news

Coinbase Report Warns 7 Million Bitcoin Could Face Future Quantum Risk, Including Exchange Cold Wallets

Dhananjay Singh
Published: June 13, 2026
6 min read
Coinbase Report Warns 7 Million Bitcoin Could Face Future Quantum Risk, Including Exchange Cold Wallets

STAY UPDATED WITH COTI

Follow COTI across social media platforms to get the latest news, updates and community discussions.

X IconFollow on XTelegram IconJoin Telegram
Make us preferred on Google

Summary:

  • Coinbase's Independent Advisory Board on Quantum Computing and Blockchain estimates that around 7 million BTC could eventually be vulnerable to quantum attacks.
  • Roughly 5 million BTC are considered exposed because of address reuse, including funds believed to be held in exchange cold wallets and active user addresses.
  • The report presents multiple possible solutions, from freezing vulnerable coins after a migration deadline to leaving the decision entirely to individual holders, but it does not endorse any single approach.
  • Researchers recommend that the Bitcoin community begin preparing for post-quantum cryptography now, even though no quantum computer can currently break Bitcoin's encryption.
  • The report emphasizes that the technical transition and governance discussions could take years, making early planning essential.

A new report from Coinbase's Independent Advisory Board on Quantum Computing and Blockchain has reopened one of Bitcoin's longest-running debates about quantum computers and  cryptographic security. The report estimates that roughly 7 million Bitcoin could be exposed to a future quantum attack if the network does not migrate to quantum-resistant cryptography in time. While researchers stress that no existing quantum computer can currently break Bitcoin's security, they argue that preparing only after that capability exists would likely be too late. According to the advisory board, the vulnerable coins fall into two separate categories. Around 1.7 million BTC remain in older Pay-to-Public-Key (P2PK) addresses. In these early Bitcoin addresses, the public key is already visible on the blockchain, making them theoretically easier targets if quantum computers become capable enough in the future. Many of these coins are believed to belong to Bitcoin's earliest users, including wallets widely associated with Satoshi Nakamoto or owners who have permanently lost access.

Source: Coinbase Report

The larger concern, however, involves approximately 5 million BTC tied to address reuse. When a Bitcoin address is reused, its public key becomes visible after a transaction is made. If quantum computers eventually reach the required level of computational power, that exposed public key could become vulnerable. Unlike the older dormant wallets, the report believes most of these reused addresses belong to active users, institutions and exchange-operated cold wallets rather than abandoned coins. Although Coinbase does not identify any specific exchanges, the report notes that known exchange cold wallets make up part of this category. The estimate for reused addresses is based on research from Project Eleven, which the advisory board references throughout its analysis.

READ MORE: Are Bitcoin Holders Selling for SpaceX? Onchain Data Suggests a Different Story

The debate is no longer just technical - it is about Bitcoin governance

Rather than focusing only on cryptography, much of the report examines what the Bitcoin community should do if quantum-resistant upgrades eventually become necessary. One proposal would establish a migration deadline. After that date, Bitcoin would stop accepting legacy signature algorithms such as ECDSA and Schnorr. Any coins that were not moved to quantum-safe addresses before the deadline would effectively become frozen forever. Supporters argue this would protect Bitcoin holders by preventing attackers from stealing dormant coins if quantum computers eventually break existing cryptography. They also contend that allowing billions of dollars worth of previously inaccessible Bitcoin to suddenly re-enter circulation could create significant market disruption. The report even notes concerns that hostile actors, including sanctioned nation-states, could potentially exploit vulnerable wallets if no migration policy exists. Others strongly disagree.

