coindesk.com
Not everything in bitcoin is at risk from a quantum computer.
Bitcoin mining, the process by which new blocks get added to the blockchain, uses a type of math called hashing that quantum computers cannot meaningfully break. The ledger itself and the rule that new bitcoin can only be created through mining would survive a quantum attacker. Blocks would still get produced, and the chain would keep running.
What would not survive is ownership.
Bitcoin wallets are protected by a different kind of math that turns a secret private key into a public address anyone can see. The math works easily in one direction and not at all in the other, which is the only thing stopping a stranger from spending your coins.
Part 1 of this quantum computing series went into physics. A quantum computer is not a faster version of a regular computer. It is a fundamentally different kind of machine, starting at a very cold, very small loop of metal where particles behave in ways they do not behave anywhere else on Earth.
Part 2 walked through what happens when you point that machine at bitcoin. Bitcoin wallets depend on a one-way math problem. Turning a secret private key into a public address takes milliseconds. Going the other way, from public address back to the private key, would take a regular computer longer than the age of the universe.
A quantum algorithm called Shor's collapses the gap. Google's paper this month showed the attack could be run with far fewer resources than anyone previously estimated, in a window that races against bitcoin's own block times.
This piece, the last in the series, is about the response. What is actually at risk, what bitcoin has done about it, and whether a network built to resist coordinated change can coordinate the biggest security upgrade in its history before the hardware catches up.
What's exposed, what's safe
The at-risk pool is large.
Roughly 6.9 million bitcoin, about one-third of everything ever mined, sits in wallets whose public keys are already permanently visible onchain. Most of this is early bitcoin from the network's first years, stored in an address format that published the public key by default. It also includes any wallet that has ever been spent from, because spending reveals the key for whatever remains.
A quantum attacker would not need to race against a transaction in progress. Rather, they could work through the wallets with already exposed keys at their own pace, one by one. Bitcoin’s pseudonymous creator, Satoshi Nakamoto, holds roughly 1 million bitcoin, untouched since the network's early days, and this stack now sits in the exposed category.
The 2021 Taproot upgrade expanded the problem. Taproot is a change to how bitcoin addresses work, intended to make transactions more efficient and more private.
A side effect was that any bitcoin spent since Taproot activated has published the key protecting whatever remains at that address. This was not a mistake but a reasonable tradeoff at the time, when quantum timelines looked much longer than they do now.
What's in the works?
While the quantum threat has sparked a heated debate in recent months, and other blockchains are preparing, nothing concrete has emerged from Bitcoin developers yet.
Ethereum, which can be considered one of Bitcoin's largest competitors among institutional investors looking at the crypto market, has had a formal quantum-resistant program since 2018.
The Ethereum Foundation runs four teams working on the migration full-time, with more than ten independent developer groups shipping weekly test networks. The plan maps specific upgrades across four upcoming network-wide changes, moving Ethereum's security to new math that quantum computers cannot break. It has even launched a dedicated website, pq.ethereum.org, to publish its progress.
Bitcoin has no equivalent strategy so far.
That doesn't mean there aren't any efforts out there to solve it.
One such formal proposal is BIP-360 from a group of developers and researchers. It would add new quantum-safe address types that holders could voluntarily migrate to. A competing proposal from BitMEX Research would install a detection system that triggers defensive action if a quantum attack is observed on the network.
However, neither has broad support from bitcoin's core developers, and the two proposals solve different halves of the problem.
Nic Carter, one of bitcoin's prominent advocates, has called it out in the past months.
"Elliptic curve cryptography is on the brink of obsolescence," Carter wrote on X, referring to the math that secures bitcoin wallets. He described Ethereum's approach as "best in class" and bitcoin's as "worst in class," citing developers who "deny, gaslight, gatekeep, bury heads in sand" rather than engage with the problem.
Adam Back, the Blockstream CEO and a prominent early bitcoin contributor, disagrees on the urgency but agrees on the direction.
"Quantum computing still has a lot to prove. Current systems are essentially lab experiments," Back said at a conference earlier this month. But he also said bitcoin should prepare now, with optional upgrades built in advance so the network can migrate when needed, rather than scrambling in a crisis.
The coordination problem
So what's the biggest challenge in implementing effective solutions against Bitcoin's quantum threat?
Bitcoin's migration is harder than Ethereum's for reasons unrelated to the actual math.
Ethereum has a foundation that funds engineering work and a governance process that regularly passes major upgrades. Bitcoin has neither. Its development culture treats any central authority as a failure mode, and its social consensus holds that changes to the protocol should be rare and hard.
Those priors have kept the network stable for nearly two decades, but they also make the quantum problem structurally harder for bitcoin to solve.
Migrating the 6.9 million exposed coins requires decisions the network has spent twenty years avoiding. Should old address formats be frozen after a certain date to protect coins from future theft? Should exposed coins be allowed to move to new quantum-safe addresses using their original keys? What happens to coins whose owners cannot or will not migrate?
Satoshi's coins are the sharpest example. Freezing old formats protects the coins from theft but makes them permanently inaccessible, including to Satoshi. Leaving the old formats open means those coins sit as a standing prize for whoever builds the first working quantum computer or has access to a quantum computer and wants to attack.
Setting a migration deadline forces Satoshi to either move the coins, revealing their ownership, or lose them. Every option changes bitcoin's character in ways the network has historically refused to change it.
What happens next
The Google paper's own framing is a summary of where the industry stands.
A successful attack on the math bitcoin uses "should not be seen as a wake-up call to adopt post-quantum cryptography as much as a potential signal that PQC adoption has already failed."
This means that by the time the threat becomes visible, the window to respond may already have closed.
Developers now face a question of whether a network built to resist coordinated change can coordinate the biggest security upgrade in its history before the hardware catches up to the theory.
Ethereum's eight-year head start suggests the correct answer is to start now. Bitcoin's governance culture suggests the likely answer is to wait until the threat is demonstrated, then move.
Only one of those answers works if the timeline turns out to be shorter than the optimists' estimate.