TL; DR
- Coinbase on The Quantum Advisory Council says that post-quantum migration planning should begin before quantum attacks.
- The report states that approximately 7 million BTC are at risk because public keys are exposed through innate forms or re-use of addresses.
- About 1.7 million BTC are said to reside in Pay-to-Public-Key addresses, including the first mined and abandoned coins.
- The agency classifies this issue as a long-term governance issue, not an emergency.
Coinbase’s Quantum Advisory Council has warned that Bitcoin and other crypto networks must start preparing for quantum migration properly so that more computers can crack today’s keys.
In a June 11 report titled “Post-Quantum Migration and Abandoned Coins,” the council framed the issue as both a technology migration problem and a governance problem. The important question is not just moving users to secure quantum addresses, but what the network should do with the money that is never transferred.
The report says that no modern quantum computer can break the cryptography of today’s cryptocurrencies. However, it says that this risk is very important because the environment can take years to adapt to a major upgrade, especially if user fees, abandoned wallets, and property rights are involved.
Why Some Bitcoins Are So Visible
Coinbase’s report estimates that about 7 million BTC are currently quantum-risk. This figure includes coins for address types where the public key is already exposed, as well as coins built for reuse, where the public key is revealed after the broadcast.
One of the more complicated categories is Pay-to-Public-Key addresses. The report says that 1.7 million BTC are held in these P2PK addresses, where public keys are directly visible. That bucket also includes initial mining fees, including fees associated with Bitcoin’s history, as well as fees that may be lost or abandoned.
This issue is different from normal software upgrades. Users can be prompted to transfer funds to quantum-safe addresses once the signatures are ready. Abandoned money, lost wallets, and dormant original addresses are a problem because no one can move them.
The Governance Dilemma
The council outlined a number of key measures. One option is a migration deadline, after which funds that have not migrated at risk can be frozen or burned to prevent future theft. This approach prioritizes cyber security but raises questions about property rights.
The second option is to keep the freedom and do nothing, leaving the coins vulnerable. This avoids forced intervention but may allow future attackers to steal exposed funds if the potential for leverage is large enough.
The report also outlines the central idea. These include limiting the amount of money that can be transferred from old addresses in each block-like period, which is sometimes described as an hourglass mechanism, and using zero-information like BIP-361 to allow users to verify ownership of old keys without revealing information.
Preparing Before a Crisis
The practical concept of this council is to separate the engineering work from the power struggle. In other words, the industry can start developing and testing secure signatures now while debating how abandoned or insecure currencies should be handled later.
That difference is important. Waiting until a massive attack can cause networks that are trying to coordinate technology upgrades, wallet migration, exchange support, and crowdfunding to be pressured. Starting early gives developers and users a chance to test systems and avoid making break-even decisions.
For Bitcoin holders, the bottom line is that coins are not safe today. It is that a long-term digital economy requires long-term planning. With increasing demand in crypto networks over the years, it is very important to plan for cryptographic changes before they become an emergency.
The Coinbase report adds another big voice to the conversation. The debate on the amount left behind will not be easy, but the council’s message is clear: the question of post-quantum migration is no longer too speculative to ignore.
