Coinbase board warns 7 million bitcoins could face future quantum risk

TL;DR

Coinbase The Quantum Advisory Board says post-quantum migration planning should begin before quantum attacks become practical.
The report estimates that around 7 million BTC are vulnerable to quantum attacks because public keys are exposed in legacy formats or through address reuse.
There is said to be approximately 1.7 million BTC in existing Pay-to-Public-Key addresses, including previously mined and potentially abandoned coins.
The Council sees this issue as a long-term management challenge rather than an immediate emergency.

Coinbase’s Quantum Advisory Council cautioned that Bitcoin and other crypto networks need to start planning for a post-quantum migration well before quantum computers can realistically break today’s public key cryptography.

In a June 11 report titled “Post-Quantum Migration and Abandoned Coins,” the council framed the issue as both a technical migration problem and a governance dilemma. The fundamental question is not only how to migrate users to secure quantum addresses, but also what the network should do with coins that are never migrated.

The report concluded that no current quantum computer is capable of breaking the cryptography securing cryptographic assets. However, he argues that the risk is strategically essential because coordinating major upgrades in decentralized ecosystems can take years, especially when user funds, abandoned wallets and ownership rights are at stake.

Why Some Bitcoins Are More Vulnerable

A Coinbase report estimates that approximately 7 million BTC are currently vulnerable to quantum attacks. This number includes coins in address types where the public keys are already observable, as well as address reuse-related coins where the public key is exposed after the transaction is broadcast.

One particularly sensitive category is legacy Pay-to-Public-Key addresses. The report shows that approximately 1.7 million BTC are stored at P2PK addresses where public keys are directly observable. This bucket includes early mined coins, including coins associated with Bitcoin’s earliest history, as well as funds that may be lost or abandoned.

The problem is different from a regular software update. Active users may be advised to transfer funds to quantum secure addresses as soon as the appropriate signature schemes are ready. Abandoned coins, lost wallets and dormant past addresses are more arduous because there may be no one to move them.

Management dilemma

The council has outlined some broad paths. One option is a tough migration deadline, after which unmigrated sensitive funds could be frozen or incinerated to prevent future quantum theft. This approach prioritizes network security but raises grave questions about property rights.

The second option is to preserve the rights and leave the defenseless coins intact. This avoids forced intervention, but could allow future attackers to steal exposed funds if quantum capabilities eventually become forceful enough.

The report also discusses intermediate solutions. These include limiting the rate of porting from older addresses within any block time frame, sometimes referred to as an hourglass mechanism, and the utilize of zero-knowledge proofs such as BIP-361 to allow users to prove ownership of ancient keys without revealing sensitive information.

Planning before the crisis

The Council’s practical recommendation is to separate engineering from management struggles. In other words, the industry can start creating and testing quantum-secure signatures now while still debating how to deal with abandoned or vulnerable coins later.

This distinction matters. Waiting for inevitable quantum attacks would leave networks trying to coordinate technical updates, wallet migrations, exchange support and community management under pressure. Starting early gives developers and users more room to test systems and avoid hasty decisions.

For Bitcoin holders, the takeaway is not that coins have suddenly become unsafe today. The point is that long-lived digital assets require long-term security planning. The greater the value in crypto networks over the decades, the more essential it becomes to plan for crypto changes before they become emergencies.

The Coinbase report adds another essential voice to this conversation. The debate on abandoned coins will not be straightforward, but the Council’s message is clear: the issue of post-quantum migration is no longer theoretical enough to ignore.