Bitcoin Should Start Defending Against Quantum Attacks Today, Coinbase Warns
Coinbase’s quantum advisory council is pressing blockchain developers to move now on post‑quantum security, arguing that the industry cannot afford to wait for perfect agreement on every controversial detail before beginning the technical transition.
In a report released Thursday, the council highlights what it believes could become one of Bitcoin’s most divisive issues in the coming years: how to handle coins whose owners never upgrade to quantum‑safe addresses. Unmoved or “abandoned” funds, and assets locked in outdated cryptography, could turn into one of the ecosystem’s largest battles once powerful quantum computers arrive.
According to the council, the situation is not yet an emergency in a practical sense. No quantum computer currently exists that can break the cryptographic primitives securing Bitcoin, Ethereum, or other major blockchains. However, the timeline for such machines is fundamentally uncertain, and that uncertainty is precisely why the council believes the crypto sector must start acting now. Waiting until the threat is visible and immediate, they argue, will be far too late for a safe migration.
The core concern centers on the cryptography underpinning most public blockchains today. Systems like Bitcoin rely on elliptic curve digital signature algorithms (ECDSA) to prove that a transaction was authorized by the holder of a private key. Quantum algorithms such as Shor’s algorithm, running on a sufficiently capable quantum computer, could theoretically derive private keys from public keys in a feasible timeframe, allowing attackers to seize funds or impersonate users.
This vulnerability is especially serious for addresses whose public keys have already been revealed on‑chain-for example, after coins have been spent at least once. While best practices in Bitcoin encourage the use of new addresses and keep public keys hidden until needed, enormous amounts of value still sit in conditions or address types that may, in the long run, be exposed to quantum attacks.
The council’s message is that the technical groundwork for quantum‑resistant upgrades must be laid well before any such machine exists. Designing, testing, and deploying new cryptographic schemes is a multi‑year process. Implementations must not only be mathematically sound, but also practical, efficient, and compatible with existing infrastructure and user behavior. These are not changes that can be rushed in the middle of a crisis.
One of the most contentious open questions is what to do about users who never migrate to quantum‑safe addresses. Some coins belong to holders who have lost their keys or died. Others are simply forgotten, trapped in custodial arrangements, or controlled by entities that may be slow to react. Still others may be “hodlers” who deliberately refuse to move their funds. If a future upgrade introduces quantum‑safe address formats or new transaction rules, but large numbers of coins remain in older, vulnerable formats, those coins could become prime targets once quantum computers mature.
Should the ecosystem treat those coins as fair game for anyone who can break them, effectively allowing quantum attackers to claim abandoned funds? Should there be special protocols or grace periods to protect them? Or should the rules eventually invalidate unprotected coins entirely to reduce systemic risk? The report suggests this debate is likely to intensify, yet warns that the industry cannot postpone all technical progress until social and ethical consensus is perfect.
The council’s position is to decouple these two layers of the problem. On one side lies protocol engineering: integrating post‑quantum cryptography into Bitcoin, Ethereum, and other networks, offering new address types and transaction formats that resist quantum attacks. On the other side lies policy and governance: deciding how to treat coins left behind on legacy cryptography. Developers and researchers, they argue, should advance the first regardless of delays or disagreements around the second.
From a purely technical standpoint, a “post‑quantum migration” would involve gradually adding new signature schemes and key formats that cannot be efficiently broken by known quantum algorithms. Candidates include various lattice‑based, hash‑based, and multivariate schemes, as well as hybrid approaches that combine classical and post‑quantum signatures in a single transaction. The immediate goal is not to flip a single switch, but to give users and services the option to start moving to stronger security ahead of time.
On Bitcoin, such a transition would almost certainly require consensus changes, likely introduced through soft‑fork upgrades that are compatible with existing rules. That means broad agreement among miners, node operators, wallet providers, and exchanges. Achieving this kind of coordination has historically taken years, even for comparatively simple changes. For something as foundational as the signature scheme securing trillions of dollars in value, the process will be even more cautious and deliberate.
