The quantum computing conversation around Bitcoin has been running hot ever since Google published its research last week compressing the estimated timeline for a credible quantum threat.
But while most of the attention has focused on the technical question, can a quantum computer actually break Bitcoin’s encryption, and when, Grayscale‘s head of research Zach Pandl is pointing to a different problem entirely. One that might be harder to solve.
In a report published this week, Pandl argued that Bitcoin’s path to quantum safety is less a matter of finding the right cryptographic algorithm and more a question of whether the Bitcoin community can agree to actually implement one.
“Bitcoin has lower risk than other cryptocurrencies,” he wrote, citing the network’s use of a UTXO model, which tracks individual coin amounts rather than account balances, its proof-of-work consensus mechanism, and the fact that certain address types don’t expose the public key at all, meaning they’re not vulnerable in the first place.
That’s a nuanced point worth sitting with. Not all Bitcoin is equally exposed. Coins held in addresses that have never been used to send a transaction haven’t revealed their public keys on the blockchain, which means a quantum attacker has nothing to work from. It’s only when a public key is already visible, as is the case with early P2PK addresses, that the vulnerability becomes a live concern.
The real problem, Pandl argued, is the roughly 1.7 million BTC sitting in those early P2PK addresses, a format used by Satoshi Nakamoto and other early miners, where the public key is permanently visible on-chain. Satoshi’s estimated holdings of around 1 million BTC, worth approximately $68 billion at recent prices, are the most discussed portion of this pool, but they’re far from the only coins at stake.
Three options, no easy answer
The Bitcoin community, Pandl wrote, essentially has three options when it comes to these vulnerable coins: burn them outright by rendering the addresses unspendable, slow their potential release by limiting the rate at which funds can be spent from quantum-vulnerable addresses, or do nothing and let the situation resolve itself, or not.
“All are conceptually doable,” he wrote, “but the challenge is reaching a decision, and the Bitcoin community has a history of contentious debates over protocol changes, including last year’s dispute around image data stored in blocks.”
That reference to Ordinals, the technology that allowed images and text to be inscribed onto individual satoshis, sparking a fierce argument about block space usage and Bitcoin’s purpose is a signal about how difficult protocol-level decisions can be in a system that has no central authority, no chief technology officer, and no board vote.
Changes to Bitcoin require broad consensus among miners, node operators, wallet developers, and exchanges. Getting all of those stakeholders to agree on how to handle dormant coins worth tens of billions of dollars is a genuinely different challenge from writing the cryptographic code to do it.
Samson Mow, CEO of Bitcoin technology company Jan3, has added another layer to the debate. Mow warned that post-quantum signatures could be 10 to 125 times larger than current ones, meaning the data required to confirm a transaction under a quantum-resistant scheme would be dramatically bigger.
That size increase would strain block capacity, reduce the number of transactions Bitcoin can process per block, and potentially reignite the block size debate that nearly tore the Bitcoin community apart in 2017.
In that sense, the quantum fix itself carries the seeds of a new community fight. “Simply put,” Mow wrote, “make Bitcoin safe against quantum computers just to get pwned by normal computers.”
That’s a provocative framing, but it captures a real tension. Moving too slowly risks leaving billions worth of Bitcoin vulnerable as quantum hardware improves. Moving too quickly risks destabilizing a network that currently works well, trading one vulnerability for another.
The rest of crypto is already moving
The contrast with other networks is worth noting. Solana and the XRP Ledger are already experimenting with post-quantum cryptography. The Ethereum Foundation published its post-quantum roadmap in February, targeting 2029 for significant protocol-level upgrades. Bitcoin, by comparison, is still at the stage of debating whether to debate it.
A draft Bitcoin Improvement Proposal known as BIP-360 has been circulating among developers. It proposes a new address type called Pay-to-Merkle-Root, designed to remove the public key exposure that makes certain address types vulnerable.
Implementing it, though, would require hardware wallet providers, node operators and exchanges to coordinate, an ecosystem-wide effort that takes time even when everyone agrees on the direction.
Pandl’s conclusion mentioned: “In our view, there is no security threat to public blockchains from quantum computers today,” he wrote, but added that it is “time to get started” and that investors “should not fret” for now, provided the industry uses the available runway wisely.
Three years until Google’s self-imposed deadline. That might sound like plenty of time. Whether it’s enough for the Bitcoin community to move from debate to decision is a different question and historically, the answer there has often been: it takes longer than anyone expected.