A new joint report from asset manager Ark Invest and crypto custody firm Unchained has identified a significant structural tail risk for Bitcoin: approximately 34.6% to 35% of the total Bitcoin supply could be vulnerable to future quantum computing attacks capable of breaking today's elliptic curve cryptography (ECC).
The report, authored by Dhruv Bansal and Tom Honzik of Unchained and David Puell of Ark Invest, details that this vulnerable portion includes roughly 5 million BTC (25% of supply) held in reused addresses, 1.7 million BTC (8.6%) in early pay-to-public-key (P2PK) addresses, and about 200,000 BTC (1%) in Taproot's P2TR addresses. In these cases, public keys have been exposed on-chain, which would theoretically allow a quantum-capable adversary to derive private keys and steal funds.
"Today's quantum systems lack the capabilities required to compromise Bitcoin," the authors wrote, emphasizing that this is a long-term risk, not an imminent threat. They argue that a major breakthrough would likely disrupt broader internet security first, prompting coordinated global responses before Bitcoin is directly targeted.
The report outlines a multi-stage timeline for quantum advancement, suggesting the Bitcoin community has years to prepare. It frames the risk as a "structural tail risk" that long-term investors must consider, as the potential for "lost" or dormant coins—including the roughly 1 million BTC attributed to Satoshi Nakamoto—to re-enter circulation could impact supply expectations and pricing narratives, especially for institutional custody standards.
The authors stress that mitigation is possible. "The good news is that we already know how to protect against quantum attacks," the report states, noting that most Bitcoin is already held in quantum-resistant addresses. The solution involves developing and deploying quantum-resistant address types, creating migration incentives, and establishing stricter norms against key reuse well before the cryptographic math is broken.
