Bitcoin Faces Quantum Computing Threat: Could 6.9 Million BTC Including Satoshi’s Be Drained?
April 25, 2026 — Bitcoin, the world’s largest cryptocurrency by market value, may soon confront a formidable risk stemming from the rise of quantum computing, which threatens the cryptographic foundations that secure digital ownership on the network. Experts warn that around 6.9 million bitcoins—nearly one-third of the total supply—are vulnerable to future quantum attacks because their public keys are exposed on the blockchain. This includes the much-discussed holdings of Bitcoin’s pseudonymous creator, Satoshi Nakamoto.
What Exactly Is at Risk?
Bitcoin’s security relies on two types of cryptographic mathematics. While quantum computers cannot yet compromise Bitcoin mining or the blockchain ledger itself—both of which depend on “hashing” math safe from quantum speed-ups—they can theoretically break the math protecting ownership of bitcoins in wallets.
Bitcoin addresses are built using elliptic curve cryptography, which turns a private key into a public key visible on the blockchain for others to see. The private key acts as a “secret” that authorizes spending, and classical computers find it infeasible to reverse-engineer this secret from the public key—taking timescales longer than the age of the universe.
However, a powerful quantum attack known as Shor’s algorithm can invert this process quickly enough to put these private keys at risk. Recent research, including a paper by Google, indicates that the quantum computing resources required to execute this attack are fewer than previously expected, raising the urgency of the threat.
How Large Is the Vulnerable Bitcoin Pool?
The exposed quantum-vulnerable bitcoin total of 6.9 million includes:
- Early bitcoins from the network’s infancy (pre-2011), stored in address formats revealing public keys by default.
- Any wallets that have conducted transactions since the 2021 Taproot upgrade. Taproot improved transaction efficiency and privacy but also resulted in public keys being revealed upon spending, inadvertently expanding the quantum attack surface.
- Most notably, Satoshi Nakamoto’s estimated 1 million bitcoins, untouched since the start of the network, are among these at-risk holdings.
Unlike a scenario where an attacker must race a transaction, a quantum attacker could systematically target these wallets at their own pace, making theft a real possibility once sufficiently powerful quantum computers arise.
How Is Bitcoin Responding?
At present, Bitcoin has no unified or coordinated strategy to counter this looming threat. This is in stark contrast to Ethereum, which since 2018 has maintained a formal post-quantum cryptography (PQC) migration program. The Ethereum Foundation supports multiple developer teams working full-time to transition the network to quantum-safe cryptography, including staged upgrades and testing networks.
Bitcoin proponents have proposed potential solutions, such as:
- BIP-360: This proposal introduces new quantum-safe address types that users could opt into voluntarily.
- A competing BitMEX Research suggestion to establish a quantum attack detection system that would trigger defensive protocol measures if an attack is detected.
However, none of these ideas currently enjoys broad consensus among Bitcoin’s core developers, reflecting the network’s historically cautious, decentralized approach to protocol changes.
The Coordination Conundrum
Bitcoin’s culture of decentralization and resistance to centralized governance complicates rapid adaptations to existential threats. Unlike Ethereum’s foundation-led upgrade process, Bitcoin network changes require broad community consensus and often take years, resisting change except when absolutely necessary.
Crucial open questions include:
- Should the network freeze old address formats after a deadline to prevent theft, even if it means permanently locking certain coins?
- How should exposed coins move to quantum-resistant addresses without revealing ownership and risking front-running?
- What happens to coins whose owners do not or cannot migrate?
These decisions have profound implications, especially for coins in custody by early adopters and Satoshi Nakamoto, whose coins are considered “off-limits” by social agreement within the ecosystem.
Perspectives from Bitcoin Leadership
Nic Carter, a prominent Bitcoin advocate, has publicly criticized the Bitcoin community’s slow response, calling elliptic curve cryptography “on the brink of obsolescence” and praising Ethereum’s approach as “best in class.” Conversely, Adam Back, CEO of Blockstream and an early Bitcoin contributor, acknowledges the threat but calls for measured preparation. He advocates for optional upgrade paths that enable a future migration rather than rushed, emergency reactions.
What Lies Ahead?
According to the recent Google research framing, by the time quantum attacks become actively feasible and visible, it might be too late to respond effectively. The clock is ticking for Bitcoin to coordinate what would arguably be the largest security upgrade in its history.
Ethereum’s years-long head start on this issue illustrates the advantage of early action. Bitcoin’s social governance and resistance to rapid change suggest the network might delay until a crisis emerges, which could be perilous if quantum computing advances more swiftly than anticipated.
The coming years will test whether a decentralized network designed to avoid centralized control can come together to implement essential cryptographic reforms before the quantum threat becomes reality. The stakes are high—not just for the security of billions in bitcoin holdings, but for the future resilience of decentralized digital currency itself.