Quantum computers are coming for Bitcoin — and Satoshi’s 1.1 million BTC might be the first casualty. Those coins have sat completely untouched since 2010, stored in early Pay-to-Public-Key outputs with their public keys sitting nakedly on the blockchain for anyone to see. That’s a problem. A big one.
Here’s why. Quantum computers running Shor’s algorithm can derive private keys directly from public keys, exponentially faster than anything classical computers can manage. With public keys already exposed in Satoshi’s P2PK outputs, attackers wouldn’t even need to wait for a transaction. The keys are just… there. Charlie Lee has already flagged Satoshi’s fortune as the most likely first major target when capable quantum machines arrive.
And they are arriving. Google’s Willow chip sits at 105 physical qubits right now. Breaking Bitcoin’s elliptic curve encryption requires roughly 4,000 logical qubits. So, not today. But the trajectory is real. Estimates suggest a sufficiently powerful machine could crack a Bitcoin signature in around 30 minutes — well under the 10-minute block window that currently protects transactions. Once that threshold falls, it’s over for exposed coins.
Satoshi’s holdings aren’t alone in this mess. Around 25% of all circulating Bitcoin sits in vulnerable addresses. Total exposure runs somewhere between 2 and 4 million BTC. That’s 10 to 20% of the entire supply at risk. Reused legacy addresses leak public keys the moment they spend, adding even more coins to the target list. Unlike traditional systems, blockchain’s peer-to-peer network architecture means there is no central authority capable of freezing or reversing transactions once a private key is compromised.
The mitigation options exist but require consensus nobody has fully reached. Post-quantum cryptographic standards — lattice-based, hash-based — were finalized by NIST in 2024. BIP 360 offers some short-term resistance but remains incomplete. The network needs to upgrade before Q-day hits, not after. Cryptographers broadly agree that user migration to quantum-resistant addresses is essential for comprehensive protection across the entire network. Governments are urging critical infrastructure to complete this transition to post-quantum cryptography by the mid-2030s, adding institutional weight to what is already a pressing technical deadline.
Back in 2010, Satoshi himself acknowledged the quantum threat, expressing confidence that gradual progress would give the network time to adapt. Gradual being the operative word. Nation-states will likely prioritize intelligence targets before Bitcoin. But the clock is ticking, and Satoshi’s dormant billions are sitting right in the crosshairs.
