Author: Nancy, PANews
Quantum attacks have long been part of the narrative surrounding Bitcoin. In the past, this threat was often viewed as a theoretical black swan. However, with the rapid evolution of quantum computing technology, this controversy seems to be shifting.
Recently, Nic Carter, co-founder of Castle Island Ventures, pointed out that quantum computing is only an "engineering challenge" away from breaking Bitcoin. This assertion has sparked division within the community, with some accusing him of deliberately inciting panic, while others believe it is a survival crisis that needs to be addressed urgently. Meanwhile, many crypto projects are already taking precautions, actively exploring and deploying defenses against quantum attacks.
Quantum Attack Alarm Upgraded? Protocol Modifications Could Take a Decade
The threat of quantum computing to Bitcoin is not a new topic. Recently, the rapid advancements in quantum computing technology have brought this issue back to the forefront. For instance, Google's latest quantum processor has demonstrated computational speeds that empirically surpass the world's most powerful supercomputers for specific tasks. While such breakthroughs do not directly threaten Bitcoin, they have intensified discussions about Bitcoin's security.
Last weekend, Bitcoin advocate Nic Carter published a lengthy article criticizing Bitcoin developers for being in a dreamlike state, heading towards a crisis that could lead to system collapse.
The core of the article points out that the elliptic curve cryptography (ECC) on which Bitcoin relies can theoretically be broken by the algorithm proposed by computer scientist Peter Shor. Satoshi Nakamoto considered this when designing Bitcoin and believed that Bitcoin would need to upgrade when quantum computing became sufficiently powerful. Although quantum computing power is still several orders of magnitude away from breaking the theoretical threshold, breakthroughs in quantum technology are accelerating. Renowned quantum theorist Scott Aaronson has referred to it as an "extremely difficult engineering problem," rather than a question requiring new fundamental physical discoveries. This year, significant progress has been made in error correction technology and funding in the quantum field, with institutions like NIST (National Institute of Standards and Technology) calling for the abandonment of existing cryptographic algorithms between 2030 and 2035.
2025 Quantum Computing Panorama
Carter pointed out that approximately 6.7 million BTC (worth over $600 billion) are currently directly exposed to the risk of quantum attacks. More troubling is that this includes about 1.7 million BTC belonging to Satoshi Nakamoto and early miners in P2PK addresses, which are in a state of "permanent loss." Even if Bitcoin upgrades to quantum-resistant signatures, these unclaimed "zombie coins" cannot be migrated. At that time, the community will face a cruel dilemma: either violate the absolute tenet of "private property is inviolable" by forcibly freezing these assets through a hard fork, leading to a crisis of faith, or allow quantum attackers to steal these coins and become the largest holders, resulting in a market collapse.
In theory, Bitcoin could undergo a soft fork and adopt post-quantum (PQ) signature schemes. There are indeed some quantum-resistant cryptographic signature schemes available. However, the main issue lies in determining the specific post-quantum scheme, organizing the soft fork, and the arduous task of migrating tens of millions of addresses with balances. Referring to the past upgrade processes of SegWit and Taproot, discussions, development, and consensus on quantum-resistant migration could take up to ten years, and such delays could be fatal. Carter criticized developers for falling into a severe strategic misjudgment, as over the past decade, vast resources have been spent on scaling the Lightning Network or minor debates, showing extreme caution towards slight changes in block size and scripts, yet displaying puzzling indifference and complacency towards this threat that could bring the system to zero.
In contrast, Ethereum and other public chains, with their more flexible governance mechanisms or already initiated post-quantum testing, far exceed Bitcoin in resilience. Carter warned that if this "elephant in the room" continues to be ignored, when the crisis hits, hasty panic responses, emergency forks, and even civil wars within the community may destroy institutional trust in Bitcoin even more than the quantum attacks themselves.
Carter's remarks quickly sparked community discussions. Bitcoin Core developer Jameson Lopp responded, stating, "I have been publicly discussing the risks posed by quantum computing to Bitcoin for 18 months. My main conclusion is: I sincerely hope that the development of quantum computing can stagnate or even recede, because adapting Bitcoin to the post-quantum era will be very tricky for many reasons. Quantum computers will not disrupt Bitcoin in the short term. We will continue to monitor their development. However, thoughtful modifications to the protocol (and unprecedented fund migrations) may take 5 to 10 years. We should hope for the best but prepare for the worst."
