Bitcoin's quantum dilemma: freeze 1.7 million BTC or risk the shock

As quantum timelines compress, up to 8% of total BTC supply faces new risks. A proposed upgrade forces the network to confront hard trade-offs.

The quantum threat to Bitcoin is no longer theoretical. It has become a recurring market concern, especially as developers remain divided on how to respond.

That urgency is rising. Recent studies from Google and California Institute of Technology suggest that quantum machines capable of breaking Bitcoin’s cryptography could arrive sooner than expected.

There is, however, an important nuance. For now, only a subset of coins is truly exposed — mostly early addresses from the Satoshi era that revealed their public keys and have remained inactive. Still, researchers from Coinshares estimate these addresses to contain 8% of the total supply, or up to 1.7 million BTC. At a current price of $74,000, this represents over $125 billion.

If those funds were suddenly unlocked, markets could face massive selling pressure. The draft of a new Bitcoin Improvement Protocol, BIP-361, released this Tuesday, has triggered one of the most consequential debates in the Bitcoin community: should these coins be frozen?

Quantum coming faster than expected

Since 2025, quantum computing has shifted from theory to engineering reality. A series of milestones illustrates the pace: new chips from IBM targeting fault tolerance by the end of the decade, Google’s “Willow” processor reducing error rates, and experiments from Microsoft and Caltech pushing qubit counts and stability higher.

The key shift is not raw power, but efficiency. New architectures — particularly neutral-atom systems developed by Caltech — suggest that breaking modern cryptography may require far fewer resources than previously assumed.

Recent estimates from Bitcoin security researchers now assign roughly a 10% probability that a quantum computer could recover a private key by 2032. That is not imminent, but it is no longer distant either.

Quantum threat to Bitcoin

Bitcoin addresses come with a pair of keys: public, used to receive funds, and private, used to authorize transactions. Spending from an address reveals the public key behind it, and that exposure is permanent. In early “pay-to-public-key” formats, many addresses exposed their public keys even before being spent, while later formats kept them hidden until first use.

It is this exposure that creates the risk. A sufficiently powerful quantum computer could derive the associated private key and spend the funds. Older coins are therefore uniquely vulnerable, as securing them would require action from their owners — something impossible for lost or abandoned wallets.

If exploited, the attack would be silent. The network would accept the forged signatures as valid. Funds could move within minutes, with no way to distinguish legitimate transactions from compromised ones.

Possible post-quantum upgrades to Bitcoin

Solutions to the Bitcoin quantum threat exist, but none are simple. Post-quantum signatures are significantly larger than current ones — often 10 to 100 times bigger than today’s ~64-byte signatures. In a system where every node stores all transaction data, this creates a structural constraint on scalability and costs.

Developers are exploring several approaches. Some propose hybrid address formats combining current cryptography with quantum-resistant schemes (BIP-360). Others suggest incremental fixes that reduce key exposure without major changes, such as Quantum-safe Taproot or P2TRH. More ambitious proposals include mandatory migration plans like QRAMP, likely requiring a hard fork, or using zero-knowledge STARK proofs to compress large signatures.

Taken together, these ideas outline a gradual path: low-impact fixes in the near term, heavier upgrades if the threat materializes.

The challenge is coordination. Bitcoin upgrades are slow by design, requiring an agreement between developers, community, miners, users… which makes consensus very difficult. 

Can Bitcoin freeze vulnerable coins?

The debate intensified on April 14, when Jameson Lopp and other researchers advanced their proposal of freezing quantum-vulnerable coins.

The move is the second part of a three-stage proposal under BIP-361 called the “Post Quantum Migration and Legacy Signature Sunset.” Under this framework, users would have three years to migrate funds to quantum-resistant addresses. After that, old signatures would be invalidated, effectively locking any remaining coins — including long-lost holdings.

A recovery mechanism could allow legitimate owners to reclaim funds using advanced proofs. Yet the proposal introduces a major shift: coins could become unspendable not due to lost keys, but due to protocol rules.

Critics argue this crosses a philosophical line. Bitcoin has historically avoided intervention, even in extreme cases. Forcing upgrades and invalidating transactions raises concerns about precedent and governance.

The quantum risk may still be distant, but the trade-offs it exposes — between security, immutability and governance — are immediate.