Back: Post-Quantum Bitcoin Migration Could Expose Satoshi Coins

At Paris Blockchain Week, Blockstream CEO Adam Back told attendees a future shift to post-quantum Bitcoin addresses could make it clear which coins linked to Satoshi Nakamoto are still controlled.

Back outlined a migration in which users would be required to move holdings from address types considered vulnerable to quantum attacks into new, quantum-resistant address formats. He argued that coins left unmoved after a migration could reasonably be treated as effectively inaccessible.

Back estimated Satoshi’s holdings at roughly 500,000 to 1 million BTC. Separate on-chain analysis places Nakamoto-linked balances at about 1.09 million BTC, a sum currently worth roughly $81.6 billion.

A Bitcoin Improvement Proposal published by Jameson Lopp and five co-authors this week seeks to limit future movement of coins held in address formats that would be vulnerable if signature schemes were broken. That includes older addresses whose public keys were revealed when funds were spent.

Blockstream Research released a paper in December 2025 proposing a hash-based signature scheme as one possible post-quantum option for Bitcoin. The proposal would replace Bitcoin’s current signature algorithms — ECDSA and Schnorr — with signatures that rely only on cryptographic hash functions, a type of primitive already used elsewhere in Bitcoin’s protocol.

ECDSA and Schnorr verify transactions by checking signatures created with a private key that matches a public key. Addresses that have already exposed their public keys during past transactions are more at risk if those signature schemes become breakable. Under the migration scenario described, owners of such coins would need to create new transactions to move funds into quantum-resistant address types to preserve control.

Back provided a timeline for the risk, saying a quantum capability to break Bitcoin signatures is at least 20 years away. He described current quantum machines as far too limited for the task and pointed to practical scaling challenges such as energy consumption. “This migration to post-quantum address format may tell us how many of those coins [Satoshi] still has,” he said at the conference.

Developers and researchers are evaluating trade-offs including signature size, transaction cost and long-term security assumptions as they consider standards for a potential migration. Back said the expected timeline should allow time to test options and roll out a migration with advance notice to users.