However, this viewpoint has also sparked considerable controversy. For example, Blockstream CEO Adam Back criticized Carter for exaggerating concerns about the potential threat of quantum computing to Bitcoin. Bitcoin expert Pledditor stated that Carter is deliberately creating anxiety, as his fund (Castle Island Ventures) has invested in a startup that sells tools for transitioning blockchains to be quantum-resistant.
Multiple Perspectives on the Quantum Challenge: Timing Judgments, Technical Responses, and Implementation Issues
Regarding whether quantum computing will threaten Bitcoin's security, Bitcoin OGs, VCs, asset managers, and practitioners have provided different judgments. Some believe this is an imminent systemic risk, while others view it as an exaggerated technological bubble, and some think that the quantum threat may actually strengthen Bitcoin's value narrative.
For ordinary investors, there is only one core question: when will the threat arrive? The current mainstream consensus in the industry leans towards the idea that there is no need to panic in the short term, but long-term risks are real.
Grayscale's "2026 Digital Asset Outlook" clearly states that although the quantum threat is real, for the market in 2026, this is just a "false alarm" and will not affect short-term valuations; F2Pool co-founder Wang Chun bluntly stated that quantum computing is still a "bubble," and even following Moore's Law, it will take 30 to 50 years to substantially break Bitcoin's cryptographic standard (secp256k1); a16z also pointed out in their report that the likelihood of a computer capable of breaking modern cryptographic systems appearing before 2030 is extremely low; early Bitcoin proponent Adam Back also holds an optimistic view, believing that Bitcoin is safe for at least the next 20 to 40 years, and that NIST has already approved post-quantum cryptographic standards, giving Bitcoin ample time to upgrade.
However, Charles Edwards, founder of crypto asset management firm Capriole Investment, issued a warning, believing the threat is closer than commonly perceived, urging the community to build a defense system before 2026, or risk Bitcoin "going to zero" due to being late in the quantum race.
When quantum attacks do arrive, the magnitude of the risk depends on how Bitcoin is stored and how long it has been held. Long-term Bitcoin holders Willy Woo and Deloitte have pointed out that P2PK (Pay-to-Public-Key, currently holding about 1.718 million BTC) addresses will be the hardest hit. The reason is that early Bitcoin addresses (like those used by Satoshi Nakamoto) directly expose the complete public key on-chain when spending or receiving. Theoretically, quantum computers could reverse-engineer the private key from the public key. Once the defenses are breached, these addresses will be the first to suffer. If not transferred in time, these assets could be "targeted for elimination."
However, Willy Woo also added that newer types of Bitcoin addresses are not as easily susceptible to quantum attacks because they do not expose the complete public key on-chain; if the public key is unknown, quantum computers cannot generate the corresponding private key. Therefore, the vast majority of ordinary users' assets will not immediately face risks. If the market experiences a flash crash due to quantum panic, it could present a good opportunity for Bitcoin OGs to enter.
From a technical perspective, there are already solutions in the market, such as upgrading to quantum-resistant signatures, but as mentioned earlier, the challenge lies in the difficulty of implementation.
a16z recently pointed out sharply that Bitcoin faces two major real dilemmas: first, inefficient governance, as Bitcoin upgrades are extremely slow, and if the community cannot reach a consensus, it could lead to destructive hard forks; second, the proactivity of migration, as upgrades cannot be passively completed; users must actively transfer their assets to new addresses. This means that a large number of dormant coins will lose protection. It is estimated that the number of Bitcoins that are vulnerable to quantum attacks and may be abandoned could reach millions, with a current market value of up to hundreds of billions of dollars.
Charles Hoskinson, founder of Cardano, also added that the cost of fully deploying quantum-resistant encryption is high. The quantum-resistant encryption scheme was standardized by the National Institute of Standards and Technology in 2024, but without hardware acceleration support, its computational costs and data scale will significantly reduce blockchain throughput, potentially resulting in about an order of magnitude performance loss. He pointed out that determining whether the quantum computing risk has entered a usable phase should refer more to DARPA's quantum benchmarking program (expected to assess feasibility in 2033). Only when the scientific community confirms that quantum hardware can stably perform destructive computations will there be an urgent need to fully switch encryption algorithms. Acting too early would merely waste scarce on-chain resources on immature technologies.
