TL;DR:
- A Galaxy report reveals that approximately 7 million BTC, around $470 billion, remain vulnerable to future quantum attacks.
- Exposed public keys on-chain, belonging to early users and those who reuse addresses, face the greatest risk.
- Developers are working on solutions such as BIP 360, SPHINCS+ signatures and the “hourglass” mechanism to mitigate a potential quantum threat to Bitcoin.
The research firmĀ GalaxyĀ published a report updating the status of theĀ quantumĀ threat to Bitcoin and detailing the technical defensesĀ that developers are actively building. Although the threat is not imminent, the document warns that a cryptographically relevant quantum computer (CRQC) running Shor’s algorithmĀ could derive a user’s private key from their exposed public key, allowing an attacker to forge signatures and steal funds.
The report acknowledges criticism from some sectors of the industry toward Bitcoin Core developers forĀ moving too slowly in the face of advancing quantum computing. Nevertheless, it argues thatĀ defensive strategies are already in active development.
The Most Exposed Funds
Bitcoin’s architecture offers a natural defense for most users:Ā publicĀ keysĀ remain hidden behind hashed addresses until the exact moment the coins are spent. The problem lies with funds where that keyĀ has already been revealedĀ on-chain.
According to estimates from the security groupĀ Project Eleven, approximatelyĀ 7 million BTC, equivalent to aroundĀ $470 billionĀ at current prices, sit in wallets with already-exposed public keys. These funds belong primarily toĀ early adopters and users who reused addresses, a practice that leaves the public key visible ahead of any future spending.
Galaxy: A Technical Arsenal Under Construction
The Galaxy report detailsĀ four proposalsĀ advancing within theĀ BitcoinĀ development pipeline. The first isĀ BIP 360, also known as Pay-to-Merkle-Root, a soft fork proposal that introduces quantum-resistant P2MR outputs. The second is the “hourglass” proposal, designed to limit the spending rate of legacy P2PK outputsāfor example, to 1 BTC per blockāwith the goal of preventing a supply shock that could collapse the market if a malicious actor gained mass access to those funds.
The other two initiatives areĀ SPHINCS+, a hash-based post-quantum signature scheme recently standardized by NIST, and the “reveal emergency backstop” mechanism, which would require users to publish a compact hash commitment before broadcasting their actual spend, adding a layer of preventive protection.
The consensus emerging from the Galaxy report is clear: the risk exists, the oldest funds are the most exposed, andĀ the tools to neutralize the threat are being forged before that threat materializes.
