Preface

Context:

Coinbase's Independent Advisory Board on Quantum Computing and Blockchain warns that, while no quantum computer today can break blockchain cryptography, the timeline for such a machine is uncertain and the industry must begin preparing now. Their report focuses on the practical challenge of migrating keys and signatures to quantum-resistant algorithms and highlights a pressing policy question: what should happen to coins that never migrate to quantum-safe addresses? This article summarizes the council's findings, the estimated scope of vulnerable Bitcoin, and the migration options being discussed, with the aim of clarifying the technical and governance implications for developers, custodians, and users.

Lazy bag

Key takeaways: The Coinbase advisory council urges early planning for post-quantum migration. Roughly 7 million BTC may be exposed due to public-key disclosure and address reuse. The critical unresolved question is how to treat coins whose owners never switch to quantum-safe addresses — options include burning, leaving them alone, or intermediate limits and special proofs.

Main Body

The Independent Advisory Board convened by Coinbase has produced a report intended to move blockchain communities from debate to action on the risk that future quantum computers could break widely used cryptographic primitives. The immediate thrust is not an alarm that a quantum breach is imminent, but a recommendation that networks begin planning and implementing technical changes now so that the transition is orderly rather than reactive.

At the technical level, many major blockchains rely on elliptic-curve based digital signatures to authenticate transactions. A sufficiently capable quantum computer running algorithms like Shor's could, in principle, derive private keys from observed public keys — which would allow an attacker to forge transactions and steal funds. Today, this remains theoretical: no known quantum machine has the scale or error correction required to perform such an attack on real-world keys. However, several expert groups estimate that a cryptographically relevant quantum computer could emerge within the next decade, and timelines are inherently uncertain.

The advisory board highlights a specific vulnerability pattern: when an address's public key has been revealed on-chain — for example, because the owner spent from the address previously — that address becomes directly susceptible to future quantum key recovery. Many long-unused addresses fall into this category, and a portion of such coins are widely believed to be early-mined or lost funds. The advisory's analysis suggests that combining exposed public keys and common address-reuse patterns results in an estimate of roughly 7 million Bitcoin that are presently classed as quantum-vulnerable.

Beyond the technical readiness to adopt quantum-resistant signature schemes, the most contentious debate is procedural and ethical: what should be done about coins that remain on legacy, vulnerable addresses if a credible quantum threat materializes? The advisory board outlines three broad approaches, each with trade-offs:

1) Permanent freeze or burn after a deadline. One option would be to set a network-level deadline after which coins remaining on vulnerable addresses are rendered unspendable or are explicitly burned. This approach aims to reduce the attack surface by eliminating assets that adversaries could exploit, but it raises profound property-rights and governance concerns. For Bitcoin in particular, forcibly removing or disabling private property would represent a substantial intervention at odds with the network's minimal-governance ethos.

2) Do nothing — leave the choice to users. A permissive approach respects user sovereignty and avoids precedent-setting network intervention. It also, however, leaves potentially millions of BTC at higher risk and may shift the burden to custodians and individuals to proactively migrate assets. Moreover, historically lost coins (e.g., from early miners) would remain exposed indefinitely.

3) Middle-ground measures. The advisory suggests several intermediate strategies that balance risk mitigation with respect for ownership. Examples include limiting the number of potentially vulnerable coins that can move in a single block, accepting alternative cryptographic proofs in place of legacy signatures, or enabling mechanisms for users to pre-commit to migration plans without publicly transferring funds immediately. These hybrid options could reduce attack vectors while preserving flexibility and property rights, and they are not mutually exclusive — jurisdictions and networks might adopt combinations that suit their security and governance models.

The report emphasizes that the proposed options are compatible and that networks need not choose a single path exclusively; layered defenses and procedural options can coexist. Importantly, the board reiterates that the urgency is about planning and building tools — such as quantum-resistant signature schemes, wallet upgrades, and migration workflows — rather than implying immediate panic.

Several major blockchain projects are already moving toward post-quantum preparedness. The Ethereum Foundation has formed a dedicated team to coordinate the transition and consider quantum-resistant alternatives for validator and wallet signatures. Ethereum's roadmap work and public commentary from its leadership have begun to map practical upgrade steps. Proof-of-stake networks have been flagged as especially sensitive because validator keys are frequently exposed in the course of consensus operations, increasing potential attack surfaces for future quantum adversaries.

Other ecosystems are similarly active: Stellar has published a migration roadmap, and various research groups and vendors are developing cryptographic primitives intended to resist quantum attacks. The advisory also notes the importance of wallets, custodians, and exchanges participating in honest risk communication and coordinated migration planning to avoid fragmented or chaotic transitions.

Operationally, migration will involve updating client software, rolling out new signature algorithms, and creating clear user experiences for key rotation and address migration. For custodial platforms and hardware wallets, the challenge includes secure key generation, storage, and possibly backend support for migrating legacy user balances without exposing owners to unnecessary risk or privacy loss.

Governance choices loom large: whether to accept partial solutions, create opt-in migration mechanisms, or implement network-level rules will involve technical trade-offs, community values, and legal considerations. The advisory's framing — that the technical upgrade work should not wait for consensus on what to do with abandoned or non-migrating coins — underscores a pragmatic stance: build the tools now so that when policy decisions are debated, networks are not hurriedly implementing untested cryptographic changes under pressure.

In summary, the key message from Coinbase's advisory board is precautionary and practical. While quantum computers able to break blockchain signatures do not yet exist, uncertain timelines and the identifiable population of vulnerable coins mean the industry should prioritize research, develop migration tooling, and begin coordination across developers, custodians, and users. How networks ultimately handle coins that never migrate remains an open and sensitive question — one that mixes security, property rights, and governance — but the consensus emerging from experts is that preparation must start well before a crisis point arrives.

Key Insights Table