanisms similar to the hash function assumptions already present in Bitcoin's design. This solution has undergone extensive cryptanalysis in the post-quantum standardization process at the National Institute of Standards and Technology in the United States, enhancing the credibility of its robustness.

Ethereum will incorporate post-quantum cryptography (PQC) into its long-term roadmap, particularly as an important goal of the Splurge phase, to address the threat of future quantum computing. The strategy employs a tiered upgrade, using L2 as a testing sandbox to run anti-quantum algorithms, with candidate technologies including lattice-based and hash-based cryptography, ensuring a smooth transition while protecting L1 security. Recently, Ethereum co-founder Vitalik Buterin again warned that quantum computers could break Ethereum's elliptic curve encryption by 2028. He urged the Ethereum community to upgrade to quantum-resistant encryption within four years to protect network security and suggested that the focus of innovation should be on layer two solutions, wallets, and privacy tools, rather than frequent changes to the core protocol.

Emerging public chains are also putting anti-quantum solutions on the agenda. For example, recently Aptos announced a proposal to introduce an improved anti-quantum signature called AIP-137, which plans to support anti-quantum digital signature solutions at the account level to address the long-term risks that the development of quantum computing may pose to existing cryptographic mechanisms. The solution will be introduced optionally, without affecting existing accounts. According to the proposal, Aptos intends to support the hash-based signature scheme SLH-DSA, which has been standardized as FIPS 205;

The Solana Foundation has also recently announced a collaboration with post-quantum security company Project Eleven to advance the quantum security framework of the Solana network. As part of the collaboration, Project Eleven has conducted a comprehensive quantum threat assessment of the Solana ecosystem, covering core protocols, user wallets, validator security, and long-term cryptographic assumptions, and has successfully prototyped and deployed a Solana testnet that utilizes post-quantum digital signatures, validating the feasibility and scalability of end-to-end quantum-resistant transactions in real-world environments.

Cardano is currently adopting a gradual approach to tackle the future threat of quantum computing, such as establishing post-quantum checkpoints for the blockchain with the Mithril protocol, increasing redundancy without affecting the current performance of the mainnet. Once hardware acceleration matures, post-quantum solutions will be gradually integrated into the main chain, including comprehensive replacements like VRF and signatures. This approach is akin to placing lifeboats on the deck first and observing whether the storm actually forms, rather than hastily converting the entire ship into a sluggish steel fortress before the storm arrives.

Zcash has developed a quantum recoverable mechanism that allows users to migrate old assets to a more secure post-quantum mode.

Overall, although the quantum crisis has not yet reached our doorstep, the acceleration of its technological evolution is an undeniable fact. Defensive strategies are becoming a reality that cryptocurrency projects must confront, and it is expected that more public chains will join this offensive and defensive battle.

(The above content is excerpted and reproduced with the authorization of our partner PANews ****, original link __)

_
Disclaimer: This article is for providing market information only. All content and opinions are for reference only and do not constitute investment advice or represent the views and positions of the blockchain. Investors should make their own decisions and trades, and the author and the blockchain will not bear any responsibility for any direct or indirect losses incurred by investors' trades.
_

Tags: ECC Nic Carter Bitcoin algorithm cryptography quantum-resistant elliptic curve cryptography private key hard fork supercomputer quantum quantum computing