Coinbase Report: ~7 Million Bitcoin at Risk of Quantum Attack Due to Address Reuse
Claire Weston
A Coinbase advisory board estimates roughly 7 million BTC sit in quantum-vulnerable addresses — and 5 million of those belong to active users, some held in known exchange cold wallets. This is not a distant sci-fi scenario; it is a migration that needs to start now.
Where are these 7 million bitcoin exposed?
The report splits the risk into two buckets. The first: roughly 1.7 million BTC spread across ~20,000 legacy P2PK addresses — an early format that writes the public key directly on-chain for anyone to see. Most are thought to belong to Bitcoin's creator or early holders who lost their private keys.
The second bucket is far larger: about 5 million BTC whose public keys have been exposed through address reuse — sending or receiving multiple times from the same address. This means → once a quantum computer can crack a public key, those coins could be swept outright.
Crucially, the report cites quantum-security group Project Eleven, noting that most of this 5-million tranche belongs to active users — some sitting in known exchange cold wallets — though it names no specific exchange.
"Freeze" or "don't freeze" — what is the fight about?
One camp wants a hard deadline: after that date, quantum-fragile signatures like ECDSA and Schnorr (the two signature algorithms Bitcoin mainly uses today) would no longer be accepted. Coins not migrated in time would be permanently frozen. The logic: broken cryptography can no longer prove ownership, and freezing prevents sanctioned actors like North Korea from mass-stealing bitcoin after a quantum breakthrough.
The other camp argues that forced freezing amounts to confiscation at the network level, violating Bitcoin's property-rights ethos. In plain terms = you cannot tell apart a "lazy holder who forgot to migrate" from a "legitimate owner who is in prison, deceased, or temporarily locked out of their keys."
This reflects the deepest tension in Bitcoin governance: there is no painless choice between a security upgrade and the inviolability of property rights.
Three compromise proposals — why does the committee endorse none?
The "Hourglass" design: cap the number of P2PK coins that can move per block. In plain terms = even if a quantum computer breaks through, it cannot drain all vulnerable coins at once — the market gets a buffer.
BIP-361 draft: disable legacy signatures but let users prove ownership via a quantum-resistant zero-knowledge proof — a mathematical method that proves "I know the secret" without revealing the secret itself. This works for wallets generated from a seed phrase.
PACT (Provable Address Control Timestamps), proposed by Paradigm researcher Dan Robinson: lets holders pre-commit to a future quantum-safe transfer without publicly moving funds. This means → you can "book" your migration now, no need to wait until the last minute.
The committee explicitly declines to endorse any single proposal, saying the final call belongs to the Bitcoin community.
What should happen now?
The committee makes two concrete recommendations. First, developers should begin technical migration to post-quantum signatures immediately. This work is independent of the "should abandoned coins be frozen" debate and need not wait for it to resolve.
Second, users need a clearer timeline and migration roadmap to prevent an information vacuum from triggering panic.
The report stresses that no quantum computer today can break blockchain cryptography; the timeline for the threat remains highly uncertain. But migration and governance debates each need years of lead time — by the time a quantum machine actually has the power to crack keys, it will be too late to start.
Content is for reference only, not financial advice.