Bitcoin developers are revisiting a strategy first outlined 16 years ago by Satoshi Nakamoto, as the threat posed by quantum computing grows closer to reality. Back in 2008, Nakamoto published a technical roadmap on the BitcoinTalk forum focused on safeguarding the cryptocurrency from quantum-powered attacks. This archived discussion, once regarded as an abstract precaution, has now influenced the BIP-360 and BIP-361 proposals under consideration by Bitcoin Core.
Quantum threat to Bitcoin’s security
At issue is the potential risk posed by quantum computers running Shor’s algorithm, which could, in theory, break the cryptographic protections underlying Bitcoin’s network. If a quantum computer becomes powerful enough, it can derive private keys from public ones, exposing coins controlled by old addresses that have reused key material.
Developers estimate that around 35% of all mined Bitcoin—approximately 6.9 million BTC—could be vulnerable. Most of these coins reside in early-era wallets that use Pay-to-PubKey (P2PK) outputs or in addresses that have been used multiple times, creating exposed public keys susceptible to future attacks.
Mini dictionary: Shor’s algorithm, a quantum computing algorithm, can efficiently solve problems like integer factorization, allowing adversaries to break cryptographic systems such as ECDSA by deriving private keys from exposed public keys.
Nakamoto foresaw that when computers develop the ability to derive private keys from public addresses, the network would need to force a migration to stronger cryptography at a pre-set block height, effectively locking exposed coins that are not updated.
BIP-360 and BIP-361: A technical legacy
Modern technical committees have now formalized Nakamoto’s vision into a two-part strategy. The first step is transitioning to a new address format, bc1z, which uses Merkle-tree cryptography. This format should resist attacks enabled by quantum computers far better than Bitcoin’s original system.
The second step involves establishing a firm block height deadline: once reached, the network would disable all legacy wallets, making it impossible to send or receive coins from outdated addresses. This transition echoes Nakamoto’s original advice and places pressure on holders of early coins to act before their funds become inaccessible.
| Migration Step | Old System | New System |
|---|---|---|
| Address Format | P2PK, legacy addresses | bc1z, Merkle-tree based |
| Security Level | ECDSA (quantum-vulnerable) | Quantum-resistant cryptography |
| Wallet Impact | Many reused/exposed addresses | Requires migration by block deadline |
Network impact and the fate of lost coins
Implementing these changes is expected to cause significant costs. The larger data sizes required by stronger cryptographic methods would boost transaction sizes by 57%, raising transfer fees for all users.
A more profound problem lies with the millions of early BTC lost to forgotten wallets or inaccessible storage. Owners of these coins would be unable to update their addresses, resulting in a permanent freeze of their funds. Developers have stated that, to protect the rest of the network, these balances would need to be isolated from the system and rendered unrecoverable.
In an ironic twist, Nakamoto’s own pioneering wallets—some of the oldest in Bitcoin history—may be among those subject to forced closure if the migration plan moves forward. His vision for network security could ultimately lead to the permanent loss of his digital legacy.
If quantum attacks ever threaten the chain, the cost of security may be the sacrifice of millions of dormant coins— including those controlled by Bitcoin’s creator— to ensure the system’s future.




