By design, every Bitcoin address exposes its public key on-chain once it is spent from. Some output types, like Pay to Public Key (P2PK) and Taproot (P2TR), reveal it even earlier, just by being created.
That design choice was harmless at birth, but with quantum computing progress being made across the industry, exposed keys are turning into liabilities for Bitcoin.
Here’s why.
A sufficiently powerful quantum computer could, in theory, break Bitcoin’s encryption and derive a private key from a public key, giving an attacker full control over any funds in that address. As of today, 6.6 million bitcoin, roughly 30% of the total supply, sit in addresses that have already exposed their public keys.
Around one million of them are Satoshi’s coins, bitcoin mined in the early days, sitting untouched in P2PK addresses since their mint. They would likely be among the first targets of a quantum attacker. At today’s prices, that’s a 110 billion dollar prize for whoever breaks ECDSA first, and a direct hit to Bitcoin’s credibility.
This is why the community has started debating the big question: what should be done with coins sitting in P2PK addresses?
There are three (3) current proposals for how to manage this situation:
- The “do nothing” camp - a.k.a.. “Liquidators”
- The “freeze-the-coins” camp (via soft fork) - aka “confiscators”
- The “Hourglass” camp (via soft fork) - suggests rate limiting spends from these addresses to slow the effects of liquidation
The Liquidation Camp
If the Bitcoin community chooses to do nothing about the threat, around 1.7M bitcoin could be liquidated from P2PK addresses (including Satoshi’s coins) within minutes by a quantum attacker.
PROS & CONS
PROS:
The argument for allowing this liquidation event to happen without interference (e.g. pre-emptively burning the coins) is that, in theory, someone could potentially still hold and want access to those coins (e.g. Satoshi), and tampering with that right, even when acting in benefit of the masses, is, in their eyes, setting a dangerous precedent. Once you alter the rules for one group of holders, what stops future generations from doing it again?
CONS:
Critics of this path argue that “doing nothing” is not neutrality. Allowing these liquidations to unfold would likely cause a cascade effect, triggering large-scale sell-offs across the market. The scale of the attack could trigger network congestion, liquidity shortages, systemic risk for service providers – but most importantly, would almost certainly trigger a sell-off unlike any seen in Bitcoin’s history, and one many believe we would not bounce back from (think: probable 95% drawdown).
Additionally, some argue that once Satoshi’s coins (and the core assumptions of the protocol) are hacked, confidence in the network will be fundamentally broken in a way that would be difficult to bounce back from.
Burning or Freezing P2PK Coins
Another approach is to burn or freeze coins sitting in P2PK output types. Some versions of this idea include a grace period that gives holders time to move funds to safer outputs, such as unspent P2PKH addresses, before the restriction takes effect.
PROS & CONS
PROS:
Supporters of the burn/freeze approach usually frame the problem in terms of personal responsibility. If holders are given notice and tools to move their coins, those who fail to act are seen as accountable for their losses. Bitcoin’s ethos of self-custody is central to this argument: your keys, your coins, and also your risk.
Some consider this approach a defensive step aimed at preserving the network’s stability by reducing the number of exploitable targets.
CONS:
Critics call this route confiscation, an outcome Bitcoin was designed to prevent. Casa CEO Jameson Lopp described it as “a quantum state of confiscation” during the Presidio Bitcoin Quantum Summit:
“It’s a quantum state of confiscation, because from one perspective you’re not allowing people to access their funds; however, there’s a completely opposing perspective from those who wish to secure the economic value of their holdings against massive devaluation and volatility, which is: I want to do what I can to try to secure the value of these funds by preventing mass liquidation events.”
Hourglass: The Needle in the Middle
Hourglass presents a middle ground between the other two options.
Developed by Hunter Beast and Michael Casey, it addresses the quantum vulnerable coins dilemma by rate-limiting the movement of coins out of P2PK addresses. Hourglass caps the spending rate of P2PK outputs to some yet-to-determined amount of bitcoin per block (e.g. 1 bitcoin per block), throttling how fast coins can be liquidated in case of an attack.
PROS & CONS
PROS:
Proposers argue that it offers a way to defend Bitcoin against a quantum threat with lesser infringement on property rights. By limiting the spend rate, it stretches a liquidation that could happen in minutes across a pre-determined, longer timeline. Supporters argue that this approach gives Bitcoin a chance to defend itself while preserving one of its core principles: still your keys, still your coins.
Hourglass would also help strengthen Bitcoin’s security budget, benefiting miners and the network as people compete to include their transaction into a limited block space for P2PK outputs.
Michael Casey explained how Hourglass can also shift the game theory behind a quantum attack:
CONS:
Critics of Hourglass argue that, depending on the rate limit set, the measure could still be seen as confiscatory or fail to achieve its intended impact. Setting the limit too low would prevent people from moving their entire holdings for decades, while setting it too high wouldn’t slow an attack enough to effectively protect the network.
For detractors, soft forks are also seen as problematic, as they require consensus, coordination, and governance challenges, on a threat that, for them, is not even worth defending against, as it's often seen as far away or not even real enough.
The Threat to Reused Addresses
It’s worth noting that coins in P2PK addresses represent only a portion of all quantum-vulnerable bitcoin. Roughly 4.7 million BTC sit in reused addresses, which are also quantum-vulnerable and could be also targeted as quantum capabilities advance. Other proposals, such as Jameson Lopp’s QBIP, aim to address the liquidation risks affecting this broader set of vulnerable coins, including those in reused addresses or exposed during short-exposure attacks. For more information, visit QBIP.org.
