Written by: Liu Jiaolian
Recently, quantum computing FUD has returned.
This time, the alarm is sounded by Coinbase, the largest regulated exchange in the United States. On April 22, Coinbase's independent advisory council on quantum computing and blockchain released a report specifically pointing out that blockchains adopting the Proof of Stake (PoS) mechanism, such as Ethereum and Solana, may face greater quantum risks than Bitcoin [1].
What did Coinbase say?
Let's take a look at the core content of the report.
Coinbase's advisory council pointed out that PoS chains face two main risk points:
First, validator signatures. Ethereum uses BLS signatures, while Solana uses ed25519 signatures. These signature mechanisms are the cornerstone for PoS chains to reach consensus. If future quantum computers become powerful enough to crack these signatures, an attacker could forge a validator's identity, thereby threatening the security of the entire network.
Second, wallet signatures. Whether PoS or PoW, the digital signatures that user wallets use to prove ownership also face the risk of being compromised by quantum attacks. The report specifically mentions that approximately 6.9 million bitcoins are stored in addresses where the public keys have been exposed, placing them in a high-risk category.
However, the report immediately follows with a very important statement: Currently, there are no quantum computers capable of cracking modern cryptographic signatures; such machines would need to be far more powerful than existing systems [1].
A spokesperson for Coinbase stated more plainly: Customer assets are still safe today, and the industry should not equate "not urgent" with "not important" [1].
Why are PoS chains more vulnerable?
Jiaolian mentioned in the "Practical Guide to Preventing Quantum Computing Threats" that Bitcoin addresses are of two types: one is P2PKH addresses (starting with 1), which store the hash of the public key while keeping the public key itself hidden; the other is P2PK addresses (starting with 04), which expose the public key directly. Only a few very early legacy addresses are in this format [2].
Satoshi Nakamoto mentioned back in 2010: To make Bitcoin addresses shorter, they adopted the hash of the public key rather than the public key itself. This way, the security of the transactions sent to the Bitcoin address only depends on the security of the hash [3].
Hash functions inherently resist quantum computing. Grover's algorithm can only reduce the difficulty of attacking the hash from 2^256 to 2^128, which is still an astronomical figure.
But the situation is different for PoS chains.
Validators on Ethereum need to frequently use BLS signatures to participate in consensus, and the public keys of these signatures are exposed. Solana is similar, with its ed25519 signatures also exposing the public key. This means that once Shor's algorithm is practical, these exposed public keys can be directly reverse-engineered to find the private keys, without hash protection.
Moreover, the consensus mechanism of PoS chains relies on these signatures. As Coinbase's report stated: The challenge for PoS chains is not just upgrading wallets; the core consensus mechanism itself may need to be redesigned [1].
What about Bitcoin's PoW mechanism? The Coinbase report also provided an assessment: Quantum computers running Grover's algorithm could theoretically solve PoW puzzles more quickly, but at the current scale of PoW puzzles, the costs of running Grover's algorithm exceed its theoretical advantages [1].
Translated into plain language, the threat of quantum computing to PoS chains is far greater than to Bitcoin mining.
The path to upgrades: Unique challenges for PoS chains
The Coinbase report also highlighted a key issue: Ethereum developers are indeed already taking action.
The report noted that Ethereum co-founder Vitalik Buterin proposed a solution in February this year, intending to replace BLS validator signatures, KZG commitments, and ECDSA wallet signatures with quantum-resistant alternatives [1].
This sounds good, but the challenge lies in scale.
Coinbase's advisory council pointed out that quantum-resistant signatures are significantly larger than existing signatures, which can affect transaction speed, storage costs, and network throughput. For a network like Ethereum that is already facing scalability challenges, this is no small issue.
The report also raised a tricky question: What about wallets that will never be upgraded? Lost keys, inactive accounts, abandoned wallets—if quantum attacks become possible, these assets will be permanently exposed [1].
This issue is more severe on PoS chains than on Bitcoin. Because Bitcoin users can migrate their coins to new addresses, but the staking assets and validator nodes on PoS chains are tied to the economic security and governance structure of the entire network.
Bitcoin's preparedness and advantages
Jiaolian has consistently emphasized one point: Bitcoin is alive; it can upgrade.
The Taproot upgrade at the end of 2021 has already paved the way for future changes in signature algorithms. The Bitcoin community has also been keeping track of the latest developments in quantum-resistant algorithms.
Blockstream CEO Adam Back recently stated in an interview with Bloomberg: The prudent approach is to prepare Bitcoin and provide people the option to migrate their keys to quantum-resistant formats. The longer Bitcoin users have to migrate their keys, the safer it is [1].
The Coinbase report also acknowledges that Bitcoin's core infrastructure—including the mining process, hash functions, and historical ledgers—is not currently believed to have substantial vulnerabilities under existing understandings [1].
This is not because Bitcoin has any magic; it is because it was designed to be more conservative from the beginning. Hash protection, address non-reuse, and decentralized governance—these features make Bitcoin much more resilient in the face of quantum threats than those high-performance PoS chains.
The real value of Coinbase's report is not to create panic but rather to remind the industry: Quantum threats are a real long-term risk that needs planning, but there is no need to panic.
The final paragraph of the report states well: A quantum computer with cryptographic relevance would still need to achieve a significant leap from today’s systems, but upgrading wallets, exchanges, custodians, and decentralized networks is a multi-year undertaking. That is why we are releasing this report now: to base discussions on science rather than hype, clarify what truly faces risks, and help the industry start making practical migration decisions early [1].
a16z crypto also provided a similar judgment in a lengthy article released earlier this year: The probability of a fault-tolerant quantum computer capable of cracking secp256k1 or RSA-2048 appearing within the next five years is extremely low [4].
Jiaolian's attitude has always been clear: Stay alert, but do not panic.
The challenges for PoS chains are greater than for Bitcoin, that is a fact. But this does not mean something will happen tomorrow. The industry has ample time to prepare, test, and upgrade.
After all, the most dangerous thing is not the threat itself, but the misjudgment of the threat—either overreacting or completely ignoring it.
References:
[2] Liu Jiaolian, "Practical Guide to Preventing Quantum Computing Threats", Dec 20, 2024.
[3] Liu Jiaolian, "History of Bitcoin", 2023.
[4] a16z crypto, "Quantum Computing and Blockchain: Separating Signal from Noise", Jan 25, 2026.
免责声明:本文章仅代表作者个人观点,不代表本平台的立场和观点。本文章仅供信息分享,不构成对任何人的任何投资建议。用户与作者之间的任何争议,与本平台无关。如网页中刊载的文章或图片涉及侵权,请提供相关的权利证明和身份证明发送邮件到support@aicoin.com,本平台相关工作人员将会进行核查。
