In the event that quantum computers one day become capable of breaking Bitcoin’s cryptography, roughly 1 million BTC attributed to Satoshi Nakamoto, the creator of the Bitcoin network, could become vulnerable to theft.

At today’s price of about $67,600 per bitcoin, that stash alone would be worth approximately $67.6 billion.

But Satoshi’s coins are only part of the story.

Estimates circulating among analysts suggest that roughly 6.98 million bitcoin may be vulnerable in a sufficiently advanced quantum attack, Ki Young Ju, the founder of CryptoQuant, recently wrote on X. At current prices, the total amount of coins currently exposed represents roughly $440 billion.

The question that is now becoming increasingly prevalent in and outside bitcoin circles is simple and, at times, quite controversial

Why some coins are exposed

The vulnerability is not uniform. In Bitcoin’s early years, pay-to-public-key (P2PK) transactions embedded public keys directly on-chain. Modern addresses typically reveal only a hash of the key until coins are spent, but once a public key is exposed through early mining or address reuse, that exposure is permanent. In a sufficiently advanced quantum scenario, those keys could, in theory, be reversed.

Neutrality vs. intervention

For some, freezing those coins would undermine bitcoin’s foundational neutrality.

“Bitcoin’s structure treats all UTXOs equally,” said Nima Beni, founder of Bitlease. “It does not distinguish based on wallet age, identity, or perceived future threat. That neutrality is foundational to the protocol’s credibility.”

Creating exceptions, even for security reasons, alters that architecture, he said. Once authority exists to freeze coins for protection, it exists for other justifications as well.

Georgii Verbitskii, founder of crypto investor app TYMIO, raised a relevant concern: the network has no reliable way to determine which coins are lost and which are simply dormant.

“Distinguishing between coins that are truly lost and coins that are simply dormant is practically impossible,” Verbitskii said. “From a protocol perspective, there is no reliable way to tell the difference.”

For this camp, the solution lies in upgrading cryptography and enabling voluntary migration to quantum-resistant signatures, rather than rewriting ownership conditions at the protocol layer.

Let the math decide

Others argue that intervention would violate Bitcoin’s core principle: private keys control coins.

Paolo Ardoino, CEO of Tether, suggested that allowing old coins to reenter circulation, even if through quantum breakthroughs, may be preferable to altering consensus rules.

"Any bitcoin in lost wallets, including Satoshi (if not alive), will be hacked and put back in circulation," he continued. "Any inflationary effect from lost coins returning to circulation would be temporary, the thinking goes, and the market would eventually absorb it.”

Under this view, “code is law”: if cryptography evolves, coins move.

Roya Mahboob, CEO and founder of Digital Citizen Fund, took a similar hardline stance. “No, freezing old Satoshi-era addresses would violate immutability and property rights,” she told CoinDesk. “Even coins from 2009 are protected by the same rules as coins mined today.”

If quantum systems eventually crack exposed keys, she added, “whoever solves them first should claim the coins.”

However, Mahboob said she expects upgrades driven by ongoing research among Bitcoin Core developers to strengthen the protocol before any serious threat materializes.

The case for burning

Jameson Lopp said that allowing quantum attackers to sweep vulnerable coins would amount to a massive redistribution of wealth to whoever first gains access to advanced quantum hardware.

In his essay Against Allowing Quantum Recovery of Bitcoin, Lopp rejects the term “confiscation” when describing a defensive soft fork. “I don't think ‘confiscation’ is the most precise term to use,” Lopp wrote. “Rather, what we're really discussing would be better described as ‘burning’ rather than placing the funds out of reach of everyone.”

Such a move would likely require a soft fork, rendering vulnerable outputs unspendable unless migrated to upgraded quantum-resistant addresses before a deadline — a change that would demand broad social consensus.

Allowing quantum recovery, he adds, would reward technological supremacy rather than productive participation in the network. “Quantum miners don't trade anything,” Lopp wrote. “They are vampires feeding upon the system.”

How close is the threat?

While the philosophical debate intensifies, the technical timeline remains contested.

Zeynep Koruturk, managing partner at Firgun Ventures, said the quantum community was “stunned” when recent research suggested fewer physical qubits than previously assumed may be required to break widely used encryption systems like RSA-2048.

“If this can be proven in the lab and corroborated, the timeline for decrypting RSA-2048 could, in theory, be shortened to two to three years,” she said, noting that advances in large-scale fault-tolerant systems would eventually apply to elliptic curve cryptography as well.

Others urge caution.

Aerie Trouw, co-founder and CTO of XYO, believes “we’re still far enough away that there’s no practical reason to panic,”

Frederic Fosco, co-founder of OP_NET, was more direct. Even if such a machine emerged, “you upgrade the cryptography. That’s it. This isn’t a philosophical dilemma: it’s an engineering problem with a known solution.”

In the end, the question is about governance, timing and philosophy — and whether the Bitcoin community can reach consensus before quantum computing becomes a real and present threat.

Freezing vulnerable coins would challenge Bitcoin’s claim of immutability. Allowing them to be swept would challenge its commitment to fairness.