The challenge is compounded by user experience and infrastructure issues. Wallet software, hardware devices, custodians, and payment services will all need to support new key types and transaction formats. Users must be educated about why they should move funds, how to do so safely, and what risks they face if they do nothing. For institutions holding large treasuries, compliance and operational policies would need to be updated as well. None of this can be improvised at the last moment.
The council also stresses that uncertainty around quantum timelines is not a reason for complacency. Optimistic estimates of quantum progress suggest that machines capable of attacking popular cryptosystems might be decades away; more pessimistic models warn that breakthroughs in error correction, qubit scaling, or algorithmic optimization could compress that timeline dramatically. Since the industry cannot reliably predict which path reality will follow, the only prudent strategy is to assume preparation time is limited.
Another concern is the risk of a “stealth quantum advantage.” Even if public information suggests that powerful quantum computers are distant, an actor with secret access to more advanced hardware than the rest of the world believes possible could begin quietly attacking vulnerable funds. In that scenario, sudden unexplained coin movements or wallet drains might be the first visible sign. Building quantum‑safe options ahead of time reduces the potential damage from such a surprise.
The social dimension of unmigrated coins is likely to be particularly explosive. Some of the largest Bitcoin addresses appear inactive and may be permanently lost. If a future quantum computer could crack those addresses, the appearance of massive new selling pressure could destabilize markets and undermine trust. At the same time, declaring those coins invalid or “expired” without clear consensus would be seen by many as violating the core principle that Bitcoin’s rules are predictable and neutral.
Developers, therefore, are stuck between competing priorities: protect the system from catastrophic quantum theft, or preserve the sanctity of legacy addresses even if they are weak by future standards. The council suggests that this tension is inevitable, but that deferring fundamental research and protocol design because of it would be irresponsible.
One workable path is a phased strategy. First, blockchains introduce optional quantum‑resistant address types and transaction formats, allowing early adopters and major custodians to move high‑value funds. Second, infrastructure gradually defaults to these stronger options for new wallets and new users. Only much later, and only if the quantum threat becomes imminent, would the ecosystem seriously consider coercive measures for remaining coins on legacy cryptography-if it decides to take that step at all.
This phased approach allows the majority of economic value to be secured without forcing an immediate philosophical resolution on stuck or abandoned coins. It also buys time. If, over a decade or more, most active capital voluntarily migrates, the systemic risk posed by unmoved funds is reduced, and any eventual policy debate becomes more manageable.
The report implicitly underscores another risk: fragmentation. If different parts of the crypto world adopt incompatible post‑quantum standards, or disagree on how to treat old coins, networks could diverge in both technical and social terms. Coordinated planning between Bitcoin, Ethereum, and other major chains could help avoid a chaotic patchwork of security practices and unpredictable cross‑chain dynamics.
Beyond signatures, the quantum transition touches other parts of blockchain design. Hash functions, key derivation mechanisms, and certain privacy technologies may also require review under a post‑quantum lens. While many hash functions are believed to be relatively more resistant to quantum speedups than signature schemes, they still face theoretical performance hits, and choices made today could lock the ecosystem into suboptimal designs.
For average users and long‑term holders, the council’s message translates into a simple principle: inertia is a risk. As post‑quantum options become available in mainstream wallets and services, ignoring them will eventually mean accepting a growing probability that current security assumptions will fail within an investment horizon. Long‑term savings, inheritance plans, and institutional reserves are particularly exposed if they rely on static addresses for many years.
In the end, Coinbase’s quantum advisory council is not sounding an alarm that Bitcoin or Ethereum are about to be broken tomorrow. Instead, it is arguing that the window to manage this transition calmly, thoughtfully, and without panic is already open-and closing slowly. The cryptography securing digital assets today is strong against current hardware, but history suggests that once a new class of computer becomes viable, change happens faster than most expect.
By starting migration work now, blockchains can preserve their core promises of security and predictability in a post‑quantum era. If they wait until the threat is obvious to everyone, those same promises could be tested under the worst possible conditions: rushed decisions, fragmented responses, and a scramble to protect trillions in value from a technology the ecosystem had years to prepare for.