Coinbase council: 7M Bitcoin vulnerable to quantum attack

On Thursday, Coinbase’s Independent Advisory Board on Quantum Computing and Blockchain released a report saying roughly 7 million Bitcoin in legacy addresses with exposed public keys are vulnerable to future quantum attacks. The council noted no quantum computer can break blockchain cryptography today, but timelines for a cryptographically relevant machine are uncertain and some researchers estimate one could exist by about 2030.

The council urged developers and protocol teams to begin planning migrations to quantum-resistant addresses now, rather than waiting for consensus on how to handle coins that never move to quantum-safe addresses.

The 7 million figure reflects coins in addresses where public keys have already been revealed, making those outputs directly exposed to any future method that could derive private keys. The council wrote many of these coins are believed to be early holdings attributed to Bitcoin’s creator or to wallets whose owners have lost access. The report added that address reuse across address types increases the total considered vulnerable.

The report sets out three approaches for coins that fail to migrate. One option would set a deadline and permanently freeze or burn unclaimed vulnerable coins. A second would preserve existing property rights and leave the outcome to market participants; the council wrote that “forcing coins to be burned overrides property rights and sets a precedent for network-level interference that conflicts with Bitcoin’s core principles.” A third approach would combine protocol limits and new tools, for example capping how much vulnerable value can move per block, accepting special cryptographic proofs instead of legacy signatures, or allowing users to pre-commit to migrations without publicly transferring funds.

The board said the options are compatible and can be adopted together. “We stress that the above proposals are compatible with each other; there is no reason to not adopt more than one or all of them, since each has its own advantages,” the report states.

The advisory board includes academics and industry researchers from Stanford University, the University of Texas at Austin, the Ethereum Foundation, Eigen Labs, Bar-Ilan University and UC Santa Barbara. Coinbase launched the council in January to study quantum risks to blockchain networks.

Ethereum has formed an internal team to coordinate a transition to quantum-resistant cryptography and has explored replacing validator and wallet signatures. Ethereum’s co-founder published a public roadmap earlier this year. The Stellar Development Foundation released a migration plan this week. The advisory board warned in April that proof-of-stake networks such as Ethereum and Solana may be especially vulnerable because validator signatures are central to their security models. Bitcoin developers continue to debate which migration mechanisms are appropriate and how to treat coins that never move.

The council emphasized that customer assets are secure today and urged the industry not to confuse “not imminent” with “not important.” The group recommended starting protocol-level planning, developing migration tools and opening community discussions now so networks can carry out a transition without rushing if quantum capability becomes a near-term reality.