Over 1.7 million BTC facing attacks? Bitcoin is once again embroiled in controversy over quantum attacks, as public chains initiate a defense battle.

Author: Nancy, PANews

Quantum attacks have long existed in the narrative of Bitcoin. In the past, this threat was more regarded as a theoretical black swan. However, with the rapid evolution of quantum computing technology, this controversy seems to be shifting.

Recently, Nic Carter, co-founder of Castle Island Ventures, pointed out that quantum computing is only an “engineering challenge” away from breaking Bitcoin. This argument has sparked a divide in the community, with some condemning it as an intentional attempt to create panic, while others believe it is a survival crisis that must be faced. At the same time, many projects have begun to prepare for the future, actively exploring and deploying defenses against quantum attacks.

Quantum attack alert upgrade? Protocol modification may take ten years.

The threat of quantum computing to Bitcoin is not a new topic. Recently, the rapid advancement of quantum computing technology has brought this issue to the forefront once again. For example, the latest quantum processor released by Google has demonstrably surpassed the world's most powerful supercomputers in computation speed for specific tasks. While such breakthroughs do not directly threaten Bitcoin, they have intensified discussions about the security of Bitcoin.

Last weekend, Bitcoin advocate Nic Carter published a lengthy article criticizing Bitcoin developers for being in a state of sleepwalking, heading towards a crisis that could potentially lead to a system collapse.

The core of the article points out that the elliptic curve cryptography (ECC) on which Bitcoin relies can theoretically be broken by the algorithm proposed by computer scientist Peter Shor. Satoshi Nakamoto considered this when designing Bitcoin and believed that an upgrade would be necessary when quantum computing becomes powerful enough. Although quantum computing power is still several orders of magnitude away from reaching the theoretical threshold for breaking it, breakthroughs in quantum technology are accelerating. Renowned quantum theorist Scott Aaronson has referred to it as “an extremely difficult engineering problem,” rather than a problem that requires new fundamental physics discoveries. This year, significant progress has been made in the quantum field in error correction technology and funding, and institutions such as NIST (National Institute of Standards and Technology) have called for the phasing out of existing cryptographic algorithms between 2030 and 2035.

2025 Quantum Computing Panorama

Carter pointed out that there are currently about 6.7 million BTC (worth over 600 billion USD) directly exposed to the risk of quantum attacks. More troubling is that among these, about 1.7 million belong to Satoshi Nakamoto and early miners in P2PK address Bitcoin, which are in a state of “permanently lost.” Even if Bitcoin upgrades to quantum-resistant signatures, these unclaimed “zombie coins” cannot be transferred. At that time, the community will face a cruel dilemma: either violate the absolute tenet of “private property is inviolable” by forcibly freezing these assets through a hard fork, triggering a crisis of faith, or allow quantum attackers to steal these coins and become the largest holders, leading to a market collapse.

In theory, Bitcoin can undergo a soft fork and adopt post-quantum (PQ) signature schemes. Currently, there are indeed some quantum-resistant cryptographic signature schemes. However, the main issue lies in how to determine the specific post-quantum scheme, organize the soft fork, and laboriously migrate tens of millions of addresses that hold balances. Referring to the past upgrade histories of SegWit and Taproot, completing discussions, development, and consensus for quantum-resistance migration may take as long as ten years, and such delays can be fatal. Carter criticized developers for falling into a serious strategic misjudgment; over the past decade, a massive amount of resources has been spent on scaling the Lightning Network or minor debates, demonstrating an extreme paranoia regarding slight modifications to block size and scripts, yet showing an inexplicable indifference and complacency towards this threat that could reset the system.

In contrast, Ethereum and other public chains, with their more flexible governance mechanisms or the already initiated post-quantum tests, far exceed Bitcoin in resilience. Carter finally warned that if this “elephant in the room” continues to be ignored, when a crisis strikes, hasty panic responses, emergency forks, and even civil wars within the community may destroy institutional trust in Bitcoin even before the quantum attack itself.

Carter's remarks quickly sparked community discussions. Bitcoin Core developer Jameson Lopp responded by saying, "I have been publicly discussing the risks posed by quantum computing to Bitcoin for 18 months. My main conclusion is: I sincerely hope that the development of quantum computing can stagnate or even recede, because the transformation of Bitcoin to adapt to the post-quantum era will be very tricky for many reasons.

