Written by: Nancy, PANews
Quantum attacks have long been part of the narrative surrounding Bitcoin. In the past, this threat was often viewed as a theoretical black swan. However, with the rapid evolution of quantum computing technology, this controversy seems to be shifting.
Recently, Nic Carter, co-founder of Castle Island Ventures, pointed out that quantum computing is only an "engineering problem" away from breaking Bitcoin. This assertion has sparked division within the community, with some accusing him of deliberately inciting panic, while others believe it is a survival crisis that needs to be addressed urgently. Meanwhile, many crypto projects are already taking precautions, actively exploring and deploying defenses against quantum attacks.
Quantum Attack Alarm Upgraded? Protocol Modifications Could Take a Decade
The threat of quantum computing to Bitcoin is not a new topic. Recently, the rapid advancements in quantum computing technology have brought this issue back to the forefront. For instance, Google's latest quantum processor has demonstrated computational speeds that empirically surpass the world's most powerful supercomputers for specific tasks. While such breakthroughs do not directly threaten Bitcoin, they have intensified discussions about Bitcoin's security.
Last weekend, Bitcoin advocate Nic Carter published a lengthy article criticizing Bitcoin developers for being in a dreamlike state, heading towards a crisis that could lead to system collapse.
The core of the article points out that the elliptic curve cryptography (ECC) on which Bitcoin relies can theoretically be broken by the algorithm proposed by computer scientist Peter Shor. Satoshi Nakamoto considered this when designing Bitcoin and believed that Bitcoin would need to upgrade when quantum computing became sufficiently powerful. Although quantum computing power is still several orders of magnitude away from breaking the theoretical threshold, breakthroughs in quantum technology are accelerating. Renowned quantum theorist Scott Aaronson has described it as an "extremely difficult engineering problem," rather than a question requiring new fundamental physical discoveries. This year, significant progress has been made in error correction technology and funding in the quantum field, with institutions like NIST (National Institute of Standards and Technology) calling for the abandonment of existing cryptographic algorithms between 2030 and 2035.
2025 Quantum Computing Landscape
Carter noted that approximately 6.7 million BTC (worth over $600 billion) are directly exposed to the risk of quantum attacks. More troubling is that about 1.7 million of these belong to Satoshi Nakamoto and early miners' P2PK addresses, which are in a state of "permanent loss." Even if Bitcoin upgrades to quantum-resistant signatures, these unclaimed "zombie coins" cannot be migrated. At that time, the community will face a cruel dilemma: either violate the absolute tenet of "private property is inviolable" by forcibly freezing these assets through a hard fork, leading to a crisis of faith, or allow quantum attackers to steal these coins and become the largest holders, resulting in a market collapse.
In theory, Bitcoin could undergo a soft fork and adopt post-quantum (PQ) signature schemes. There are indeed some quantum-resistant cryptographic signature schemes available. However, the main issue lies in determining the specific post-quantum scheme, organizing the soft fork, and the arduous task of migrating tens of millions of addresses with balances. Referring to the past upgrade processes of SegWit and Taproot, discussions, development, and consensus on quantum-resistant migration could take up to ten years, and such delays could be fatal. Carter criticized developers for falling into a severe strategic misjudgment, as over the past decade, vast resources have been spent on scaling the Lightning Network or minor debates, showing extreme cautiousness towards slight changes in block size and scripts, yet displaying puzzling indifference and complacency towards this threat that could bring the system to zero.
In contrast, Ethereum and other public chains, with their more flexible governance mechanisms or already initiated post-quantum testing, far exceed Bitcoin in resilience. Carter warned that if this "elephant in the room" continues to be ignored, when the crisis hits, hasty panic responses, emergency forks, and even civil wars within the community may destroy institutional trust in Bitcoin even before the quantum attack itself.
Carter's remarks quickly sparked community discussions. Bitcoin Core developer Jameson Lopp responded, stating, "I have been publicly discussing the risks posed by quantum computing to Bitcoin for 18 months. My main conclusion is: I sincerely hope that the development of quantum computing can stagnate or even recede because adapting Bitcoin to the post-quantum era will be very tricky for many reasons. Quantum computers will not disrupt Bitcoin in the short term. We will continue to monitor their development. However, thoughtful modifications to the protocol (and unprecedented fund migrations) may take 5 to 10 years. We should hope for the best but prepare for the worst."
