In a stark warning that underscores a fundamental long-term security challenge for the world's leading cryptocurrency, David Duong, head of institutional research at Coinbase, has revealed that approximately one-third of Bitcoin's total supply is vulnerable to future attacks from quantum computers. Speaking to DL News, Duong detailed how advancing quantum technology poses unprecedented risks to Bitcoin's cryptographic foundations.
The core vulnerability lies in Bitcoin's current use of Elliptic Curve Digital Signature Algorithm (ECDSA) cryptography. Quantum computers, leveraging algorithms like Shor's, could theoretically solve the mathematical problems underpinning ECDSA exponentially faster than classical computers. This presents two primary attack vectors: the potential disruption of Bitcoin's proof-of-work mining ecosystem and, more urgently, the ability to derive private keys from exposed public addresses to steal funds directly.
Duong emphasized that private key derivation is the central issue, stating, "Given the current pace of technological development, the threat of private key derivation is the central issue facing Bitcoin." The risk is not immediate, as cryptographically relevant quantum computers (CRQCs) are estimated to be 10-15 years away, but the "store now, decrypt later" attack model means data collected today could be decrypted in the future.
The analysis categorizes Bitcoin addresses by risk level based on their transaction history. High-risk addresses, constituting roughly 33% of Bitcoin's 21 million maximum supply, are those where public keys have been exposed on the blockchain—typically when users spend funds from an address. Medium-risk addresses are those that have been reused without key exposure, while fresh, single-use addresses are considered low risk.
Coinbase's institutional research carries significant weight in traditional finance circles, and this warning could influence investment decisions and risk assessments for major corporations, hedge funds, and sovereign wealth funds that have adopted Bitcoin. The potential market impact is substantial, as perceived security risks might lead to premium discounts for vulnerable Bitcoin or a shift toward quantum-resistant alternatives.
The Bitcoin development community is actively researching mitigation strategies, including potential soft forks to integrate post-quantum cryptographic signature schemes, improved address management protocols, and quantum-resistant multisignature schemes. The process will require careful implementation to maintain Bitcoin's decentralization. Regulatory bodies, such as the U.S. National Institute of Standards and Technology (NIST), are also progressing with post-quantum cryptography standardization, which may eventually influence requirements for financial institutions holding digital assets.
