The Quantum Clock Is Ticking — Is Crypto Ready?

Quantum based attacks are not an immediate threat to blockchain cryptography, but recent advances have shortened perceived timelines and pushed the industry from passive monitoring to active preparation.

An estimated 6.9 million BTC may be vulnerable to future quantum attacks because of legacy address formats and public key reuse. Of this, around 1.7 million BTC, or roughly 9% of total supply, sits in dormant Satoshi-era coins that may be difficult or impossible to migrate.

Quantum exposure differs across blockchains depending on address design, signature schemes, and consensus architecture. As a result, major ecosystems are now developing post-quantum roadmaps, including proposals to transition toward quantum-resistant signature schemes.

The hardest part of post-quantum crypto may not be choosing new cryptography. It may be coordinating upgrades across users, wallets, exchanges, custodians, validators, miners, and dormant supply.

Different chains face different forms of exposure. Bitcoin’s risk is concentrated around UTXOs and old wallet behaviour, while Ethereum and Solana also must think about account models, validators, and proof-of-stake infrastructure.

Post-quantum migration is already becoming a serious roadmap item, with Bitcoin proposals such as BIP-360 and BIP-361, Ethereum’s account-abstraction-centred planning, and Solana’s work around Falcon signatures.

For most of Bitcoin’s history, quantum computing sat in the same mental bucket as asteroid insurance: interesting, dramatic, and easy to ignore. That is changing.

The issue is not that a quantum computer can currently steal Bitcoin, break Ethereum accounts, or compromise validator keys at scale. No publicly known machine can do that today. The issue is that the gap between “not possible” and “needs serious planning” appears to be shrinking, particularly after the recent Google Quantum AI research estimated far lower logical-qubit requirements for breaking 256-bit elliptic-curve cryptography than older assumptions suggested.

That changes the conversation. Quantum risk is no longer just a cryptography thought experiment. It is becoming a migration problem.

But here is what most coverage of quantum risk misses: the cryptography community already has candidate solutions. NIST-standardised post-quantum schemes exist, and the technical path is visible.

The harder problem is moving a decentralised network. Cryptography can be upgraded in a lab. A live blockchain has to migrate wallets, exchanges, custodians, protocols, users, validators, tooling, standards, and social consensus. That is a much heavier machine and blockchains are historically slow at exactly this kind of coordinated upgrade.

The question, then, is not simply: “When will quantum computers be powerful enough?” The better question is: “Will blockchains be ready before they need to be?” This Crypto Market Monitor examines these questions, chain by chain.

Most major blockchains rely on digital signatures to prove ownership. A user has a private key. The network can verify a signature using the corresponding public key. Classical computers cannot realistically reverse that relationship and derive the private key from the public key.

Quantum computers could change that assumption.

A sufficiently powerful quantum machine running algorithms such as Shor’s algorithm could, in principle, derive private keys from exposed public keys. That does not mean every wallet is equally vulnerable at the same time. The key detail is whether the public key is already visible.

Quantum attacks usually fall into two broad categories:

1. Stored exposure

This is the slow-burn version. If a public key is already visible onchain, a future quantum attacker could target it without waiting for the owner to do anything. Old Bitcoin P2PK outputs, reused addresses, certain exposed wallet structures, and validator keys all belong in this concern bucket.

2. Transaction-window exposure

This is the race version. Some addresses hide the public key until the owner spends. Once the transaction is broadcast, the public key appears. A fast enough quantum attacker could theoretically attempt to derive the private key and publish a competing transaction before final settlement.

This second scenario depends heavily on network timing. Bitcoin’s roughly 10-minute block interval leaves a longer window of exposure than faster networks such as Ethereum, with around 12-second blocks, or Solana, which reaches finality in under a second.

Bitcoin’s Quantum Problem Is Mostly a Wallet-History Problem

Bitcoin is often discussed as if quantum computing would attack the network itself. That framing is too broad. Bitcoin’s proof-of-work and hashing are not the main near-term concern. The sharper issue is old public-key exposure.

Bitcoin uses a UTXO model, where coins sit in unspent outputs. Depending on the address type and spending history, the public key may be hidden, revealed later, or exposed from the beginning.

That history matters because Bitcoin has been running since 2009. It carries every old design choice forward like rings inside a tree trunk. Some early coins were created before today’s wallet practices became standard. Some users reused addresses. Some custodians and large holders used patterns that now look more fragile in a post-quantum context.

This makes Bitcoin’s risk uneven. Two wallets with the same BTC balance may have very different quantum exposure depending on how their keys were used.

