Coinbase’s Head of Investment Research, David Duong, has noted that advances in quantum computing present risks that extend beyond Bitcoin’s private key security, potentially introducing long-term challenges to the network’s economic and security models.

However, he stressed that current quantum technology remains far from capable of compromising Bitcoin’s cryptographic defenses. This makes these concerns a long-term consideration rather than an immediate risk.

Two Distinct Threats to Bitcoin’s Foundations

In a detailed post, Duong explained that the main risk would materialize at a point often referred to as “Q-day.” Essentially, Q-day describes a hypothetical future moment when quantum computers become powerful enough to undermine Bitcoin’s cryptography by running algorithms such as Shor’s and Grover’s.

He added that Bitcoin’s security rests on two cryptographic foundations: ECDSA, which secures transaction signatures and ownership, and SHA-256, which underpins proof-of-work mining and the integrity of the blockchain. According to him,

“That means quantum computers actually pose two separate threats.”

Duong pointed out that quantum-capable systems could undermine the cryptographic safeguards of private keys. This, in turn, increases the risk of unauthorized spending from vulnerable Bitcoin addresses. He highlighted that this signature-related risk breaks down into two dimensions.

“Long-range attacks against outputs whose public keys are already exposed onchain, and short-range attacks that could front-run spends as public keys appear in the mempool,” he added.

According to Duong, approximately 6.51 million Bitcoin, representing about 32.7% of the total supply, could be exposed to long-range quantum attacks as of block 900,000. This vulnerability is primarily linked to address reuse and specific script formats that reveal public keys directly on-chain.

These include Pay-to-Public-Key (P2PK), bare multisignature (P2MS), and Taproot (P2TR). Early Bitcoin holdings, often associated with the Satoshi era, make up a notable portion of the older P2PK outputs.

“Every output is vulnerable to short-range attacks at the moment of spending, which elevates the urgency of a broad migration toward quantum-resistant signatures even if the near-term probability of a successful attack remains low,” the executive noted.

In addition to key security concerns, Duong pointed out that quantum-enabled mining could introduce efficiencies that challenge Bitcoin’s current consensus economics and network security.

“We think quantum mining itself remains a lower-priority concern for now given scaling constraints, making signature migration the central issue,” he said.

How Bitcoin Can Prepare for Quantum Risks

In the second part of his analysis, Duong detailed a range of approaches to mitigate quantum-related risks. Chief among them is the long-term integration of post-quantum cryptography into the network, relying on algorithms designed to withstand quantum attacks.

He pointed to the US National Institute of Standards and Technology’s shortlist of post-quantum cryptographic standards, which includes CRYSTALS-Dilithium, SPHINCS+, and FALCON.

Duong also cited research from Chaincode Labs, which outlines two possible paths. A rapid quantum breakthrough would require an emergency migration plan that could be executed within two years.

If progress remains gradual, a longer-term approach would allow Bitcoin to adopt quantum-resistant signatures through a soft fork. That path, he explains, could take up to seven years.

This reflects the practical challenges of larger signature sizes, slower verification, and the need for wallets, nodes, and fee markets to adjust. In addition, some technical proposals like BIP-360, BIP-347, and Hourglass also seek to address the quantum threat.

“Best practices include avoiding address reuse, moving vulnerable UTXOs to unique destinations, and developing client-facing materials to institutionalize quantum-ready operations. This approach is supported by the current understanding that vulnerable scripts are not in production and that per-address fund limits mitigate concentration risk,” he mentioned.

Lastly, the executive emphasized that quantum computing is not viewed as an “imminent threat.” This assessment aligns with several voices across the industry. Experts, including Jameson Lopp, co-founder of Casa, Adam Back, CEO of Blockstream, and  Charles Hoskinson, founder of Cardano, argue that quantum risks remain distant rather than urgent.

However, some remain cautious. David Carvalho of Naoris Protocol warns that compromise could arrive in 2–3 years. The Quantum Doomsday Clock project even predicts a possible break of Bitcoin encryption by March 8, 2028.