Top Cryptographers Don’t Agree on Bitcoin’s Biggest Quantum-Risk Dilemma — But They Do Agree We Must Start Post-Quantum Signature Planning Now

Jun 13, 2026

Top Cryptographers Don’t Agree on Bitcoin’s Biggest Quantum-Risk Dilemma — But They Do Agree We Must Start Post-Quantum Signature Planning Now

Quantum computing and Bitcoin rarely collide in day-to-day wallet decisions — until they suddenly do. As of June 13, 2026, the industry conversation is heating up again, not because a quantum computer can steal coins today, but because the upgrade path for a global, decentralized monetary network is slow by design.

A useful reference point is the April 21, 2026 position paper released by the Coinbase Independent Advisory Board on Quantum Computing and Blockchain, a committee including Prof. Scott Aaronson (UT Austin), Prof. Dan Boneh (Stanford), and Justin Drake (Ethereum Foundation), among others. Their central message is clear: quantum risk is not imminent, but planning and engineering work must begin immediately because migration takes years, and uncertainty itself becomes a systemic risk (read the paper: Quantum Computing & Blockchain).

At the same time, even top cryptographers do not converge on the hardest question Bitcoin will eventually face: what should happen to coins that never migrate?

This article breaks down the technical reality, the governance fault line, and what Bitcoin holders can do now — without panic, and without waiting for perfect consensus.

1) The “quantum threat” is mostly about signatures, not mining

Bitcoin’s security stack is often summarized as “SHA-256 + ECDSA/Schnorr,” but quantum risk is not evenly distributed across that stack.

  • Mining and hash functions (SHA-256) are not the primary near-term concern in most credible scenarios.
  • The dominant long-term risk is that a cryptographically relevant quantum computer could run Shor’s algorithm and eventually break the public-key cryptography behind digital signatures — enabling an attacker to derive a private key from a known public key and then produce valid spends.

This is why migration discussions focus on replacing (or augmenting) today’s signature schemes with post-quantum cryptography rather than redesigning Proof-of-Work (see the advisory board’s overview and recommendations in the Coinbase paper).

2) Where Bitcoin is exposed: “public key visibility” is the key concept

A quantum attacker doesn’t need your hardware wallet, seed phrase, or malware access. In the signature-break scenario, the attacker needs your public key. If it is visible, it can become a target.

Two major exposure buckets

A) “Always exposed” outputs (public key is on-chain from the start)

Early Bitcoin design choices left a long tail:

  • P2PK (Pay-to-Public-Key) outputs publish the public key directly on-chain.
  • Some modern script types also make a public key visible by design.

The advisory board notes that ~1.7 million BTC sit in legacy P2PK outputs, and that these “Satoshi-era” UTXOs are controlled by about 20,000 public keys in aggregate — many of which may be abandoned and therefore cannot be proactively migrated (Coinbase paper).

B) “Reuse exposed” outputs (public key becomes known after spending)

Even if you receive to a public-key-hash address, your public key may be revealed when you spend, and address reuse can leave value sitting behind an already-revealed key.

Project Eleven’s on-chain analysis is particularly concrete here. In its 2026 report, it estimates that ~6.9 million BTC sit in quantum-vulnerable addresses, with about ~5.0 million BTC attributed to address reuse exposure (see the table in Project Eleven’s 2026 report).

Why this matters for users: even “best practice” wallets can’t change the fact that Bitcoin’s UTXO set includes a meaningful amount of value whose public keys are already visible — and those coins become a governance and market-structure question, not just a cryptography question.

3) The governance split: “flag day” vs. absolute property rights

The advisory board frames the biggest unresolved issue as not “should Bitcoin adopt post-quantum signatures?” (it should plan for that), but:

What happens to coins that never migrate?

This is where consensus breaks.

Option 1: A hard cutoff (“flag day”) for quantum-vulnerable signatures

One camp argues Bitcoin should set a deadline after which old signature types are no longer accepted. Coins that did not migrate become unspendable, preventing a future quantum attacker from suddenly obtaining and dumping a massive quantity of BTC — a scenario that could destabilize market pricing and even social legitimacy.

