BTC $69 464,79 +1.45%
ETH $2 076,46 +2.07%
USDT $0,9992 0.04%
BNB $641,58 +0.16%
XRP $1,42 0.53%
USDC $0,9998 0.01%
SOL $86,94 +1.09%
TRX $0,2768 +1.04%
DOGE $0,0966 +0.37%
BCH $522,68 0.04%
ADA $0,2704 +0.36%
HYPE $31,02 6.09%
LEO $8,23 +3.93%
USDe $0,9986 0.02%
CC $0,1684 1.91%
LINK $8,81 +0.75%
XMR $324,80 +0.66%
DAI $0,9997 0.01%
USD1 $1,00 0.03%
XLM $0,1602 +0.28%
Home News

CoinShares: Bitcoin’s quantum risk is manageable, not an immediate crisis

admin admin
Feb 06, 2026, 7:37 PM
CoinShares: Bitcoin’s quantum risk is manageable

The idea of quantum computers cracking Bitcoin’s cryptography won’t die, and CoinShares argues that’s not a bad thing. In a research note titled “Quantum vulnerability in Bitcoin: a manageable risk,” the firm says quantum threats should be treated as a foreseeable engineering consideration, not a looming catastrophe — and that the industry needs to separate evidence-based analysis from speculation and “self-serving grift.”

CoinShares’ core claim is simple: practical quantum attacks on Bitcoin are not imminent, and even in a future where quantum machines become powerful enough to matter, the most disruptive scenarios are narrower than the internet usually suggests — and can be addressed with straightforward, non-disruptive upgrades and user migration.

 

What quantum can — and can’t — do to Bitcoin

CoinShares breaks Bitcoin’s security model into two main layers: elliptic curve signatures (ECDSA/Schnorr on secp256k1) for authorizing transactions, and hashing (SHA-256) for mining and shielding addresses.

Quantum computing changes the math in specific places, not everywhere. CoinShares points to Shor’s algorithm as the main concern for signatures: if public keys are exposed, Shor’s could theoretically derive private keys. It also cites Grover’s algorithm as weakening symmetric hashes like SHA-256 — but only from 256-bit strength to 128-bit strength, which CoinShares still considers impractical to brute-force at meaningful scale.

And there are hard limits: quantum computing, CoinShares stresses, can’t change Bitcoin’s 21 million cap and can’t bypass proof-of-work. Even if a quantum machine became a fast miner, Bitcoin’s difficulty adjustment still governs block production — and whether quantum mining would beat ASIC economics is unclear.

Where the exposure actually sits: legacy P2PK, not modern addresses

CoinShares says the real quantum exposure is concentrated in places where public keys are already visible — mainly legacy Pay-to-Public-Key (P2PK) outputs. It estimates these hold around ~1.6–1.7 million BTC, roughly 8% of supply.

But here’s the nuance that matters: CoinShares argues the market-impactful slice is far smaller. It says only about 10,200 BTC sits in UTXOs that could create any “appreciable market disruption” if compromised quickly. The rest of that legacy pile is fragmented across tens of thousands of UTXOs of roughly ~50 BTC each — and CoinShares argues that even with wildly optimistic quantum progress, stealing them all quickly isn’t realistic.

By contrast, modern formats like P2PKH and P2SH keep public keys hidden behind hashes until coins are spent, which CoinShares frames as a major built-in safety buffer.

It also pushes back on the popular “25% of BTC is vulnerable” claim: CoinShares says those numbers often include temporary, mitigable exposure (like address reuse by exchanges), which can be reduced with best practices — and, importantly, would come with multi-year warning signals as quantum tech progresses.

The timeline problem: quantum machines aren’t close to “dangerous territory”

CoinShares’ timing argument is blunt: even by early 2026 standards, quantum computing is nowhere near what would be required for practical attacks on Bitcoin keys.

It cites researcher estimates suggesting that reversing a public key within a day would require fault-tolerant quantum systems at a scale not achieved today — including an estimate of 13 million physical qubits, described as about 100,000× larger than the biggest current quantum computer. It also includes a quote from Ledger CTO Charles Guillemet, who notes the scale required is on the order of millions of qubits, versus Google’s current system at 105 qubits, and the challenge of maintaining coherence as qubits increase.

CoinShares frames “cryptographically relevant” quantum computers as a 2030s-or-later conversation in many estimates — more like 10–20 years — and draws a key distinction: long-term attacks against legacy exposed keys could happen over years, while the scarier “mempool” scenario (attacking a key briefly exposed while a transaction is waiting to be mined) would require cracking it in under 10 minutes, which CoinShares considers infeasible except in the very long term.

Don’t rush the cure: why CoinShares is wary of “aggressive interventions”

CoinShares spends significant time arguing against dramatic moves like rushing unvetted quantum-resistant formats into the protocol — or worse, hard forks to “burn” vulnerable coins.

Its concern isn’t that Bitcoin shouldn’t adapt — it’s that adapting too early could be more damaging than waiting. The note warns that premature cryptography choices could introduce critical bugs, waste scarce development resources on solutions that later prove inefficient or obsolete, and — in the “burn coins” scenario — violate Bitcoin’s neutrality and property-rights expectations because we don’t actually know which dormant coins are lost versus simply inactive.

CoinShares’ preferred posture is defensive evolution: allow users to migrate voluntarily, monitor progress in quantum capabilities, and adopt post-quantum signatures through a soft fork when the cryptography is mature and the threat is closer.

It also cites a quote from Dr. Adam Back, arguing Bitcoin can adopt post-quantum signatures and continue evolving defensively, with Schnorr having already paved the way for upgrades.

Why it matters for crypto

  • It reframes the quantum debate from “existential threat” to “risk management.” CoinShares’ point is that the threat is real in theory, but the timeline and impact are often overstated — especially in market narratives.
  • The risk is unevenly distributed. CoinShares argues exposure is concentrated in legacy P2PK coins (~8% supply), while modern address types keep keys hidden until spend — which changes what “vulnerable” actually means in practice.
  • Institutional due diligence gets cleaner. For investors, CoinShares is essentially providing a checklist: distinguish long-term P2PK exposure from short-term mempool risks, and treat key timelines as the gating factor.
  • Protocol governance risk becomes part of the story. The note warns that “overreacting” with aggressive interventions could threaten Bitcoin’s neutrality, property rights expectations, and trust — meaning the cure can create its own systemic risk.
  • Soft-fork migration is the plausible path. CoinShares argues Bitcoin can add post-quantum signatures and let users migrate at their own pace, keeping the transition non-disruptive.

What to watch next

  • Movement from legacy P2PK coins. CoinShares frames exposed legacy stacks as a potential “indicator” worth monitoring as quantum capabilities evolve.
  • Research milestones in fault-tolerant, large-scale qubits. The note’s risk timeline hinges on whether real-world systems approach the millions-of-(logical)/multi-million-(physical) qubit territory needed for practical key recovery.
  • Bitcoin improvement proposals for post-quantum signatures. CoinShares points to BIP-style pathways; watch for serious, peer-reviewed proposals gaining traction and review.
  • Best-practice changes around key exposure. CoinShares argues some “temporary” vulnerability (like address reuse) is mitigable — watch for exchanges and custodians tightening that behavior as a precaution.
  • How the market talks about it. CoinShares explicitly calls out hype and grift; watch whether institutional commentary stays anchored to timelines and exposed address reality rather than headline fear.

Source: CoinShares Insights – Quantum vulnerability in Bitcoin: a manageable risk