For new keys. But how do you provide quantum security for old private keys?

Outsurce to FBTC and sue the shit out of them if they lose the assets.

(Semi srs.)

The network will always find a way.
I will have the new keys. It’s not really my problem.

There will be only 21M Bitcoin.. risk that old and lost coins will be added to the pool again. Nothing changes fundamentally. Maybe some price volatility.

I don’t see this as an issue. At some point, if the quantum risk becomes real, everyone will migrate their old keys to a new quantum resistant one.

The new keys need to be registered early so that ownership cannot be disputed and/or keys cannot be stolen.

You can even do this on-chain: sign your new quantum keys with existing keys and publish it on the blockchain. There’ll be a few issues to settle on protocols and corner cases and find the right trade-off between flexibility and security.

Or maybe an easier way is to define the new quantum key standard and then you simply do a transfer from the old bitcoin address to the new quantum addresses.

Not sure if that is even possible. My guess is that the prime factors of big numbers can be calculated up from Q-day and then you can forget all kind of public/private encryption like for signing. You probably still can do private encryption but how do you exchange keys?

Banks can probably react with some kind of private keys per client, but the way we know encryption/security on the internet will be over.

The problem is not my or your wallet, but the millions of currently lost bitcoins lying around in wallets that no longer belong to anyone (key lost, dead, thrown away when BTC was worthless). If you can get them, this will lead to inflation because there will be new Bitcoins on the market.

Then all that remains is the “solution” from @stojano, live with it:

IMO, not an issue. It is a one time adjustment.

Quantum resistant algos have been in existence for a long time.

See here: Introduction

First PQCrypto conference was back in 2006.

Very interesting, thanks. Even I don’t understand all and of course the change of protocols will take some time.

The paper says “we have still some public key systems”. This is essential, but if they are already described today, what makes us thing if Q can break the prime factor code that it cannot break those other systems?

because the quantum computer runs Shor’s algorithm which can efficiently solve discrete log and prime factorization. These are the underlying trapdoor functions which current public key systems use.

the PQ resistant algos use different mathematical structures for security and so are not broken by Shor’s algorithm. But once more widely adopted, surely will come under increased attack so we can’t rule out future mathematical breakthroughs.

it’s also worth noting that a small fraction of internet traffic is already secured by PQ algos. no doubt 3 letter agencies are currently storing internet traffic so that they can decrypt it in the PQ world (store now, decrypt later attack).

the more paranoid already secure with both to avoid this and in fact use both traditional and PQ algos - just in case the PQ algorithms are broken, but we don’t realise it yet.

I’m waiting to buy Bitcoin between 70-50k USD in 2026

Noteworthy article on the intricacies of the quantum threat for Bitcoin

• There will be a sequence of events, with certain wallets/setups being more vulnerable
• Meaningful quantum threat is still many years (>5) away
• As with many things, eroding trust might swing the topic long before.

Would you mind pasting the article for those of us who don’t want to register?

Bitcoin’s Quiet Problem: Gold Up 100% in 1 Year, Dollar at a 4-Year Low. Why Is Bitcoin Stalling?

1024×744 123 KB

Raph Antoine

Updated: January 29, 2026

Share

ETF issuers call out the threat. Institutional Investors started removing allocations to Bitcoin from their model portfolios.

Despite the weakest US Dollar in 4 years, loss of faith in the current system and historical rallies in gold (+100% in one year), silver (+250%), and other commodities – a market environment tailor-made for Bitcoin to shine – Bitcoin’s performance has been disappointing.

Not only does the macro environment appear supportive, but even the U.S. government’s stance has reduced some of the headwinds Bitcoin faced in the past. So why has Bitcoin disappointed?

While investors have come to expect Bitcoin’s wild price swings – volatility is a feature, not a bug -there’s a more ominous risk quietly emerging in the background: quantum computing.

ETF issuers, including BlackRock, began flagging this threat. Institutional players, such as Jefferies, have gone as far as removing their 5-10% Bitcoin allocations altogether from their model portfolios in January 2026.

In this piece, Kumiko’s questions will unpack what’s truly at stake, while Ethan walks us through the most plausible scenarios ahead. Let’s dive in.

Important note: This article focuses exclusively on Bitcoin and does not address risks associated with other digital assets. It highlights selected potential threats posed by quantum computing and is not intended to be a comprehensive overview of all possible vulnerabilities.