READ MORE: Solana Partners With Project Eleven to Test Post-Quantum Security

The opposing view argues that permanently freezing coins would amount to confiscating private property through a protocol change. Supporters of this position believe Bitcoin's core principle is that ownership belongs to whoever controls the private keys, regardless of whether those keys are used immediately. They also point out that there is no reliable way to distinguish between someone who permanently lost access, someone who is temporarily unable to move funds, someone imprisoned, or heirs who may eventually recover the keys. Coinbase's advisory board deliberately avoids recommending a final solution. The report instead outlines several compromise ideas that could reduce disruption while giving users more time to migrate. One proposal, known as Hourglass, would limit how many vulnerable legacy coins could move in each block, preventing a sudden flood of Bitcoin entering circulation. Another proposal, BIP-361, would phase out older signatures while allowing owners to prove control using quantum-resistant zero-knowledge proofs for compatible wallets created from seed phrases. 

The report also discusses Provable Address-Control Timestamps (PACTs), a concept proposed by Paradigm researcher Dan Robinson. Under this approach, users could cryptographically commit today to a future quantum-safe transfer without immediately moving their Bitcoin on-chain. The advisory board concludes that choosing between them is ultimately a governance decision for the wider Bitcoin community. One statistic included in the report states:

"According to Project11, the number of bitcoins that are vulnerable due to address reuse is currently about 5 million." Source

Researchers Say Preparation Should Begin Now

Although the report stops short of predicting when practical quantum attacks could become possible, its authors repeatedly stress that preparation will likely take years. Building support for quantum-resistant signatures, updating wallets, coordinating exchanges, educating users and reaching community consensus are all expected to require significant time. Waiting until quantum computers are already capable of attacking Bitcoin could leave insufficient time for a smooth migration. The advisory board therefore makes two clear recommendations. First, developers should begin building post-quantum cryptographic support now, regardless of which governance approach is eventually adopted. The report argues that technical preparation is largely independent from the debate over abandoned coins and should not be delayed. Second, researchers encourage clearer public communication. Wallet providers, exchanges and developers should keep users informed about potential migration plans long before any deadlines are introduced.

Source

The advisory board itself brings together researchers from several leading institutions, including Stanford University, The University of Texas at Austin, the Ethereum Foundation, Eigen Labs, The University of Washington, Bar-Ilan University, and UC Santa Barbara, alongside Coinbase's own cryptography team. The report also echoes earlier discussions across the industry. Earlier this year, investment firm Jefferies highlighted exchange and institutional wallets as potentially more exposed because of address reuse, while Google announced plans to complete its own migration toward post-quantum cryptography by 2029, reflecting growing attention to the technology beyond cryptocurrency. For now, however, the report makes one point especially clear that today's Bitcoin network remains secure against existing quantum computers. The challenge is to prepare years in advance, while balancing security, property rights and Bitcoin's decentralized governance model.

READ MORE: EU Targets Crypto in New Russia Sanctions Package, Proposes Ban on 11 Digital Asset Platforms

Related Topics

#Coinbase#Quantum Risk#Bitcoin#Cold Wallets#Quantum Computing#Quantum Update

About the Project

Crypto News

About the Author

Dhananjay Singh

Dhananjay Singh

Dhananjay Singh is a DeFi reporter at CotiNews covering the evolving decentralized finance landscape. His work focuses on developments within the Ethereum ecosystem and the growing COTI network. He holds a Bachelor’s degree in Political Science from the University of Delhi.

View all articles

Disclaimer

The views and opinions expressed in this article are those of the authors and do not necessarily reflect the official stance of CotiNews or the COTI ecosystem. All content published on CotiNews is for informational and educational purposes only and should not be construed as financial, investment, legal, or technological advice. CotiNews is an independent publication and is not affiliated with coti.io, coti.foundation or its team. While we strive for accuracy, we do not guarantee the completeness or reliability of the information presented. Readers are strongly encouraged to do their own research (DYOR) before making any decisions based on the content provided. For corrections, feedback, or content takedown requests, please reach out to us at

contact@coti.news

Stay Ahead of the Chain

Subscribe to the CotiNews newsletter for weekly updates on COTI V2, ecosystem developments, builder insights, and deep dives into privacy tech and industry.
No spam. Just the alpha straight to your inbox.

We care about the protection of your data. Read our Privacy Policy.