Bitcoin Address Types Through a Quantum Lens

Here is the cleaner way to think about Bitcoin’s address risk:

BIP-360 tries to address part of this problem by introducing Pay-to-Merkle-Root, or P2MR, which removes Taproot-style key-path spending and keeps public keys out of the long-term exposed path. It is not a complete post-quantum solution by itself, but it is an important design step.

The Size of the Exposed Bitcoin Pool

The headline number being discussed across recent quantum-risk research is large: roughly 6.9 million BTC may sit in addresses where public keys are already exposed or have become exposed through reuse.

This does not mean 6.9 million BTC can be stolen today. It means those coins may become attractive targets if a cryptographically relevant quantum computer becomes practical before migration happens.

Within that pool, the most sensitive category is early dormant Bitcoin. About 1.7 million BTC in Satoshi-era or early-mining-style P2PK coinbase outputs, including coins often attributed to Satoshi Nakamoto are not protected against quantum computing attacks.

Dormant Coins Are the Hardest Part of the Puzzle

Active holders can migrate. Exchanges can rotate keys. Custodians can upgrade infrastructure. Wallet providers can push users toward safer address formats. Validators can eventually adopt new signing schemes.

Dormant coins cannot raise their hand.

That makes old Bitcoin supply different from ordinary wallet risk. If those coins belong to lost keys, dead owners, forgotten miners, or Satoshi Nakamoto, there may be no one available to move them into quantum-safe outputs.

So Bitcoin faces an uncomfortable choice.

Leaving dormant vulnerable coins untouched preserves Bitcoin’s strong property-rights culture, but it may eventually allow a quantum attacker to claim funds that the original owner never moved.

Freezing or restricting those coins could protect supply from quantum theft, but it would also cross one of Bitcoin’s most sensitive social lines: changing spendability rules for old coins.

That is why the “Satoshi coins” debate is not just about Satoshi. It is about would Bitcoin =defend inactive owners from a future attacker by limiting coins that have not migrated?

That is where the technical problem turns into a governance trap.

Bitcoin’s Migration Proposals Are Really Social Contracts

Bitcoin’s post-quantum path is not one single upgrade. It is a sequence of uncomfortable decisions.

BIP-360: Reduce key exposure in future outputs

BIP-360 proposes P2MR as a new output structure that avoids Taproot’s key-path spend and reduces long-range public-key exposure. It helps with future design, but it does not magically protect old coins.

BIP-361: Create a sunset for vulnerable signatures

BIP-361 goes further. It proposes a staged process after a post-quantum output type exists. First, it would prevent new funds from being sent to vulnerable address types. Later, it would add more pressure to migrate, potentially ending with old vulnerable signatures being disabled.

That is powerful, but controversial. It turns migration from a recommendation into an eventual requirement.

PACTs: Give old holders a way to prove control without moving coins

PACTs, or Provable Address-Control Timestamps, offer a different angle. Instead of forcing old coins to move now, holders could privately prove address control before quantum attacks become practical. Later, if a sunset rule freezes vulnerable coins, those earlier proofs could help legitimate holders recover access.

This matters because it tries to solve the “prove you owned it before quantum attackers existed” problem without forcing immediate public movement.

Ethereum’s risk is not a copy of Bitcoin’s.

Ethereum uses an account-based model. An externally owned account becomes more exposed once it has sent a transaction, because the public key can be recovered from transaction signature data. This means the risk is tied less to old UTXO types and more to account activity, wallet design, and how much value remains under exposed keys.

Ethereum also has proof-of-stake validators, which makes validator-key migration part of the security conversation. If validator signatures depend on quantum-vulnerable cryptography, then post-quantum planning has to protect both users and consensus infrastructure.

Ethereum’s own future-proofing roadmap frames account abstraction as a major migration advantage. Instead of forcing every account to use one rigid signature system, account abstraction can allow accounts to adopt newer signature schemes more flexibly over time.

This gives Ethereum an important design path: make accounts more cryptographically upgradeable before the pressure becomes urgent.

Solana’s post-quantum direction is also taking shape.

According to the Solana Foundation, Anza and Firedancer independently evaluated post-quantum signature options and both arrived at Falcon, a lattice-based signature scheme with compact signatures. Both teams have built initial implementations.

That choice makes sense for Solana’s constraints. A high-throughput blockchain cannot casually adopt very large or slow signatures without affecting performance. Signature size, verification cost, and validator workload all matter.

Solana’s approach appears to be gradual: enable post-quantum-capable keys, encourage rotation, and complete migration if the threat becomes more immediate. The important point is that Solana is not treating quantum readiness as a blog-post issue. It is already entering client-level engineering.

The cryptography industry already has candidate post-quantum tools. NIST-standardised approaches include lattice-based and hash-based schemes, and blockchain teams are experimenting with which ones fit their performance and upgrade constraints.