KEY TAKEAWAYS

• Bitcoin’s Achilles’ heel – is its Elliptic signature scheme, because a sufficiently powerful quantum computer could one day “fabricate a working key out of thin air” by reversing public keys. Initially, only coins whose public keys have already been propagated onto the blockchain are on the menu. Hashed addresses stay safely off the radar. But, if trust and Bitcoin’s price drops you will be indirectly affected, as panic may set in.

• As of January 2026, 33% of Bitcoin supply is vulnerable. About 7 million coins already have their public keys exposed, making them prime quantum targets. But once the tech advances, quantum may crack private keys faster than Bitcoin’s 10-minute block time, and every transaction becomes fair game. And that’s game over because you won’t be able to cash out.

• Decentralised networks need years to adapt. Upgrading to quantum-safe addresses may be possible, but is a race-against-the-clock. Complacency by some developers means quantum could blindside even its biggest backers. The popular counterargument relating to traditional banking, defense and intelligence also relying on encryption doesn’t hold either. These institutions are centralised and already preparing for a post-quantum world.

• BlackRock’s IBIT ETF prospectus flagged risks in last year’s update. Jefferies and some Institutional Asset Managers removed its allocation in January 2026. And this is despite a 2026 macro environment tailor-made for Bitcoin to shine. Yes, quantum risk may be a few years away, but timing may surprise. Most investors still breeze past the fine print. They should start paying attention.

What is BITCOIN’S WEAK LINK?

fabricating a working key out of thin air

Kumiko: I heard quantum could break Bitcoin’s security. But I haven’t found a single resource that lays out in simple terms what the risk is. Can you help?

Ethan: Absolutely. Let’s break the topic down step by step. First, it helps to know how Bitcoin stays secure: it relies on two cryptographic tools – one for authorizing transactions, and one for mining blocks.

Kumiko: Okay. What are those two called?

Ethan**:** ECDSA – that’s the Elliptic Curve Digital Signature Algorithm. It’s what you use to sign a transaction from your wallet. Then, there is SHA-256 output. Bitcoin miners use it in the proof-of-work puzzle.

Kumiko: Are those equally vulnerable?

Ethan**:** Not at all. SHA-256 would get only a modest speed-up from quantum algorithms – so mining might get easier, but not catastrophically so. ECDSA, on the other hand, is dramatically weaker under a large-scale quantum computer: Shor’s algorithm would let an attacker recover a private key from its public key.

Kumiko: So ECDSA is the “weak link.” Why is it at risk?

Ethan: Imagine you store Bitcoin in your house with a locked door. Your private key is the unique key that opens it. The public key is your house. The house door design is out there in the open, so anyone can check whether a given key will fit. But, only you hold the private key; without it, no one can open the door or spend the coins inside.

Kumiko: If only I hold the private key, how could anyone ever forge my transaction signature?

Ethan: Right now, that’s effectively impossible. Without the private key, you simply can’t sign a valid transaction.

Kumiko: What about quantum computers?

Ethan: That’s where things get interesting. Classical computers can’t derive your private key from any information on the network. A powerful enough quantum computer, however, could one day run an algorithm to reconstruct your private key just from your house “door” – almost like fabricating a working key out of thin air. Wild, isn’t it?

WHICH COINS ARE VULNERABLE?

everyone is not equally exposed

Kumiko: So is every Bitcoin wallet at risk?

Not initially. Only those whose public keys are already exposed on-chain. If no one knows which door the key is designed for (i.e. your public key hasn’t been revealed), they can’t craft a key to your specific door.

Kumiko: But wait – aren’t all addresses public so miners can validate every transaction?

Ethan: It’s a misconception. It worked like that in the early days, but not anymore. Many modern Bitcoin addresses are of the form P2PKH (Pay-to-Public-Key-Hash) or similar, meaning the blockchain only shows your public key – your house door – when you spend from that address. In essence, until you spend no one can know your home address – in theory, you’re safe!

Kumiko: How did I initially send Bitcoin to my Ledger from Coinbase without a public key?

Ethan: Great question. In the early days of Bitcoin, you had to input the public key to send Bitcoin to it. That’s how Satoshi did it. But for a number of years now, with the modern addresses, you send Bitcoin to a public key’s hash, not the raw key.

Think of it this way. If you want to send me a Bitcoin, I can give you a P.O. box number. You drop Bitcoin to my P.O. box using the box ID (the hash), but you never see my home address (my public key) where I store Bitcoin. I may just pick up the Bitcoin from the P.O. Box the same day and hide it at home. No one in the Bitcoin network will know which is my door so they can’t crack it.

