How Many Bitcoins Could Be at Risk if Quantum Computers Became Powerful Enough?
Imagine a scenario where someone successfully develops a quantum computer today, enabling them to extract private keys. This raises an important question: How many Bitcoins would be at risk?
To answer this, an analysis of the Bitcoin blockchain was conducted to determine which holdings could be compromised. As previously mentioned, coins stored in p2pk addresses and reused p2pkh addresses are particularly vulnerable to quantum attacks. The findings are illustrated in the figure below, which highlights the distribution of Bitcoins across different address types over time.
Early in Bitcoin’s history, p2pk addresses were the standard, dominating the blockchain in its first year. Interestingly, the number of Bitcoins stored in these addresses has remained largely unchanged at approximately 2 million BTC. These are likely coins mined in the early days that have never been moved.
By 2010, p2pkh addresses became the norm, and since then, most newly created coins have been stored in these addresses. The data shows that the number of Bitcoins in reused p2pkh addresses increased between 2010 and 2014 but has gradually declined since, currently sitting at 2.5 million BTC. This suggests that Bitcoin users are generally following best practices by avoiding p2pk addresses and limiting address reuse.
Despite these precautions, over 4 million Bitcoins (approximately 25% of the total supply) remain vulnerable to potential quantum-based theft. At today’s market prices, this translates to over $40 billion USD at stake.
How Can Bitcoin Holders Reduce the Risk of Quantum-Based Attacks?
As discussed earlier, p2pk and reused p2pkh addresses are susceptible to quantum attacks. However, Bitcoin holdings in p2pkh addresses that have never been used for transactions remain safe, as their public keys have not yet been exposed. This means that transferring funds to a fresh p2pkh address can offer protection.
The main issue with this approach is that many owners of vulnerable coins have lost access to their private keys. Since these funds cannot be moved, they remain potential targets for the first entity to develop a powerful enough quantum computer.
One possible solution is for the Bitcoin community to reach a consensus on securing these assets. This could involve setting a deadline for owners to move their coins to secure addresses. After that period, transactions from vulnerable addresses could be ignored by miners, rendering them unusable. However, such a measure would be controversial and require widespread agreement within the community before implementation.
Can Bitcoin Resist Quantum Attacks in the Future?
Assuming that all at-risk Bitcoin holders secure their funds (and lost private keys are somehow recovered), would this make Bitcoin immune to quantum threats? The answer isn’t straightforward.
For an address to be “quantum-safe,” its public key must remain private. However, the moment a transaction is initiated from such an address, the public key is revealed. At that point, an attacker with a quantum computer has a brief window of opportunity to steal the funds before the transaction is mined. The attacker could generate the private key from the public key and broadcast a competing transaction to their own address, offering a higher mining fee for priority processing.
Currently, Bitcoin transactions take about 10 minutes to be confirmed, though network congestion can cause delays. Current scientific estimates suggest that a quantum computer would need approximately 8 hours to break an RSA key, while some models predict that Bitcoin’s cryptographic signature could be compromised in 30 minutes. This indicates that Bitcoin is, for now, resistant to quantum attacks—as long as addresses are not reused.
However, since quantum computing is still in its infancy, it remains uncertain how quickly such machines will evolve. If quantum decryption speeds ever approach Bitcoin’s 10-minute transaction window, the entire blockchain’s security could be compromised.