However, this viewpoint has also sparked considerable controversy. For example, Blockstream CEO Adam Back criticized Carter for exaggerating people's concerns about the potential threat of quantum computing to Bitcoin. Bitcoin expert Pledditor stated that Carter is deliberately creating anxiety, as his fund (Castle Island Ventures) invested in a startup that sells tools for transitioning blockchain to be resistant to quantum attacks.

Quantum challenges from multiple perspectives, time judgment, technical responses, and implementation difficulties.

Regarding whether quantum computing poses a threat to Bitcoin's security, Bitcoin OGs, VCs, asset managers, and industry professionals have all provided different judgments. Some believe this is an imminent systemic risk, while others see it as an exaggerated technological bubble. There are also those who think that the quantum threat may actually strengthen Bitcoin's value narrative.

For general investors, there is only one core question: when will the threat arrive? The current mainstream consensus in the industry tends to suggest that there is no need to panic in the short term, but long-term risks do exist.

Grayscale clearly stated in the “2026 Digital Asset Outlook” that despite the real existence of quantum threats, this is merely a “false alarm” for the market in 2026 and will not affect short-term valuations; F2Pool co-founder Wang Chun bluntly mentioned that quantum computing is currently still a “bubble,” and even following Moore's Law, it will take 30 to 50 years to substantially break Bitcoin's encryption standard (secp256k1); a16z also indicated in the report that the likelihood of computers capable of breaking modern encryption systems appearing before 2030 is extremely low; the likelihood of Adam Bitcoin advocates appearing is extremely low; the likelihood of Adam Bitcoin appearing is extremely low; Back also holds an optimistic view, believing that Bitcoin is secure for at least 20 to 40 years, and that NIST (National Institute of Standards and Technology) has approved post-quantum encryption standards, giving Bitcoin sufficient time for upgrades.

However, Charles Edwards, the founder of the cryptocurrency asset management company Capriole Investment, issued a warning, believing that the threats are more imminent than generally recognized. He urged the community to build defensive systems before 2026, otherwise being late in the quantum race could lead to Bitcoin “going to zero.”

When quantum attacks arrive, the size of the risk depends on how Bitcoin is stored and how long it has been held. Long-term Bitcoin holders Willy Woo and Deloitte have pointed out that P2PK (direct public key, currently holding about 1.718 million BTC) addresses will be disaster zones. The reason is that early Bitcoin addresses (such as the one used by Satoshi Nakamoto) directly expose the full public key on-chain when spending or receiving. Theoretically, quantum computers could reverse-engineer the private key from the public key. Once the defense line is breached, these addresses will be the first to be affected. If not transferred in time, these assets may be “targeted for elimination.”

But Willy Woo also added that the newer types of Bitcoin addresses are not as susceptible to quantum attacks because they do not expose the full public key on-chain; if the public key is unknown, quantum computers cannot generate the corresponding private key. Therefore, the vast majority of ordinary users' assets will not immediately face risks. If the market experiences a flash crash due to quantum panic, it will be a good opportunity for Bitcoin OGs to enter.

From a technical perspective, there are already solutions in the market, such as upgrading to quantum-resistant signatures, but as mentioned earlier, the problem lies in the difficulty of implementation.

a16z recently pointed out sharply that Bitcoin faces two major practical dilemmas: first is governance inefficiency, the upgrades of Bitcoin are extremely slow, and if the community cannot reach a consensus, it may lead to a destructive hard fork; second is the initiative of migration, upgrades cannot be passively completed, users must actively transfer their assets to new addresses. This means that a large number of dormant coins will lose protection. It is estimated that the number of Bitcoins that are vulnerable to quantum attacks and may be abandoned amounts to millions, with a value of up to hundreds of billions of dollars based on current market value.

Charles Hoskinson, the founder of Cardano, also added that the full deployment of quantum-resistant encryption is costly. The quantum-resistant encryption scheme itself was standardized in 2024 by the National Institute of Standards and Technology (NIST) in the United States, but in the absence of hardware acceleration support, its computational costs and data scale will significantly reduce blockchain throughput, potentially leading to about an order of magnitude performance loss. He pointed out that determining whether the risks of quantum computing have reached a usable stage should rely heavily on DARPA's quantum benchmarking program (expected to assess feasibility in 2033). Only when the scientific community confirms that quantum hardware can stably execute destructive computations will there be an urgent necessity to fully switch encryption algorithms. Acting too early merely wastes scarce on-chain resources on immature technologies.