Receiving bitcoin: Quantum can’t crack a lock if it doesn’t know which door to open

1629×1616 284 KB

Kumiko: So, even with quantum computers, attackers don’t know where your Bitcoin is?

Ethan: Sort of. Because I only gave you and the blockchain network my P.O. Box, not my home address. So, they can’t break my house door. Quantum computing can potentially unlock my home’s door, but it needs to know where I live. An attacker only sees the hash (the P.O. Box).

Kumiko: In the meantime, is the P.O. Box Safe?

Ethan: Yes, it is much safer than a house door lock, because it uses the SHA-256 algorithm I mentioned which is much more difficult to crack.

Kumiko: But what if you want to send it to Chewy?

Ethan: Chewy is a wise Golden Retriever. He will use a P.O. Box and will be protected. But, as for me as a sender, I will have to reveal my public address. The Bitcoin network needs to match my public key with my private key to verify ownership. But, when my public key appears on-chain, the risks start.

SENDING bitcoin: Bitcoin’s Achilles’ heel

1680×1503 192 KB

How many bitcoins are vulnerable?

Kumiko: So only addresses that sent Bitcoin in the past are exposed?

Ethan: Not quite. Remember that initial Bitcoiners like Satoshi sent Bitcoin directly to a public key without using hashing. They are exposed as well.

Kumiko: How many Bitcoins are at risk?

Ethan: According to Project 11 estimates, close to 7 million Bitcoin – roughly 33% of supply – are held in addresses with exposed public keys as of January 2026, meaning those coins would be low-hanging fruit for a quantum attack.

VULNERABLE BITCOIN ADDRESSES

1218×416 23.8 KB

How can i protect my bitcoins?

ETFs, reused addresses & Hashing

Kumiko: How can I protect my wallet if I spent from it in the past?

Ethan: If you’ve spent from it in the past (e.g. partial spending), make sure to empty it and send to a brand new PO Box. Your public key is hashed and remains undisclosed.

Kumiko: Am I protected if I invest through an ETF?

Ethan: If you hold Bitcoin with institutional-grade protection (e.g. U.S. ETF like BlackRock’s IBIT or European ETP equivalent) you are likely protected.

Kumiko: What if I bought on Coinbase and transferred to my Ledger wallet?

Ethan: You need to verify the initial transaction with a block explorer like blockchain.com. Input the destination address and the site tells you whether this address was used to send Bitcoin in the past. The site also confirms whether hashing (a PO Box) was used (any type with H is likely safe e.g. P2PKH, P2WPKH, P2SH). The good news is that most software today like Ledger automatically creates new addresses for each transaction (each seed phrase can have millions of addresses), so like most Bitcoin holders you’re likely protected. But, it’s better to double check.

How can i check if my address is vulnerable?

Pay-to-Public-Key (P2PK)	Not always supported by most wallets.	1.9 M (9 %)	High
Pay-to-Taproot (P2TR)	Modern wallets support P2TR.	0.02 M (0.1 %)	High
Pay-to-Public-Key-Hash (P2PKH)	Some wallets may not support the format.	8.3 M (43 %)	Low
Pay-to-Script-Hash (P2SH)	Can be used today in some wallets.	4.6 M (24 %)	Low
Pay-to-Witness-Public-Key-Hash (P2WPKH)	Widely used today.	3.8 M (20 %)	Low
Pay-to-Witness-Script-Hash (P2WSH)	Widely used today.	0.8 M (4 %)	Low

*As of Q1’2024. Source: River Financial, Bankeronwheels.com

What is BITCOIN’S ENDGAME?

Your protections matter less in the long run

Kumiko: But 33% of Bitcoin is exposed in 2026. Is it enough to erode trust in the technology?

Ethan: Absolutely. Early and reused addresses—which by some estimations represent 25% of all Bitcoin—would be low-hanging fruit. Expect waves of theft as attackers systematically drain vulnerable addresses. Today, Bitcoin’s value depends on the assumption that funds are secure unless you reveal your private key. If that assumption fails, investors lose faith. You’d see an immediate collapse in price as holders scramble to exit, and before protected addresses get threatened as well.

Kumiko: That doesn’t sound good. At which point is it game over for Bitcoin?

Ethan: If it takes a few weeks to crack revealed public addresses, those are the only one directly exposed. Indirectly, the network will likely already massively suffer. But, once a quantum computer gets fast enough to crack your private key in under Bitcoin’s 10-minute block time, it’s game over for everyone.

