How Much Bitcoin Is Quantum-Vulnerable? Researcher Says 6.9 Million BTC

Project 11 CEO Alex Pruden is challenging a CoinShares estimate that only 10,200 bitcoin sit in “genuinely” quantum-vulnerable legacy addresses, arguing instead that roughly 6.9 million BTC could be exposed if cryptographically relevant quantum computers arrive sooner than the market expects.

The dispute, amplified by Castle Island partner Nic Carter, goes to the heart of a debate that has started to spill out of academic circles and into investor-facing research: not whether quantum computing would be catastrophic for today’s signature schemes, but how much Bitcoin is already exposed given how keys are used on-chain and how quickly the ecosystem would need to coordinate a migration.

Why ‘Only 10,000’ Bitcoin Are The Wrong Estimate

Pruden’s core objection to the “only 10k BTC” framing is definitional. In his thread, he argues quantum vulnerability extends well beyond old-style pay-to-public-key (P2PK) outputs and includes “any address that has signed a transaction once (and left residual funds there),” because the public key becomes visible on-chain once a spend is signed. In that model, coins left behind in those UTXOs could be vulnerable to an attacker able to derive a private key from a known public key.

He points to a “constantly updated tracker” run by Project Eleven listing 6,910,186 BTC as quantum-vulnerable, and cites Chaincode Labs’ technical report on post-quantum threats to Bitcoin as a cross-reference.

Pruden also singles out Satoshi Nakamoto’s presumed holdings as a large, dormant target surface. “The entity believed to be Satoshi alone holds 1,096,152 BTC across 21,924 addresses. All vulnerable,” he wrote, framing those coins as exposed under his broader definition.

Carter, responding to coverage circulating around the CoinShares number, said: “re that number of ‘only 10k quantum-vulnerable BTC’ you are seeing reported today… as much as I respect Chris and his work at Coinshares, he’s wrong on this one.”

Pruden situates the Bitcoin debate inside a wider shift among large tech companies and security institutions toward post-quantum planning. He cites a Google blog post by Hartmut Neven and Kent Walker that characterizes post-quantum cryptography as an urgent, systemic transition requiring coordinated action and accelerated adoption.

He also references a Google research result suggesting breaking RSA-2048 may require “~1 million noisy qubits,” lower than earlier estimates, and argues this compresses perceived timelines — even if Bitcoin uses ECDSA rather than RSA. To reinforce the uncertainty, Pruden quotes prominent theoretical computer scientist Scott Aaronson warning against complacency around Shor-vulnerable systems:

“On the other hand, if you think Bitcoin, and SSL, and all the other protocols based on Shor-breakable cryptography, are almost certainly safe for the next 5 years … then I submit that your confidence is also unwarranted. Your confidence might then be like most physicists’ confidence in 1938 that nuclear weapons were decades away, or like my own confidence in 2015 that an AI able to pass a reasonable Turing Test was decades away… The trouble is that sometimes people, y’know, do that.”

Pruden’s conclusion from that framing is less about predicting a date and more about avoiding a planning regime built on “it’ll be slow.”

Pruden argues the CoinShares post underestimates the operational reality of a post-quantum transition for an already-deployed, decentralized system. He highlights the need to migrate “millions of distributed keys,” the lack of a centralized authority, and the fact that asset ownership is enforced purely by digital signatures, with “no fallback.”

He also cites peer-reviewed research claiming “the BTC blockchain would have to shut down for 76 days” to process migration transactions for the existing UTXO set in a best-case scenario — a datapoint meant to stress that even a distant threat can demand near-term engineering and governance work.

Pruden further criticizes what he calls an appeal to authority in citing a hardware-wallet executive as evidence quantum is far away, arguing vendors may have incentives to downplay urgency if quantum-resistant signatures would obsolete existing devices.

At press time, BTC traded at $69,050.