Coinbase’s global head of investment research, David Duong, has declared that Bitcoin’s long-term security faces a structural threat from the advancements in quantum computing, which extends beyond mere wallet hacks. This threat stems from the fact that one-third of Bitcoin’s total supply, i.e., roughly 6.51 million BTC, has its public keys exposed on the blockchain. Quantum threat to Bitcoin calls for urgent cryptographic upgrades like post-quantum cryptography to safeguard the elliptic curve digital signature algorithm (ECDSA) protections for the token.
In a recent LinkedIn post, Duong shared concerns that even though the quantum threat was not initially considered as an immediate threat, statistics substantiate that the effects of the threat on Bitcoin are taking shape faster than was expected. For instance, BlackRock flagged quantum computing risks in its iShares Bitcoin Trust ETF’s prospectus last year, calling for institutional awareness. Vulnerability to Bitcoin addresses stems from address reuse in legacy pay-to-public-key (P2PK) and pay-to-public-key-hash (P2PKH) wallets, which expose them to Shor’s and Grover’s algorithm attacks.
Dual Quantum Attack Vectors for Bitcoin
Bitcoin has two pillars, namely ECDSA for transaction signatures and SHA-256 hashing for proof-of-work mining. The quantum threats differently affect both of these pillars.
The quantum attack on Bitcoin is dual-sided. Firstly, signature security allows quantum rigs using Shor’s algorithm to forge ECDSA signatures from public keys. This causes theft from exposed addresses holding 32.7% of the total supply of Bitcoin. The risk level here is very high at about 33%.
Secondly, Grover’s algorithm could halve SHA-256’s effective security, causing quantum mining to dominate hash rates, thus distorting Bitcoin’s economic incentives. Even though quantum mining lags due to current qubit fidelity limits, it poses a network-level disruption, potentially inflating block rewards and diminishing miners’ profitability. However, this threat is only moderately risky.
Market Impact of Quantum Threats
Duong’s warning about the quantum threats comes at a time when Bitcoin is performing well in the market with a predominantly bullish trend. Institutional players are therefore cautious about the market impact of the possible quantum threats and are constantly reprioritizing their stance.
Coinbase itself has started prioritizing research into quantum-resistant blockchains, while Ethereum’s shift to a proof-of-stake consensus mechanism, despite some mining risks, shares ECDSA woes. BlackRock has started preparations to comply with regulatory scrutiny, with SEC filings now citing quantum risks to crypto ETFs.
The quantum threats extend beyond Bitcoin to Ethereum, Solana, and altcoins reliant on ECDSA or vulnerable to hashing. Stablecoins like USDT have also been facing similar public-key exposures, while DeFi protocols on vulnerable layer 1 blockchains risk cascading exploits.
Duong’s Warning Calls for Mitigation Strategies
Duong’s warning reframes Bitcoin not as invincible digital gold but as a protocol that warrants constant evolution. He views the current period as critical for wallet migrations to fresh addresses that keep public keys hidden from quantum threats. Tools like quantum vulnerability scanners from Chainalysis and Project 11, and layer-2 solutions like Lightning Network, can be used in risk mitigation. He emphasizes that 2026-2030 would be a critical period for “quantum readiness” for blockchains in general.
On his post on LinkedIn, Duong has proposed three technical proposals to mitigate the threats, namely BIP-360 to keep public keys off-chain and pave the way for post-quantum signatures, BIP-347 for re-enabling OP_CAT to support hash-based one-time signatures, and Hourglass for rate-limiting spends from vulnerable outputs to stabilize the transition.
He also notes that the emergence of quantum computing will not pose a threat if the necessary precautions are taken. The research and innovations done to accommodate post-quantum migration are also expected to help.