Kumiko: Wait. Why? I still haven’t revealed my public key!

Ethan: Yes, but at some point, even the protected addresses like yours may want to cash out. Once you broadcast a spend– for example to cash out into FIAT – your public key is revealed in the transaction data. As quantum computers become even faster and can derive the private key in, say, 5 minutes, they forge their own competing transaction and get it mined before yours confirms. As soon as quantum breaks the key faster than the network confirms blocks, no spend is safe—every broadcasted transaction can be front-run and stolen. So the tipping point for everyone is when Time to Crack ≤ Block Confirmation Time (≈10 minutes). Until then, hash-only addresses buy you time.

Get Independent Insights For Individual Investors

If you’ve enjoyed our high-quality guides, you will love Europe’s best Wise Investing newsletter even more. Join tens of thousands of individual investors who trust us.

Every Saturday morning with your coffee, enjoy FREE:

Investing guides & tools
Curated insights on investing strategies, ETFs, brokers, early retirement & lifestyle
Exclusive articles crafted for wise investors like you

Bonus: FREE Portfolio Checklist! Sign up today and receive a FREE 2-page checklist to:

• Build & monitor an efficient portfolio

• Clean up your personal finances.

We respect your privacy and never spam. Try it. Feel free to unsubscribe at any time.

SUBSCRIBE

What are POPULAR COUNTERARGUMENTS?

#1 There are other things to worry about

Kumiko: Surely, there will be worse things to worry about if this happens?

Ethan: That’s one argument I hear a lot, but I don’t buy it. While indeed most of modern cryptography in banking, defense, intelligence etc. relies on similar algorithms, the issue is that these are centralized systems, that can be unilaterally upgraded. In fact, some banks and institutions like HSBC or JP Morgan have already started working on post-quantum encryption. Even my VPN is already quantum-ready. But, Bitcoin is decentralized. In fact, BlackRock has updated its IBIT ETF filing with the SEC as of May 2025 (see below) explicitly warning that any changes would require “broad consensus” and there’s no assurance that that would be achieved timely.

Kumiko: That’s just formality, no? Shouldn’t an ETF prospectus highlight all risks anyway?

Ethan: That’s right, many people disregard these warnings as simply a compliance “tick box” exercise. But from my professional experience one difference between successful and unsuccessful investors is that the former read the fine print, and plan accordingly.

BlackRock’s IBIT ETF Prospectus before May 9, 2025

1024×187 55.3 KB

BlackRock’s updated IBIT ETF Prospectus on May 9, 2025

1024×188 157 KB

Kumiko: Can we migrate to quantum-proof addresses?

Ethan: In theory, yes. let’s say Bitcoin does introduce a new quantum-resistant address type. That alone isn’t enough – users must then move their funds to those new addresses to be safe. This is a massive coordination problem. Some fraction of coins are in abandoned wallets or with owners who won’t get the memo. Imagine if Satoshi’s long-dormant coins for which public keys are known or other early big stashes got stolen – it could flood the market or at least severely hurt confidence. Bitcoin can handle on the order of only ~5-7 transactions per second. Migrating, might take months or years. Some research has looked at using batched transactions or layer-2 solutions to alleviate this, but it’s non-trivial.

#2 We will have time to adapt

Kumiko: Surely there will be warnings ahead and key holders rally behind a solution!

Ethan: Possible, but highly uncertain. I think it’s actually the opposite. First, given the stakes – not only for Bitcoin but cryptography in general – the organisations behind the technological leap will have all incentives – financial, geopolitical and others – for it to be a surprise. Second – compared to Governments or Banks – the Bitcoin community is currently complacent. And Bitcoin should be miles ahead of the pack given that it will take years to for a decentralised network to reach consensus. Remember – you need to get everyone on board: miners, developers and investors! Instead, one of its largest holders – Strategy’s Michael Saylor regularly downplays the threat instead of rallying institutions to actively prepare for it. Given these statements, I started questioning whether he really is in for the long run.

Qubit Growth Estimates according to Moore’s Law

Source: introtoquantum.org

Kumiko: How imminent is this threat?

