>_ Skip to main content
Menu
Search

Coinbase Quantum Report Warns Millions of Bitcoin Sit Exposed


Coinbase’s quantum advisory board says about 7 million Bitcoin sit in addresses that a future quantum computer could crack. The report, published on June 11, 2026, points the finger at active funds, including cold wallets run by known exchanges, instead of only long-lost Satoshi-era coins. The board urges Bitcoin developers to start migration work now, well before any machine exists that can break the network’s cryptography.

What the Report Found

Specifically, the report says that the Independent Advisory Board on Quantum Computing and Blockchain splits the exposed coins into two groups. About 1.7 million BTC sit across around 20,000 legacy pay-to-public-key addresses, where the public key is the address and stays fully visible on-chain. According to the board, many of those coins likely belong to Bitcoin’s pseudonymous creator or to people who lost their keys years ago.

Meanwhile, the second group is larger and harder to dismiss. Citing the quantum-security firm Project Eleven, the report puts around 5 million Bitcoin at risk because their public keys have already shown up on the blockchain through address reuse. Most of those coins belong to active users, the board says, with large amounts parked in exchange cold wallets. The report doesn’t name specific exchanges.

Every time an address gets reused after a spend, its public key becomes visible. That’s the weak point. Bitcoin’s mining and hash functions stay safe against quantum attacks, according to the board, so the problem lives at the wallet signature level.

The Governance Fight Nobody Wants

The board lays out two opposing answers and refuses to pick one. The first would set a deadline after which quantum-vulnerable signatures, such as ECDSA and Schnorr, stop being accepted, freezing any coins that didn’t migrate. Supporters argue that broken cryptography voids the proof of ownership, and that freezing would stop a sanctioned actor like North Korea from grabbing a large stash.

The second position would add post-quantum addresses and leave the risk with each holder. Backers say burning coins amounts to confiscation, which clashes with Bitcoin’s property-rights ethos and could invite future pressure to seize funds for other reasons.

In between sit several compatible ideas. An “Hourglass” design would cap how many legacy coins move per block to avoid a supply shock. The draft BIP-361 proposal would bar legacy signatures after a set time and let users prove ownership with a zero-knowledge proof. Provable Address-Control Timestamps (PACTs), proposed by Paradigm researcher Dan Robinson, would let holders commit now to a future quantum-safe transfer.

The board’s members include Stanford’s Dan Boneh, UT Austin’s Scott Aaronson, Ethereum Foundation researcher Justin Drake, and Coinbase cryptography lead Yehuda Lindell. No quantum computer can break blockchain cryptography today, they stress. Their point is that both the migration and the debate will take years, so waiting until such a machine exists would be too late.