In a significant warning, Coinbase has raised alarms regarding the potential vulnerabilities posed by advancements in quantum computing to the Bitcoin network. According to David Duong, head of investment research at Coinbase, approximately 32.7% of Bitcoin”s total supply is at risk, translating to around 6.51 million BTC that could be compromised due to exposed public keys on the blockchain.
The primary concern revolves around the security of digital signatures rather than the mining process itself. Duong emphasized this point on LinkedIn, stating, “Bitcoin”s long-term security may be entering a new regime as quantum computing advances.” The vulnerabilities arise from practices such as address reuse and specific script types, including Pay-to-Public-Key, bare multisig, and Taproot outputs, which expose public information.
Two distinct attack vectors threaten Bitcoin”s cryptographic integrity. Long-range attacks focus on outputs that already have exposed public keys, while short-range attacks could intercept transactions during the spending process by monitoring the mempool. Both scenarios could be realized once quantum computers capable of executing such tasks become operational.
Regulatory authorities in the U.S. and EU are proactively preparing for a future where quantum computing is more prevalent. They are guiding critical infrastructure towards adopting post-quantum cryptography by the year 2035. Duong noted an increasing investor concern regarding the rapid approach of quantum computing risks, a sentiment echoed in recent regulatory filings by BlackRock for its iShares Bitcoin Trust, where the company explicitly identified quantum computing as a risk factor.
Notably, Satoshi-era coins, which consist of early Bitcoin holdings, represent a considerable subset of these vulnerable outputs. These legacy coins often utilized Pay-to-Public-Key script types, further exposing their cryptographic information. The concentration of risk in these older outputs adds an additional layer of complexity to the challenge of securing the network.
The cryptographic framework supporting Bitcoin relies mainly on two systems: the Elliptic Curve Digital Signature Algorithm (ECDSA), which safeguards transaction authorization through private key verification, and the SHA-256 hashing function that underpins proof-of-work mining operations. Duong points out that the migration of signature security is a more critical issue than concerns around quantum mining, which remains a lower priority at this stage due to current scaling limitations.
While the potential economic impact of more efficient quantum mining could disrupt network incentives, the immediate threat to wallet security is of paramount importance. Quantum computers, if sufficiently advanced, could derive private keys from exposed public key information, allowing attackers to access funds from compromised addresses across the network. The timeline for achieving such capabilities is still uncertain, with some experts estimating it could take four to five years for quantum systems to reach the necessary power levels.
The cryptocurrency industry is beginning to acknowledge these structural risks, as traditional financial systems also grapple with the challenges posed by quantum computing due to their reliance on centralized cryptographic systems. Open protocols like Bitcoin and Ethereum are actively exploring solutions to implement post-quantum cryptographic measures, although this transition presents complex technical and coordination challenges for the broader network.