Michael Saylor, co-founder of Strategy, responded by stating that any changes to the protocol should be approached with extreme caution. The essence of Bitcoin is a monetary protocol, and its lack of rapid changes and frequent iterations is precisely its advantage, not a flaw. Therefore, modifications to the Bitcoin protocol must be extremely conservative and must ensure global consensus is reached. "If you want to destroy the Bitcoin network, one of the most effective ways is to give a group of exceptionally talented developers unlimited funds to keep improving it."
Saylor also stated that as the network eventually upgrades, active Bitcoins will migrate to secure addresses, while those Bitcoins that have lost their private keys or are inoperable (including those locked by quantum computers) will be permanently frozen. This will lead to a reduction in Bitcoin's effective supply, making it even stronger.
From Theory to Practice: Public Chains Launch Quantum Defense Wars
Although the quantum storm has not yet arrived, public chains have already launched their defense battles.
In the Bitcoin community, on December 5 of this year, researchers Mikhail Kudinov and Jonas Nick from Blockstream published a revised paper proposing that hash-based signature technology may be the key solution to protect the $1.8 trillion Bitcoin blockchain from quantum computer threats. The researchers believe that hash-based signatures are a compelling post-quantum solution because their security relies entirely on mechanisms similar to the hash function assumptions already present in Bitcoin's design. This solution has undergone extensive cryptographic analysis during the post-quantum standardization process by the National Institute of Standards and Technology, enhancing its credibility for robustness.
Ethereum has incorporated post-quantum cryptography (PQC) into its long-term roadmap, particularly as an important goal in the Splurge phase, to address the threats posed by future quantum computing. The strategy employs a hierarchical upgrade approach, utilizing L2 as a testing sandbox for running quantum-resistant algorithms. Candidate technologies include lattice-based and hash-based cryptography, ensuring a smooth transition while protecting L1 security. Recently, Ethereum co-founder Vitalik Buterin warned again that quantum computers could break Ethereum's elliptic curve encryption by 2028. He urged the Ethereum community to upgrade to quantum-resistant encryption within four years to safeguard network security and suggested that innovation should focus on layer two solutions, wallets, and privacy tools rather than frequent changes to the core protocol.
Emerging public chains are also prioritizing quantum-resistant solutions. For instance, Aptos recently announced a proposal to introduce quantum-resistant signatures, AIP-137, which plans to support quantum-resistant digital signature schemes at the account level to address the long-term risks that the development of quantum computing may pose to existing cryptographic mechanisms. This proposal will be introduced optionally and will not affect existing accounts. According to the proposal, Aptos intends to support the hash-based signature scheme SLH-DSA, which has been standardized as FIPS 205.
The Solana Foundation also recently announced a partnership with the post-quantum security company Project Eleven to advance the quantum security layout of the Solana network. As part of the collaboration, Project Eleven has conducted a comprehensive quantum threat assessment of the Solana ecosystem, covering core protocols, user wallets, validator security, and long-term cryptographic assumptions. They have successfully prototyped and deployed a Solana testnet using post-quantum digital signatures, validating the feasibility and scalability of end-to-end quantum-resistant transactions in real-world environments.
Cardano is currently adopting a gradual approach to address future quantum computing threats, such as establishing post-quantum checkpoints for the blockchain using the Mithril protocol, adding redundancy without affecting the current performance of the mainnet. Once hardware acceleration matures, post-quantum solutions will be gradually integrated into the main chain, including comprehensive replacements for VRF, signatures, and more. This approach is akin to placing lifeboats on the deck first and observing whether the storm truly forms, rather than hastily transforming the entire ship into a sluggish steel fortress before the storm arrives.
Zcash has developed a quantum-recoverable mechanism that allows users to migrate old assets to a more secure post-quantum mode.
Overall, although the quantum crisis has not yet reached a critical point, the accelerating pace of its technological evolution is an undeniable fact. Defensive strategies are becoming a reality that crypto projects must confront, and more public chains are expected to join this offensive and defensive battle in the future.
免责声明:本文章仅代表作者个人观点,不代表本平台的立场和观点。本文章仅供信息分享,不构成对任何人的任何投资建议。用户与作者之间的任何争议,与本平台无关。如网页中刊载的文章或图片涉及侵权,请提供相关的权利证明和身份证明发送邮件到support@aicoin.com,本平台相关工作人员将会进行核查。
