Coinbase cryptography council urges Bitcoin to plan post-quantum migration now
The group declined to back freezing or constraining quantum-vulnerable coins, leaving a long-horizon supply debate open.
A Coinbase-convened cryptography advisory council urged Bitcoin to begin engineering work for post-quantum signatures despite no known timeline for a quantum threat. The council avoided the most contentious question of whether quantum-vulnerable coins that may never migrate should be frozen, constrained, or left spendable.
Key Takeaways
- A Coinbase-convened council of prominent cryptographers said quantum computers are not a threat to blockchains today, but recommended Bitcoin start post-quantum signature migration planning now.
- An estimated 6.7 million BTC were described as exposed to a future quantum attack, split between early pay-to-public-key outputs and coins exposed through address reuse, per Project11.
- The council separated post-quantum engineering from the governance fight over coins that may never migrate, arguing the technical work should proceed regardless.
- It declined to endorse freezing or otherwise constraining vulnerable coins, saying the community must decide and that multiple mitigation approaches could be combined.
Coinbase Cryptography Council: Start Post-Quantum Planning Now
A Coinbase-convened advisory council of cryptographers laid out a pragmatic stance on Bitcoin’s quantum risk: no near-term emergency, but no excuse to delay preparation. The council’s baseline is that quantum computers are not a threat to blockchains today and that nobody knows when they might be, yet it still urged the Bitcoin community to begin technical planning for post-quantum signatures.
That framing matters for market structure. It dampens reflexive “quantum FUD” by explicitly rejecting an imminent threat, while simultaneously elevating the topic into an actionable roadmap item. The council also pushed for clearer ecosystem messaging, warning that uncertainty itself can become a risk factor. “Communicate clearly. Users need to know this problem is being taken seriously. Uncertainty is its own risk,” the report said.
The 6.7M BTC Exposure Map: P2PK Outputs and Address Reuse
The council’s report anchored the debate to a concrete exposure estimate: roughly 6.7 million BTC described as vulnerable to a future quantum attack.
About 1.7 million BTC were said to sit in roughly 20,000 early pay-to-public-key (P2PK) outputs, an early format that publishes the owner’s public key directly on-chain. That matters because a future quantum attacker would not need to wait for a spend to reveal the public key.
Project11, a research group tracking the issue, was cited estimating another ~5 million BTC are exposed through address reuse. The report described most of that reuse-linked exposure as active holdings in exchange wallets, shifting part of the “quantum readiness” conversation from abstract protocol design to operational hygiene at large custodians.
The Governance Fault Line: Cutoff vs. Property-Rights Concerns
The council drew a hard line between engineering and governance. It argued that swapping in quantum-resistant signatures is the easier part, and that the technical migration work should not wait for a community resolution on the hardest question: what happens to coins that do not migrate.
One camp favors a hard deadline after which Bitcoin’s current signature schemes, ECDSA and Schnorr, would no longer be accepted, making unmigrated coins unspendable. The opposing camp calls that confiscation and a violation of Bitcoin’s property-rights ethos, warning it could normalize future freezes under external pressure.
Between those poles sit proposals the report described as potentially compatible rather than mutually exclusive. Hourglass would cap how many vulnerable coins can be spent per block to limit a sudden supply flood. BIP-361, attributed to developer Jameson Lopp and others, would let migrated holders prove ownership after a cutoff with a quantum-resistant proof that exposes no key. PACTs, attributed to Paradigm’s Dan Robinson, would let owners timestamp a private claim now and move funds later without revealing anything today.
The council refused to pick a policy outcome on freezing or constraining vulnerable coins, stating there is no single correct answer and that the community must decide.
Signals Traders Can Track as the Debate Moves On-Chain
The first concrete tell will be whether a Bitcoin Improvement Proposal, or even a serious draft, formalizes post-quantum signature support and sketches an activation path. Traders should also watch whether discussion converges on a hard cutoff for legacy signatures versus non-confiscatory alternatives, since the council explicitly declined to endorse freezing or constraining vulnerable coins.
On the data side, updates to Project11’s estimates on address-reuse exposure and the early P2PK set will shape the “effective supply” narrative over time. Finally, messaging from major custodians and exchanges on reducing address reuse and preparing migration tooling would be a real-world signal that the issue is moving from research to operations.
Why ‘Engineering First, Governance Later’ Still Leaves a Supply Narrative Risk
I buy the council’s sequencing. Engineering work can start without a quantum timeline, and the report’s “not a threat today” baseline reduces the odds of a near-term panic bid for tail-risk hedges.
The market overhang is governance, not cryptography. The threshold that matters is whether Bitcoin converges on a policy that clearly defines the end-state for non-migrated coins, because 6.7 million BTC worth of “maybe spendable, maybe not” is a long-horizon supply narrative that can reprice risk premia when the first credible activation path shows up.