However, this viewpoint has also sparked considerable controversy. For example, Blockstream CEO Adam Back criticized Carter for exaggerating concerns about the potential threat of quantum computing to Bitcoin. Bitcoin expert Pledditor stated that Carter is deliberately creating anxiety, as his fund (Castle Island Ventures) has invested in a startup that sells tools for transitioning blockchain to resist quantum attacks.
Multiple Perspectives on the Quantum Challenge: Timing Judgments, Technical Responses, and Implementation Difficulties
Regarding whether quantum computing will threaten Bitcoin's security, Bitcoin OGs, VCs, asset managers, and practitioners have provided different judgments. Some believe this is an imminent systemic risk, while others view it as an exaggerated technological bubble, and some think that the quantum threat may actually strengthen Bitcoin's value narrative.
For ordinary investors, the core question is simple: when will the threat arrive? The current mainstream consensus in the industry leans towards no need for panic in the short term, but the long-term risk is real.
Grayscale's "2026 Digital Asset Outlook" clearly states that while the quantum threat is real, for the market in 2026, it is merely a "false alarm" and will not affect short-term valuations; F2Pool co-founder Wang Chun bluntly stated that quantum computing is still a "bubble," and even following Moore's Law, it will take 30 to 50 years to substantially break Bitcoin's cryptographic standard (secp256k1); a16z also pointed out in their report that the likelihood of a computer capable of breaking modern cryptographic systems appearing before 2030 is extremely low; early Bitcoin proponent Adam Back also holds an optimistic view, believing that Bitcoin is safe for at least 20 to 40 years, and that NIST has approved post-quantum cryptographic standards, giving Bitcoin ample time to upgrade.
However, Charles Edwards, founder of crypto asset management firm Capriole Investment, issued a warning, believing the threat is closer than commonly recognized, urging the community to build a defense system before 2026, or risk Bitcoin "going to zero" in the quantum race.
When quantum attacks do arrive, the magnitude of the risk depends on how Bitcoin is stored and how long it has been held. Long-term Bitcoin holders Willy Woo and Deloitte have pointed out that P2PK (direct public key, currently holding about 1.718 million BTC) addresses will be heavily affected. The reason is that early Bitcoin addresses (like those used by Satoshi Nakamoto) directly expose the full public key on-chain when spending or receiving. Theoretically, quantum computers could reverse-engineer the private key from the public key. Once the defenses are breached, these addresses will be the first to suffer. If not transferred in time, these assets could be "targeted for elimination."
However, Willy Woo also added that newer types of Bitcoin addresses are not as easily susceptible to quantum attacks because they do not expose the full public key on-chain; if the public key is unknown, quantum computers cannot generate the corresponding private key. Therefore, the vast majority of ordinary users' assets will not immediately face risk. If the market experiences a flash crash due to quantum panic, it could present a good opportunity for Bitcoin OGs to enter.
From a technical perspective, there are already solutions in the market, such as upgrading to quantum-resistant signatures, but as mentioned earlier, the challenge lies in the difficulty of implementation.
a16z recently pointed out that Bitcoin faces two major real dilemmas: first, inefficient governance, as Bitcoin's upgrades are extremely slow; if the community cannot reach a consensus, it could lead to destructive hard forks; second, the need for proactive migration, as upgrades cannot be passively completed; users must actively transfer their assets to new addresses. This means that a large number of dormant coins will lose protection. It is estimated that the number of Bitcoins that are vulnerable to quantum attacks and may be abandoned could reach millions, with a current market value of up to hundreds of billions of dollars.
Charles Hoskinson, founder of Cardano, also added that fully deploying quantum-resistant encryption is costly. The quantum-resistant encryption scheme was standardized by the National Institute of Standards and Technology in 2024, but without hardware acceleration support, its computational costs and data scale will significantly reduce blockchain throughput, potentially resulting in about an order of magnitude performance loss. He pointed out that determining whether the quantum computing risk has entered a usable phase should reference DARPA's quantum benchmarking program (expected to assess feasibility in 2033). Only when the scientific community confirms that quantum hardware can stably perform destructive computations will there be an urgent need to fully switch encryption algorithms. Acting too early merely wastes scarce on-chain resources on immature technologies.
