Not everything in bitcoin is at risk from a quantum computer.
Bitcoin mining, the process by which new blocks are added to the blockchain, uses a form of math called hashing that quantum computers cannot meaningfully break. The ledger itself and the rule that new bitcoin can only be created through mining would survive a quantum attacker. Blocks would still be produced and the chain would continue to run.
What would not survive is ownership.
Bitcoin wallets are protected by a different kind of math that turns a secret private key into a public address that anyone can see. The math works easily one way and not at all the other, which is the only thing stopping a stranger from using your coins.
Part 1 of this quantum computing series delved into physics. A quantum computer is not a faster version of a regular computer. It’s a fundamentally different machine, starting at a very cold, very small loop of metal, where particles behave in ways they don’t behave anywhere else on Earth.
Part 2 went through what happens when you point that machine at bitcoin. Bitcoin wallets depend on a one-way math problem. Transforming a secret private key into a public address takes milliseconds. Going the other way, from the public address back to the private key, would take an ordinary computer longer than the age of the universe.
A quantum algorithm called Shor’s collapses the hole. Google’s paper this month showed that the attack could be run with far fewer resources than anyone had previously estimated, in a window that runs against bitcoin’s own block times.
This piece, the last in the series, is about the response. What’s actually at risk, what bitcoin has done to it, and whether a network built to resist coordinated changes can coordinate the biggest security upgrade in its history before the hardware catches up.
What is revealed, what is certain
The risk pool is large.
About 6.9 million bitcoins, about a third of all that have ever been mined, sit in wallets whose public keys are already permanently visible on the chain. Most of this is early bitcoin from the early years of the network, stored in an address format that published the public key by default. It also includes every wallet ever used from, because spending reveals the key to what’s left.
A quantum attacker does not need to fight an ongoing transaction. Rather, they could work through the wallets with already visible keys at their own pace, one by one. Bitcoin’s pseudonymous creator, Satoshi Nakamoto, has about 1 million bitcoins, untouched since the early days of the network, and this stack is now in the exposed category.
The 2021 Taproot upgrade extended the problem. Taproot is a change to how bitcoin addresses work, intended to make transactions more efficient and more private.
A side effect was that any bitcoin spent since Taproot was activated has published the key that protects everything left at that address. This was not a bug, but a reasonable trade-off at the time when quantum timelines looked much longer than they do now.
What’s coming?
While the quantum threat has sparked heated debate in recent months and other blockchains are preparing, nothing concrete has yet emerged from Bitcoin developers.
Ethereum, which can be considered one of Bitcoin’s biggest competitors among institutional investors looking at the crypto market, has had a formal quantum-resistant program since 2018.
The Ethereum Foundation operates four teams working on the migration full-time, with more than ten independent developer groups deploying weekly testnets. The plan maps out specific upgrades across four upcoming changes to the network, moving Ethereum’s security to new math that quantum computers can’t crack. It has even launched a dedicated website, pq.ethereum.org, to publicize its progress.
Bitcoin has no corresponding strategy so far.
That doesn’t mean there aren’t efforts out there to fix it.
One such formal proposal is BIP-360 from a group of developers and researchers. It would add new quantum-secure address types that holders could voluntarily migrate to. A competing proposal by BitMEX Research would install a detection system that triggers defensive action if a quantum attack is observed on the network.
However, neither has broad support from bitcoin’s core developers, and the two proposals address different halves of the problem.
Nic Carter, one of bitcoin’s prominent proponents, has called it out in recent months.
“Elliptic curve cryptography is on the brink of obsolescence,” Carter wrote on X, referring to the math that secures bitcoin wallets. He described Ethereum’s approach as “best in class” and bitcoins as “worst in class”, citing developers who “deny, gaslight, gatekeep, bury their heads in the sand” rather than engage with the problem.
Adam Back, the Blockstream boss and a prominent early bitcoin contributor, disagrees on the urgency but agrees on the direction.
“Quantum computing still has a lot to prove. Current systems are essentially laboratory experiments,” Back said at a conference earlier this month. But he also said bitcoin needs to prepare now, with optional upgrades built in advance so the network can migrate when needed, rather than scrambling in a crisis.
The coordination problem
So what is the biggest challenge in implementing effective solutions against Bitcoin’s quantum threat?
Bitcoin’s migration is more difficult than Ethereum’s for reasons unrelated to the actual math.
Ethereum has a foundation that funds engineering and a governance process that regularly implements major upgrades. Bitcoin has neither. Its development culture treats any central authority as a failure mode, and its social consensus holds that protocol changes should be rare and difficult.
These previous ones have kept the network stable for nearly two decades, but they also make the quantum problem structurally harder for bitcoin to solve.
Migrating the 6.9 million exposed coins requires decisions that the network has spent twenty years avoiding. Should old address formats be frozen after a certain date to protect coins from future theft? Should exposed coins be allowed to move to new quantum-safe addresses using their original keys? What happens to coins whose owners can’t or won’t migrate?
Satoshi’s coins are the starkest example. Freezing old formats protects the coins from theft, but makes them permanently inaccessible, including to Satoshi. Leaving the old formats open means that these coins stand as a standing prize for whoever builds the first working quantum computer or has access to a quantum computer and wants to attack.
Setting a migration deadline forces Satoshi to either move the coins, reveal their ownership, or lose them. Each option changes the nature of bitcoin in ways the network has historically refused to change.
What happens then
The Google newspaper’s own framing is an overview of where the industry stands.
A successful attack on mathematical bitcoin uses “should not be seen as a wake-up call to adopt post-quantum cryptography so much as a potential signal that PQC adoption has already failed.”
This means that by the time the threat becomes visible, the window to respond may already be closed.
Developers now face a question of whether a network built to withstand coordinated changes can coordinate the biggest security upgrade in its history before the hardware catches up with the theory.
Ethereum’s eight-year lead suggests that the right answer is to start now. Bitcoin’s governance culture suggests that the likely answer is to wait until the threat is demonstrated and then move.
Only one of these answers works if the timeline turns out to be shorter than the optimists’ estimate.