Ethan: Quantum computers in 2026 are not yet at the level to break Bitcoin’s cryptography. The most advanced machines like IBM’s have on the order of a few hundred noisy qubits. Estimates vary, but research from University of Sussex projected that it would require 13 million qubits (with error-correction) to crack the key in one year and 300 million qubits to crack a Bitcoin private key within 1 hour. That’s many orders of magnitude beyond current tech. Based on Moore’s law we shouldn’t expect a quantum computer capable of this for perhaps 5–15 years. But progress in quantum computing is unpredictable – breakthroughs (like those announced by Google and Microsoft in 2025) could accelerate timelines. In fact, AI and new techniques can also speed up the process. A 2025 paper suggested how a significant reduction of qubits can be put in place.

Kumiko: What are you doing with your Bitcoin exposure?

Ethan: Everyone needs to assess Bitcoin merits based on their own risk profile and perform their own due diligence. Bitcoin as an asset in a portfolio may make sense as explained before, but clearly if this tail risk is not addressed, I will become more cautious. In the meantime, I’m auditing exposed addresses — running my wallets through a block-explorer tool to ensure none of my public keys are already on-chain, and rebalancing my portfolio to risk targets so Bitcoin doesn’t overly affect portfolio volatility but also that I’m comfortable losing it all in the worst case scenario. Below are some key considerations.

KEY considerations

• Always rebalance your portfolio to comfortable risk targets, so you never exceed your personal risk tolerance.

• Audit your addresses – Run every active receiving address through a block explorer to see if its public key is exposed.

• Prefer hash-only addresses – Use modern address types which hide your public key until spending. Keep software updated.

• Monitor ETF & custodian disclosures – For explicit quantum-risk warnings and response plans.

• Stay informed on quantum progress – Follow trusted sources (academic papers, Big Tech quantum announcements) to gauge when qubit counts approach dangerous threshold.

• Advocate for post-quantum upgrades - including institutional custodians to push for quantum-resistant signature schemes and soft forks.

Join me in sharing awareness about the risks.

The good news is that there is still some time left. Keep in mind that Bitcoin has already weathered significant protocol upgrades—SegWit, Taproot, and others—even though those were much less complex than altering its signature algorithm. Bitcoin has forking capacity, a vibrant developer community, and high-stakes institutional backers. Mitigation paths exist, but leaders in this space must accelerate work on post-quantum encryption before it’s too late.

We have time to switch to PQ algorithms now. Currently, there’s not much urgency as practical attacks are likely years away and we will get warnings ahead of time.

I don’t think the drop in BTC has anything to do with anything. There was no fundamental reason for it to go to 125K , it was mainly speculation that new administration would make big steps to make it something more than what it is. And hence there is no reason to be concerned when it’s down. Perhaps MSTR is struggling to raise money to keep piling as its investors at peak have suffered 69% decline.

i actually think lot of speculative money is now going into AI. So there isn’t much left to invest in BTC. Hardcore BTC lovers would stay invested but folks who were expecting 100% return per annum need to look for alternative bets. Open AI is worth trillion and have negative earnings and also not much revenue to back this valuation. So I am assuming all the cash burn is funded by investors.

Also I think a bunch has moved to predictions markets. The retail hype is just much lower now.

I no longer post here not to upset my buddy stojano, but I’ll make an exception: few months ago a friend who’s a BTC maxi shared “BTC essentially does nothing, it’s like digital gold”. For the record, he’s been saying for years about “all the great things that’ll be, or are JUST AROUND THE CORNER to be built on BTC, ETH”.

Now the statement “it does nothing” is telling (me) that the hype of adoption, trading goat blood and fruit for BTC in exotic lands, tokenisation, w3, NFTs was, indeed, uneducated claptrap and a veneer for rug pulls.

I can settle with “digital gold”. Don’t have any gold anymore (digital or otherwise) as it has negative carry and zero cashflow so it’s a speculative asset.

I read two funny sentences in the weekend:

• last chance to buy above 75k
• BTC is going to 1,000,000…market cap

Happy hunting!

Sooner or later BTC and all other “coins” will follow the destiny of NFTs, if anyone can still remember them?

Hey bro, don’t hold back. I will not be upset… probably

I still believe in Bitcoin and I don’t care a lot about the fud. Every month, I will have more Bitcoin than one month before. Just for my wife’s mental sake, I keep a little bit more CHF, gold and some Swiss stocks (just because now we have a much larger amount in CHF as it was during the last bear market).

I keep an eye on the developments in the Bitcoin “industry” (mostly here in Lugano or wider in Switzerland and Europe, much less in the US), but reduced overall consumption of “news”.

So go ahead!

I’ll start sweating, when my favorite Bitcoin Twitter gods start…