Michael Saylor, co-founder of Strategy, responded by stating that any changes to the protocol should be approached with extreme caution. The essence of Bitcoin is a monetary protocol, and its lack of rapid changes and frequent iterations is its strength, not a flaw. Therefore, modifications to the Bitcoin protocol must be extremely conservative and ensure global consensus is reached. “If you want to undermine the Bitcoin network, one of the most effective ways is to provide a group of exceptionally talented developers with unlimited funding to continuously improve it.”

Saylor also stated that as the network eventually upgrades, active bitcoins will be moved to secure addresses, while those bitcoins that have lost their private keys or are inoperable (including those locked by quantum computers) will be permanently frozen. This will lead to a reduction in the effective supply of bitcoins, making it even stronger.

From theory to practice, public chains initiate the battle against quantum threats.

Although the quantum storm has not yet arrived, public chains have already launched a defense battle.

In the Bitcoin community, on December 5 this year, researchers Mikhail Kudinov and Jonas Nick from Blockstream published a revised paper proposing that hash-based signature technology may be the key solution to protecting the Bitcoin blockchain, valued at $18 trillion, from quantum computer threats. The researchers believe that hash-based signatures are a compelling post-quantum solution because their security relies entirely on mechanisms similar to the hash function assumptions already present in Bitcoin's design. This scheme has undergone extensive cryptanalysis in the post-quantum standardization process by the National Institute of Standards and Technology in the United States, enhancing the credibility of its robustness.

Ethereum has incorporated post-quantum cryptography (PQC) into its long-term roadmap, particularly as an important goal of the Splurge phase, to address the threats posed by future quantum computing. The strategy employs a layered upgrade, utilizing L2 as a testing sandbox for running quantum-resistant algorithms, with candidate technologies including lattice-based and hash-based cryptography, ensuring a smooth transition while protecting L1 security. Recently, Ethereum co-founder Vitalik Buterin warned again that quantum computers could potentially break Ethereum's elliptic curve encryption by 2028. He urged the Ethereum community to upgrade to quantum-resistant encryption within four years to protect network security, recommending that innovation efforts focus on layer two solutions, wallets, and privacy tools rather than frequently changing the core protocol.

Emerging public chains are also putting quantum-resistant solutions on the agenda. For example, recently Aptos announced a proposal AIP-137 to introduce a quantum-resistant signature improvement plan, which aims to support quantum-resistant digital signature schemes at the account level to address the long-term risks that the development of quantum computing may pose to existing cryptographic mechanisms. The proposal will be introduced as an optional form and will not affect existing accounts. According to the proposal, Aptos plans to support the hash-based signature scheme SLH-DSA, which has been standardized as FIPS 205;

The Solana Foundation recently announced a collaboration with post-quantum security company Project Eleven to advance the quantum security framework of the Solana network. As part of the collaboration, Project Eleven has conducted a comprehensive quantum threat assessment of the Solana ecosystem, covering core protocols, user wallets, validator security, and long-term cryptographic assumptions, and successfully prototyped and deployed a Solana testnet using post-quantum digital signatures, verifying the feasibility and scalability of end-to-end quantum-resistant transactions in real-world environments.

Cardano is currently adopting a gradual approach to address the future threats of quantum computing, such as establishing post-quantum checkpoints for the blockchain using the Mithril protocol, increasing redundancy without impacting the current performance of the mainnet. Once hardware acceleration matures, post-quantum solutions will be gradually integrated into the main chain, including comprehensive replacements of VRF, signatures, and more. This approach is like placing a lifeboat on the deck first, then observing whether a storm actually forms, rather than hastily converting the entire ship into a sluggish steel fortress before the storm arrives.

Zcash has developed a quantum recoverable mechanism that allows users to migrate old assets to a more secure post-quantum mode.

In general, although the quantum crisis has not yet arrived, the acceleration of its technological evolution is an undeniable fact. Defensive strategies are becoming a reality that cryptocurrency projects must face, and more public chains are expected to join this battle of offense and defense.

(The above content is excerpted and reproduced with authorization from our partner PANews, original link __)

_
Disclaimer: This article is for market information only. All content and opinions are for reference only and do not constitute investment advice, nor do they represent the views and positions of the blockchain. Investors should make their own decisions and trades, and the author and the blockchain will not bear any responsibility for any direct or indirect losses incurred by investors' trades.
_

Tags: ECC Nic Carter Bitcoin public key post-quantum elliptic curve cryptography algorithm cracking hard fork private key supercomputer quantum quantum computing