The advisory board lays out major pro-flag-day arguments, including limiting the chance that a powerful adversary could be first to exploit the capability and weaponize stolen coins (Coinbase paper).

Option 2: No cutoff — coins remain valid, even if vulnerable

The other camp sees a cutoff as a form of expropriation: if Bitcoin can revoke coins for “security,” it sets a precedent that coins could later be frozen or invalidated under political pressure.

The advisory board explicitly declines to take sides, emphasizing there is no single objectively correct answer and that the decision must come from the Bitcoin community (Coinbase paper).

A third direction: rate limits and “canary” ideas

Instead of “burning” abandoned coins, the paper discusses mitigation ideas such as rate-limiting spends from especially risky outputs, turning high-risk legacy coins into an early-warning signal while constraining damage (Coinbase paper).

4) Why planning must start now even without a governance answer

The committee’s most practical point is also the easiest to miss:

Engineering work is separable from the governance dispute.

Even if the community debates “flag day” for years, Bitcoin still benefits from starting now on:

  • post-quantum signature integration paths
  • wallet UX for safe migration
  • bandwidth and fee-market implications of larger signatures
  • test vectors, hardware support, and crypto-agility tooling

This is similar to how the broader security world is preparing: the U.S. government’s PQC standardization has already produced finalized standards for post-quantum algorithms, including signatures (see NIST’s announcement: NIST’s first finalized post-quantum standards and the signature standard itself: FIPS 204 (ML-DSA)).

Just as importantly, mainstream finance has started treating quantum as a disclosed risk. For example, a 2025 SEC filing for the iShares Bitcoin Trust includes quantum computing as a factor that could undermine Bitcoin’s cryptography and require community-led upgrades (SEC filing).

In other words: the market is beginning to price the uncertainty, not the qubits.

5) “Quantum-ready” in practice: what Bitcoin users can do today

A post-quantum migration is not something a single wallet update can magically solve. But there are still concrete steps that reduce your exposure and improve your readiness.

Checklist for BTC holders (pragmatic, no hype)

  1. Avoid address reuse Address reuse is a major driver of exposure in real-world datasets (Project Eleven 2026 report). Use wallets that generate a fresh receive address by default.

  2. Know what you hold If you control coins in very old formats (especially legacy outputs), consider whether they sit in patterns likely to have exposed public keys already. This is less about panic and more about inventory management.

  3. Stay “crypto-agile” operationally Quantum preparedness is not only about Bitcoin consensus changes. It’s also about your ability to:

    • upgrade wallet software safely,
    • verify addresses,
    • sign migration transactions confidently,
    • keep backups and recovery flows intact.

  4. Separate key security from protocol security A hardware wallet can’t change what is already written to a public blockchain — but it does reduce the everyday risk of key theft today and makes any future migration safer to execute.

6) Where OneKey fits: security today, migration readiness tomorrow

Quantum risk is a protocol-level story, but upgrades will be executed at the user level — by signing transactions and moving funds when new standards arrive.

That is exactly where a hardware wallet remains valuable: it helps keep private keys offline, reduces exposure to malware-based signing, and supports disciplined operational security when the ecosystem eventually coordinates a migration.

If you’re planning for a multi-year horizon, think of post-quantum readiness as a combination of good Bitcoin hygiene now and the ability to move quickly and safely later. OneKey is built for that long game: secure self-custody, clean signing, and day-to-day practices that don’t depend on trusting a constantly-online environment.

Closing thought: the debate isn’t a bug — it’s the work

Bitcoin’s quantum-risk conversation is uncomfortable because it touches the core philosophy: immutability vs. survivability, absolute ownership vs. systemic safety.

Top cryptographers may not agree on the “least bad” way to handle unmigrated coins — but they

Secure Your Crypto Journey with OneKey

View details for Shop OneKeyShop OneKey

Shop OneKey

The world's most advanced hardware wallet.

View details for Download AppDownload App

Download App

Scam alerts. All coins supported.

View details for OneKey SifuOneKey Sifu

OneKey Sifu

Crypto Clarity—One Call Away.