But blockchains do not fail only because better cryptography is unavailable. They fail when better cryptography cannot be deployed in time.

That is the real quantum clock.

Every network must answer a chain-specific version of the same questions:

• Who decides which signature schemes are acceptable?
• How long should users have to migrate?
• What happens to coins or accounts that do nothing?
• Should vulnerable formats be discouraged, taxed, restricted, or frozen?
• How should custodians and exchanges rotate keys without creating operational chaos?
• Can hardware wallets, mobile wallets, multisigs, smart contracts, and bridges all upgrade safely?

Coinbase’s Quantum Advisory Council has argued that the time to prepare is before the threat becomes urgent, not after. Migration across blockchains, wallets, exchanges, and custodial infrastructure can take years.

The networks that start answering these questions now will have a material head start over those that wait for the threat to become undeniable.

Conclusion: The Quantum Threat Is Really a Readiness Test

Quantum computing does not currently break crypto networks at scale. But it is forcing a useful and uncomfortable audit of blockchain security assumptions.

Bitcoin’s challenge is old public-key exposure and dormant coins. Ethereum’s challenge is account and validator migration. Solana’s challenge is preserving speed while adopting post-quantum signatures. Every chain has its own version of the same deeper problem: decentralised systems are hard to upgrade quickly.

So, the quantum story is not just about qubits. It is about time.

The networks that prepare early can turn quantum migration into a managed upgrade. The networks that wait may discover that the hardest part was never the math. It was getting everyone to move before the alarm bell became audible.

Disclaimer – Research and Educational Content

This document has been prepared by AMINA Bank AG (“AMINA”). AMINA is a Swiss licensed bank and securities dealer with its head office and legal domicile in Switzerland. It is authorised and regulated by the Swiss Financial Market Supervisory Authority (“FINMA”).

This document is published solely for educational purposes; it is not an advertisement nor a solicitation or an offer to buy or sell any financial investment or to participate in any particular investment strategy. This document is for publication only on AMINA website, blog, and AMINA social media accounts as permitted by applicable law. It is not directed to, or intended for distribution to or use by, any person or entity who is a citizen or resident of or located in any locality, state, country or other jurisdiction where such distribution, publication, availability or use would be contrary to law or regulation or would subject AMINA to any registration or licensing requirement within such jurisdiction.

Research will initiate, update and cease coverage solely at the discretion of AMINA. This document is based on various sources, incl. AMINA ones.  In preparing this document, AMINA may have made limited use of artificial intelligence–enabled tools to assist with research, summarisation, and drafting, with all content subject to human review and validation.

No representation or warranty, either express or implied, is provided in relation to the accuracy, completeness or reliability of the information contained in this document, except with respect to information concerning AMINA. The information is not intended to be a complete statement or summary of the subjects alluded to in the document, whereas general information, financial investments, markets or developments. AMINA does not undertake to update or keep current information. Any statements contained in this document attributed to a third party represent AMINA’s interpretation of the data, information and/or opinions provided by that third party either publicly or through a subscription service, and such use and interpretation have not been reviewed by the third party.

Any formulas, equations, or prices stated in this document are for informational or explanatory purposes only and do not represent valuations for individual investments. There is no representation that any transaction can or could have been affected at those formulas, equations, or prices, and any formula(s), equation(s), or price(s) do not necessarily reflect AMINA’s internal books and records or theoretical model-based valuations and may be based on certain assumptions. Different assumptions by AMINA or any other source may yield substantially different results.

Nothing in this document constitutes a representation that any investment strategy or investment is suitable or appropriate to an investor’s individual circumstances or otherwise constitutes a personal recommendation. Investments involve risks, and investors should exercise prudence and their own judgment in making their investment decisions. Financial investments described in the document may not be eligible for sale in all jurisdictions or to certain categories of investors. Certain services and products are subject to legal restrictions and cannot be offered on an unrestricted basis to certain investors. Recipients are therefore asked to consult the restrictions relating to investments, products or services for further information. Furthermore, recipients may consult their legal/tax advisors should they require any clarifications.

At any time, investment decisions (including, among others, deposit, buy, sell or hold investments) made by AMINA and its employees may differ from or be contrary to the opinions expressed in AMINA research publications.

This document may not be reproduced, or copies circulated without prior authority of AMINA. Unless otherwise agreed in writing, AMINA expressly prohibits the distribution and transfer of this document to third parties for any reason. AMINA accepts no liability whatsoever for any claims or lawsuits from any third parties arising from the use or distribution of this document.

©2026 AMINA, Kolinplatz 15, 6300 Zug