Quantum physics poses a threat to Bitcoin: why Michael Saylor's optimism underestimates the real risks

December 16, Michael Saylor voiced his position on quantum computing and its impact on Bitcoin, stating that the network will not only withstand this threat but even become stronger. However, his analysis overlooks critical details: today, over 1.7 million Bitcoin are in vulnerable outputs that could already be compromised with sufficiently powerful quantum hardware.

Mathematics vs. Optimism: How Quantum Threats Really Work

Bitcoin’s main vulnerability lies not in the proof-of-work algorithm but in digital signatures. The network uses cryptography based on ECDSA and Schnorr, built on the secp256k1 curve. Shor’s algorithm can derive private keys from public keys using a quantum computer with approximately 2000–4000 error-free logical qubits.

Current quantum devices are orders of magnitude below this threshold. According to expert estimates, cryptographically relevant machines will emerge in at least a decade. This provides a time window for adaptation.

Meanwhile, NIST has already approved post-quantum standards that can be integrated into Bitcoin:

• ML-DSA (Dilithium) and SLH-DSA (SPHINCS+) as FIPS 204 and 205
• FN-DSA (Falcon) as future FIPS 206

The technical capability for protection exists. The problem lies in scale and coordination.

1.7 Million Bitcoin Already at Risk: Addressing Details

Saylor’s claim that “lost coins remain frozen” ignores the complexity of Bitcoin’s address architecture.

Early transactions used the pay-to-public-key (P2PK) format, placing the public key directly on the chain. These keys are constantly visible and vulnerable to quantum attacks. Analyses estimate that approximately 1.7 million BTC remain in such “Satoshi-style” outputs.

Modern addresses like P2PKH and SegWit P2WPKH hide the key behind a hash until spent. However, at the moment of spending, the key is revealed and becomes a target.

Taproot (P2TR) outputs encode the public key from day one, making millions of new UTXOs potentially vulnerable from creation.

Research by Deloitte and blockchain analytics estimate that 25% of all Bitcoin are already in outputs with exposed public keys. These are not frozen assets—they are unclaimed coins waiting for the first attacker with appropriate quantum hardware.

Migration Costs: From Throughput to Fees

Post-quantum adaptation will not be painless. A study in the Journal of the British Blockchain Association shows that a realistic migration involves:

• Reducing block throughput by about half, as new post-quantum signatures take more space
• Increasing verification costs for each node
• Rising transaction fees due to competition for block space

Saylor mentions “increased security” but does not account for the environmental and economic consequences of a large-scale transition.

Three Proposal Scenarios: From Reduction to Chaos

The claim that “supply decreases” assumes an orderly migration. In reality, there are three possible paths:

Scenario 1: Reduction via non-upgrade Owners who never modify vulnerable wallets lose their funds. Coins are permanently removed from circulation. This cumulatively reduces the circulating supply.

Scenario 2: Theft via quantum attacks If quantum attackers begin large-scale operations before the network’s specialized defenses are in place, millions of BTC could transfer into new hands chaotically. The supply remains the same, but distribution changes drastically.

Scenario 3: Panic ahead of physics Expecting imminent quantum threats triggers panic selling, creation of alternative forks, or competing networks. Bitcoin’s price drops regardless of the actual threat.

None of these scenarios guarantees a clean reduction in supply that would positively impact the price.

Coordination Crisis: Politics Over Cryptography

Bitcoin has no central authority. A post-quantum soft fork will require consensus among developers, miners, exchanges, large holders, and other stakeholders.

Recent research from a16z emphasizes: Coordination risk exceeds cryptographic risk.

The network must:

1. Reach consensus on post-quantum standards
2. Implement updates in clients and nodes
3. Coordinate large-scale user migration
4. Do all this before a cryptographically relevant quantum computer appears

Delays, disagreements, and political influence attempts could stretch this process over years, leaving vulnerable coins exposed to quantum attackers.

“Sign-and-Steal” Attack: The Mempool Snatch

The risk becomes even sharper when a transaction spends from an address with a hashed key. At publication, in the mempool, the public key is revealed while waiting for confirmation. A quantum attacker could:

1. Monitor the mempool
2. Instantly recover the private key
3. Create a competing transaction with a higher fee
4. Compete with the original in the block

This scenario turns every visible spend into a race between the legitimate owner and a potential malicious actor.

What to Do: Coordination Over Confidence

Michael Saylor is essentially correct that Bitcoin can emerge stronger. The network can implement post-quantum signatures, update vulnerable outputs, and obtain more reliable cryptographic guarantees.

However, this outcome depends less on the timing of quantum computing emergence and more on the network’s ability to carry out complex, costly, and politically tense upgrades before physics catches up.

Necessary steps include:

• Developing standards for hybrid post-quantum outputs
• Creating tools for smooth user migration
• Equipping nodes and miners with reserves for maintenance
• Starting preventive updates today

Saylor’s confidence is, in essence, a bet that the Bitcoin community will be sufficiently organized and foresighted. Mathematics and physics are ready. The only question is whether governance is prepared.