Share
Coinbase’s Independent Advisory Board on Quantum Computing and Blockchain published a 50-page position paper on April 22. It states that while no quantum computer capable of breaking blockchain cryptography exists today, one will eventually be built, and the industry has no time to wait before preparing.
The board’s full paper, authored by six leading cryptographers and academics, is the most rigorous industry assessment of quantum risk to digital assets published to date.
Today we've published the first position paper from the Coinbase Independent Advisory Board on Quantum Computing and Blockchain, a group of leading researchers from Stanford, UT Austin, the Ethereum Foundation, and beyond.
The short version: your crypto is safe today. But a…
— Philip Martin (@SecurityGuyPhil) April 21, 2026
The paper lands at a moment when the quantum risk conversation has shifted from the theoretical to the institutional. BlackRock updated its Bitcoin ETF filing to include an explicit disclosure of quantum computing risk, and Google’s March 2026 paper revealed that Bitcoin and Ethereum’s encryption could be broken in 9 minutes.
The board comprises Scott Aaronson (UT Austin), Dan Boneh (Stanford), Justin Drake (Ethereum Foundation), Sreeram Kannan (EigenLayer), Yehuda Lindell (Coinbase and Bar-Ilan University), and Dahlia Malkhi (UC Santa Barbara). This is not a marketing paper. These are the researchers who build the cryptographic infrastructure the industry runs on. Their core message: ‘Waiting for it to be urgent is not a good idea.’
The threat requires a Fault-Tolerant Quantum Computer (FTQC) that does not yet exist. Building one capable of breaking 256-bit elliptic-curve keys, the standard protecting Bitcoin and most blockchains today, remains a significant engineering challenge. NIST recommends that post-quantum migrations be completed by 2035. The board’s assessment is more cautious: recent research raises the possibility that the timeline could be shorter, and they are not confident that a cryptographically relevant quantum computer will not exist by 2035.
The quantum threat to BTC is getting harder to dismiss.
IBM projects an error corrected quantum system by 2029. BlackRock flagged quantum computing as a risk in their Bitcoin ETF filing.@BTQ_Tech is building quantum resistant infrastructure to fix this.@btc_quantum (BTQ) is… pic.twitter.com/x8eYaoBGJM
— Delphi Digital (@Delphi_Digital) December 3, 2025
The primary vulnerability is at the wallet layer. Digital signatures that prove ownership and authorize transactions rely on elliptic-curve cryptography, which Shor’s algorithm can break. Hash functions used to protect mining and on-chain records are considered quantum-resistant under current designs.
The critical figure: an estimated 6.9M BTC sit in wallets whose public keys are already visible on-chain, including early P2PK addresses and wallets that have already made outbound transactions. A sufficiently powerful quantum computer could derive the private key from a visible public key. Wallets protected behind hash functions remain safer until a transaction is made.
The dormant wallet problem is where the governance challenge compounds. Charles Hoskinson noted that even the latest Bitcoin proposal to freeze vulnerable coins would still leave at least 1.7M pre-2013 BTC exposed.
🚨HOSKINSON: BITCOIN QUANTUM PLAN WON’T SAVE ALL BTC
Cardano founder Charles Hoskinson says the latest Bitcoin proposal to freeze vulnerable coins would still leave at least 1.7 MILLION pre-2013 BTC at risk from quantum attacks. pic.twitter.com/ERIUZezicu
— Coin Bureau (@coinbureau) April 17, 2026
Wallets that never migrate due to lost keys, inactivity, or abandonment will remain permanently vulnerable after any migration deadline. The board recommends that every network publicly decide whether to freeze, revoke, or leave those assets at risk, and do so sooner rather than later.
Post-quantum solutions already exist, and NIST has standardized several schemes. The main challenge is deployment, as PQ signatures are much larger than elliptic-curve ones, increasing fees and reducing throughput. The board recommends crypto-agility, meaning systems should stay flexible to adopt new standards rather than commit to one now.
Bitcoin’s response is a two-BIP stack. BIP-360, introduced in February, creates a new quantum-resistant output type (P2MR) for new coins. BIP-361, submitted to the Bitcoin BIPs GitHub on April 14 by Jameson Lopp and five co-authors, handles the existing 34% exposed supply. It proposes a three-phase soft fork:
Lopp was direct about the trade-off: ‘I know people don’t like this proposal. I don’t like it either.’ His framing: coins stolen by a quantum computer devalue every other bitcoin, making the freeze a collective defense rather than confiscation. BIP-361 remains a draft with no activation parameters defined.
Not everyone shares the urgency. NVK’s widely circulated thread argued for proportionate concern: ‘The quantum threat to Bitcoin is real but distant. The most dangerous thing isn’t quantum computers, it’s complacency disguised as either panic or dismissal.’
— nvk 🌞 (@nvk) April 6, 2026
Raoul Pal’s market rebuttal is blunter still: ‘You wouldn’t steal something that collapses in value the moment you take it.’ Tether CEO Paolo Ardoino predicted quantum-resistant addresses will be added before any serious threat materializes.
Prediction.
Quantum computing is still very far from any meaningful risk of breaking Bitcoin cryptography.
Quantum resistant addresses will eventually be added to Bitcoin before there is any serious threat.All people alive (and that have access to their wallets) will move…
— Paolo Ardoino 🤖 (@paoloardoino) February 8, 2025
The board’s closing argument cuts through the debate. Uncertainty about how blockchains will handle dormant wallet decisions is already deterring some investors from increasing crypto exposure. A clear, public migration timeline removes a category of tail risk from the asset class. Preparation is not a warning. It is what keeps the warning from ever becoming necessary.
Share
