Why dormant Bitcoin addresses are vulnerable to quantum threats
The common narrative about quantum computing and Bitcoin paints a sudden, network‑wide collapse. That picture misses an important reality: the risk is uneven. Quantum vulnerability largely concentrates in dormant addresses whose public keys are already exposed. This includes many early “Satoshi‑era” coins and wallets presumed lost.
Modern Bitcoin addresses and best practices offer stronger protections, but legacy holdings—unchanged on‑chain for years—could be the first practical targets for early quantum machines. Those wallets give attackers time, scale and little resistance, making them the likeliest starting points for any future quantum‑driven exploits.
This is not a prediction of immediate collapse but of a tiered threat model: some parts of the supply are far more exposed than others. The quantum question is therefore as much about which holdings are structurally exposed now as it is about how powerful future computers will become.
What quantum computers could actually attack in Bitcoin
Bitcoin depends on two cryptographic primitives: hash functions (SHA‑256) for mining and block integrity, and public‑key cryptography (ECDSA/Schnorr) for transaction signatures. Quantum computers affect these differently.
Hash functions are relatively resilient. Grover’s algorithm can reduce their effective strength but does not instantly break them. Public‑key cryptography is more vulnerable: Shor’s algorithm can derive a private key from a known public key. In Bitcoin terms, any coin whose public key is visible can be spent by someone who can compute the corresponding private key.
The key distinction: on‑spend vs. at‑rest attacks
Understanding the practical danger requires separating two attack types.
On‑spend attacks
– Happen while a transaction is broadcast.
– The public key becomes visible only during the transaction.
– An attacker must recover the private key within a short window—roughly one block (~10 minutes).
At‑rest attacks
– Target coins whose public keys are already on‑chain.
– Attackers have long time horizons—days, weeks, or indefinitely—to compute a private key.
– No transaction trigger is needed.
This timing difference matters: on‑spend attacks are limited by speed; at‑rest attacks are limited only by computational capability. Dormant wallets mostly face the latter.
Why dormant wallets could be more exposed than active ones
Dormant addresses combine three features that make them especially attractive to an attacker:
– No defensive action: Active holders can move funds to fresh addresses or adopt new, quantum‑resistant formats. Dormant wallets—owned by inactive or unreachable holders—cannot respond.
– Long exposure windows: With the public key already visible, attackers can work offline without the race against confirmations that protects live transactions.
– High‑value concentration: Many dormant keys date from Bitcoin’s early days when miners accumulated block rewards now worth large sums. That concentrates value into low‑resistance targets.
As a result, quantum‑resistant changes adopted by active users may leave untouched legacy coins exposed.
Which Bitcoin wallets are most exposed
Not all address types carry equal risk. The most exposed include:
– Old P2PK (pay‑to‑public‑key) outputs: Common early outputs reveal public keys directly and lack extra script protections.
– Address reuse: Once an address is spent from, its public key is revealed; any remaining balance on that address becomes vulnerable.
– Certain modern scripts: Some newer formats (e.g., Taproot) reveal public keys on‑chain when spent and could be targets under quantum assumptions, especially if users reuse addresses.
Even formats that are safer in theory lose that benefit if users repeatedly reuse addresses or fail to migrate.
The scale of the problem: dormant coins dominate the risk
This is not purely hypothetical. Estimates indicate millions of dollars worth of BTC sit in addresses with exposed public keys, much of it from early mining rewards that haven’t moved in over a decade. Many of these are 50‑BTC block rewards tied to miners no longer active.
That creates a structural imbalance: a relatively small number of wallets hold a disproportionately large share of vulnerable coins. In plain terms, some of the largest available quantum targets coincide with the largest coin holdings.
A deeper challenge: dormant wallets and network governance
Dormant wallets raise not only technical but governance and policy questions. If quantum attackers begin to spend these coins, the community could confront hard choices:
– Should coins be claimable if an attacker can produce a private key?
– Should protocol changes attempt to freeze or protect long‑dormant funds?
– How should the network treat assets that are likely lost but technically spendable?
These questions touch on property rights, immutability and whether special measures for unreachable wallets are appropriate. Dormant wallets cannot opt into migrations or upgrades, making them edge cases for protocol design.
Why this doesn’t mean Bitcoin is broken
There is no current, widely accepted evidence that quantum computers capable of breaking Bitcoin’s signatures exist today. Developing such systems is expected to take years or even decades of engineering progress.
Moreover:
– The risk should emerge gradually rather than suddenly.
– The ecosystem has time to research and deploy mitigations.
– Active users can adapt faster than dormant wallets.
Therefore, the first effects of quantum advances, if they occur, are likely to be selective rather than universal.
What can be done in the meantime
Mitigations focus on reducing public‑key exposure and preparing migration paths:
– Minimize public‑key exposure: Avoid address reuse and limit when public keys are revealed.
– Migration readiness: Design and test clear pathways for moving funds into quantum‑resistant formats when they become practical.
– Protocol research: Continue exploring how Bitcoin could incorporate post‑quantum algorithms without undermining core properties like decentralization and efficiency.
These measures primarily help those who can act. The gap between movable and immovable coins remains the core policy and security challenge.
This article is produced in accordance with Cointelegraph’s Editorial Policy and is intended for informational purposes only. It does not constitute investment advice or recommendations. All investments and trades carry risk; readers are encouraged to conduct independent research before making any decisions. Cointelegraph makes no guarantees regarding the accuracy or completeness of the information presented, including forward‑looking statements, and will not be liable for any loss or damage arising from reliance on this content.