Coinbase's quantum advisory council released a report Thursday urging blockchain developers to begin post-quantum migration planning immediately, warning that approximately 7 million Bitcoin could be vulnerable to future quantum attacks due to exposed public keys and address reuse. The council stated the technical work of upgrading Bitcoin, Ethereum, and other networks should not wait for consensus on handling vulnerable or abandoned coins. Researchers warn a cryptographically relevant quantum computer capable of breaking blockchain cryptography is more likely than not to exist by 2030, prompting industry-wide preparation efforts across Ethereum, Stellar, and other major networks.
The advisory council, launched in January, brings together researchers from Stanford University, the University of Texas at Austin, the Ethereum Foundation, Eigen Labs, Bar-Ilan University, and UC Santa Barbara. The council wrote in the report that no quantum computer can break blockchain cryptography right now, but stated timelines are uncertain and the crypto community needs to start preparing now rather than debating exactly when the threat will arrive.
Coinbase Report Estimates 7 Million Bitcoin Face Quantum Vulnerability
According to the advisory council, the issue could affect millions of Bitcoin sitting in legacy addresses where public keys are already exposed, making them directly vulnerable to a future quantum attack. The council wrote that many of these are believed to be Satoshi's coins or funds whose owners have long since lost their keys. The report stated that when factoring in address reuse across other address types, approximately 7 million Bitcoin total are currently considered quantum-vulnerable.
The council identified one of the most contentious questions facing the industry as what happens to cryptocurrency whose owners never migrate to quantum-safe addresses. The report released Thursday addressed this as the biggest unanswered question, noting it is not technical but concerns what happens to coins that are never moved to quantum-safe addresses.
Three Options Outlined for Coins That Don't Migrate to Quantum-Safe Addresses
The report outlines three options for coins that don't migrate to quantum-safe addresses. First, permanently freeze or burn them after a deadline. Second, do nothing and let users decide, with the council adding that forcing coins to be burned overrides property rights and sets a precedent for network-level interference that conflicts with Bitcoin's core principles. Third, use middle-ground steps like limiting how many vulnerable coins can move per block or accepting special cryptographic proofs in place of legacy signatures, and let users pre-commit to migrations without publicly moving funds yet.
The council stressed that the above proposals are compatible with each other, stating there is no reason to not adopt more than one or all of them, since each has its own advantages.
Ethereum Foundation and Stellar Development Foundation Announce Post-Quantum Initiatives
In January, the Ethereum Foundation formed a team to coordinate Ethereum's transition to post-quantum security and has explored replacing validator and wallet signatures with quantum-resistant alternatives. This was followed in February by Ethereum co-founder Vitalik Buterin mapping out a quantum upgrade roadmap.
In April, the Coinbase advisory council warned that proof-of-stake networks, including Ethereum and Solana, may be particularly vulnerable to future quantum attacks because the validator signatures used to secure those blockchains rely on cryptography that quantum computers could eventually break.
On Tuesday, the Stellar Development Foundation unveiled a roadmap for migrating users to quantum-safe cryptography. Bitcoin developers continue to debate how vulnerable coins should be migrated and what should happen to those that never move.
A Coinbase Advisory Board spokesperson previously told Decrypt that the right time to prepare for a cryptographic transition is before it becomes urgent, adding that customer assets are safe today, but the industry should not confuse not imminent with not important.
FAQ
What did Coinbase's quantum advisory council announce in its Thursday report?
Coinbase's quantum advisory council released a report Thursday urging blockchain developers to begin post-quantum migration planning immediately. The report warned that approximately 7 million Bitcoin could be vulnerable to future quantum attacks due to exposed public keys and address reuse, and stated the technical work of upgrading Bitcoin, Ethereum, and other networks should not wait for consensus on handling vulnerable or abandoned coins.
Why are 7 million Bitcoin considered quantum-vulnerable according to the Coinbase report?
According to the advisory council, millions of Bitcoin sit in legacy addresses where public keys are already exposed, making them directly vulnerable to a future quantum attack. The council wrote that many of these are believed to be Satoshi's coins or funds whose owners have long since lost their keys. When factoring in address reuse across other address types, approximately 7 million Bitcoin total are currently considered quantum-vulnerable.
What three options does the report outline for coins that don't migrate to quantum-safe addresses?
The report outlines three options: first, permanently freeze or burn unmigrated coins after a deadline; second, do nothing and let users decide; third, use middle-ground steps like limiting how many vulnerable coins can move per block or accepting special cryptographic proofs in place of legacy signatures, and let users pre-commit to migrations without publicly moving funds yet. The council stressed these proposals are compatible with each other.