Michael Saylor, co-founder of Strategy, responded that any changes to the protocol should be approached with extreme caution. The essence of Bitcoin is a monetary protocol, and its lack of rapid changes and frequent iterations is precisely its advantage, not a flaw. Therefore, modifications to the Bitcoin protocol must be extremely conservative and must ensure global consensus. "If you want to destroy the Bitcoin network, one of the most effective ways is to give a group of exceptionally talented developers unlimited funds to keep improving it."
Saylor also stated that as the network eventually upgrades, active Bitcoins will migrate to secure addresses, while those Bitcoins that have lost their private keys or are inoperable (including those locked by quantum computers) will be permanently frozen. This will lead to a reduction in Bitcoin's effective supply, making it even stronger.
From Theory to Practice, Public Chains Launch Quantum Defense Wars
Although the quantum storm has not yet arrived, public chains have already launched their defense battles.
In the Bitcoin community, on December 5 of this year, researchers Mikhail Kudinov and Jonas Nick from Blockstream published a revised paper proposing that hash-based signature technology may be the key solution to protect the $1.8 trillion Bitcoin blockchain from quantum computer threats. The researchers believe that hash-based signatures are a compelling post-quantum solution because their security relies entirely on mechanisms similar to the hash function assumptions already present in Bitcoin's design. This solution has undergone extensive cryptographic analysis in the post-quantum standardization process by the National Institute of Standards and Technology, enhancing its robustness credibility.
Ethereum has incorporated post-quantum cryptography (PQC) into its long-term roadmap, particularly as an important goal in the Splurge phase to address future threats from quantum computing. The strategy employs a hierarchical upgrade, using L2 as a testing sandbox to run quantum-resistant algorithms, with candidate technologies including lattice-based and hash-based cryptography, ensuring a smooth transition while protecting L1 security. Recently, Ethereum co-founder Vitalik Buterin warned again that quantum computers could break Ethereum's elliptic curve encryption by 2028. He urged the Ethereum community to upgrade to quantum-resistant encryption within four years to protect network security and suggested that innovation should focus on layer two solutions, wallets, and privacy tools rather than frequently changing the core protocol.
Emerging public chains are also putting quantum-resistant solutions on their agenda. For example, recently Aptos announced a proposal to introduce quantum-resistant signatures, AIP-137, which plans to support quantum-resistant digital signature schemes at the account level to address the long-term risks that the development of quantum computing may pose to existing cryptographic mechanisms. This solution will be introduced as an optional feature and will not affect existing accounts. According to the proposal, Aptos intends to support the hash-based signature scheme SLH-DSA, which has been standardized as FIPS 205.
The Solana Foundation also recently announced a partnership with the post-quantum security company Project Eleven to advance the quantum security layout of the Solana network. As part of the collaboration, Project Eleven has conducted a comprehensive quantum threat assessment of the Solana ecosystem, covering core protocols, user wallets, validator security, and long-term cryptographic assumptions, and has successfully prototyped a Solana testnet that employs post-quantum digital signatures, validating the feasibility and scalability of end-to-end quantum-resistant transactions in real-world environments.
Cardano is currently adopting a gradual approach to address future quantum computing threats, such as establishing post-quantum checkpoints for the blockchain using the Mithril protocol, adding redundancy without affecting the current performance of the mainnet. Once hardware acceleration matures, post-quantum solutions will be gradually integrated into the main chain, including comprehensive replacements for VRF, signatures, and more. This approach is akin to placing lifeboats on the deck first and observing whether a storm truly forms, rather than hastily transforming the entire ship into a slow steel fortress before the storm arrives.
Zcash has developed a quantum-recoverable mechanism that allows users to migrate old assets to a more secure post-quantum mode.
Overall, although the quantum crisis has not yet reached our doorstep, the accelerating pace of its technological evolution is an undeniable fact, and defensive strategies are becoming a reality that crypto projects must confront. More public chains are expected to join this offensive and defensive battle in the future.
免责声明:本文章仅代表作者个人观点,不代表本平台的立场和观点。本文章仅供信息分享,不构成对任何人的任何投资建议。用户与作者之间的任何争议,与本平台无关。如网页中刊载的文章或图片涉及侵权,请提供相关的权利证明和身份证明发送邮件到support@aicoin.com,本平台相关工作人员将会进行核查。
