Nakamoto’s Bitcoin: Quantum Risk & Controversy

Bitcoin’s (BTC -0.34%) pseudonymous creator, known as Satoshi Nakamoto, gave the world a peer-to-peer network that is outside the control of central banks, governments, and other centralized entities.

The world’s largest cryptocurrency is maintained by a global community of users, making Bitcoin a trustless, censorship-resistant, and secure financial system. It ensures that no single entity controls the network, allowing for transparent, borderless transactions and a fixed, immutable, and secure monetary policy.

Soon after giving the world a valuable digital asset, Nakamoto disappeared, leaving behind a treasure: millions of Bitcoins worth billions of dollars.

These dormant holdings, often called Nakamoto’s coins, have never been spent, and now, they are at the center of a growing debate, which isn’t just about influence but also about a potential future threat: quantum computing. As we edge closer to realizing powerful quantum machines, questions about the safety of Bitcoin’s foundational cryptography and what should be done with vulnerable coins, such as Nakamoto’s, are sparking heated controversy across the cryptocurrency world.

Today, we’ll take a deep dive into the situation, why people are concerned, whether those concerns are warranted, and what should be done with Nakamoto’s coins if quantum computing comes to fruition.

What Are “Nakamoto Coins”?

Nakamoto coins refer to the Bitcoin holdings of the pseudonymous creator of the trillion-dollar market cap cryptocurrency. Those holdings are estimated to be about 1.1 million BTC.

In January 2009, Bitcoin was officially launched with the genesis block mined by Nakamoto.

Bitcoin started as a simple experiment, so, at the time, the network had few participants and virtually no competition, resulting in low mining difficulty. This allowed people to mine Bitcoin on their regular computers and earn a mining reward of 50 BTC per block, with blocks mined about every 10 minutes.

During those early times, Nakamoto mined consistently, thus amassing over 1 million Bitcoin in the process. Since they were first mined in 2009, these coins have never been spent or moved and remain in their original addresses to this day. These coins are actually distributed across thousands of different addresses, each one holding small amounts, which points to a deliberate effort to avoid drawing attention to any single wallet.

At Bitcoin’s all-time high (ATH) price of about $126,000 each in October 2025, these holdings were worth approximately $138.6 billion.

This stash makes Nakamoto one of the largest single holders of Bitcoin in existence. Even at today’s BTC price, down 46% from the peak, Nakamoto’s Bitcoin wealth is put at $74.4 billion and among the world’s top 25 richest people.

These massive Bitcoin holdings have never been moved, though. It is speculated that either the creator has passed away or the private keys may be lost forever. It’s also a possibility that access to the coins may have been deliberately destroyed.

As for Nakamoto’s identity, numerous efforts have been made, but they have all been unsuccessful. Among the most famous speculations are Nick Szabo, a cryptographer and computer scientist, and Hal Finney, a cryptographic pioneer who was the recipient of the first Bitcoin transaction, but both have denied the claim. It is also hypothesised that Nakamoto wasn’t a single person but a group of developers, which is supported by the complexity of the Bitcoin software.

Nakamoto is widely believed to have remained, and to continue remaining, anonymous in order to protect the neutrality, integrity, and decentralization of Bitcoin.

Why Are Nakamoto’s Coins So Controversial?

As one of the earliest Bitcoin miners, Nakamoto has amassed a fortune. Their 1.1 million BTC holdings account for more than 5% of Bitcoin’s total fixed supply of 21 million. This surpasses 717,722 BTC (3.4%) accumulated by Michael Saylor’s Strategy and 756,540 BTC (3.6% supply) held by spot Bitcoin ETF leader BlackRock.

So, if Nakamoto coins flood into the market, they can trigger significant price volatility and market uncertainty.

Although the addresses holding these bitcoins have remained untouched for seventeen years, the silence extends beyond the blockchain. These wallets have shown no activity, and there has been no verified public communication from Nakamoto since 2011. As a result, the market effectively treats this vast bitcoin holding as though it does not exist.

In that spirit, Saylor recently observed:

Given that Nakamoto had all this time to sell his BTC, during which the crypto asset went from being worthless to $126,000 per coin, but didn’t, means they don’t intend to sell and are unlikely to do so in the future.

However, Nakamoto isn’t the biggest threat to these coins; quantum computing is.

While the pseudonymous creator may never sell or move the coins, others can gain unauthorized access to their wallets and steal all the Bitcoin with the help of quantum computers.

But how? Well, the earliest Bitcoin addresses used a “pay-to-public-key” (P2PK) format that exposed public keys on-chain. So, this original method of receiving BTC didn’t involve an address; rather paid BTC directly to an exposed public key, making it less private and less secure. In contrast, modern addresses only reveal a hash of the key until coins are spent.

That exposure makes those coins potentially vulnerable to future quantum attacks that could derive the private keys.

Because Satoshi’s coins were never moved, their public keys may already be exposed, making them a high-value quantum target. In fact, a total of almost 7 million BTC are expected to be vulnerable to an advanced quantum attack because “once a public key is exposed on-chain, the risk is permanent.”

The Quantum Computing Threat to Bitcoin

2025 marked a turning point for quantum computing. Tech giants like Google, an Alphabet (GOOG -1.93%) company, and Microsoft (MSFT +0.32%) achieved major breakthroughs with Willow and Majoran, respectively, that signalled the transition of quantum computers from just theoretical research to actual, practical, high-performance machines.

As a result, the US Department of War has mandated that its systems must be ready to upgrade to quantum-resistant encryption before the end of this decade.

So, advancements in quantum computing through more robust qubits for exponential processing power and increased focus on error correction, which are essential for practical applications, are indicating a new era of quantum advantage that could crack Bitcoin’s encryption in the not-so-distant future.

According to Deloitte, quantum computers pose a serious challenge to the security of the Bitcoin blockchain, with 25% of BTC in circulation vulnerable to a quantum attack.

The cryptographic risk to Bitcoin stems from Shor’s algorithm, a quantum algorithm for efficiently factoring integers. This poses a threat to Bitcoin’s security model, as Shor’s algorithm can efficiently solve the complex mathematical problems that currently protect Bitcoin wallet addresses.

Bitcoin secures wallets using Elliptic Curve Digital Signature Algorithm (ECDSA), which is used to generate keys and sign messages. The algorithm links private keys to public keys in such a way that they are easy to verify but impossible to reverse using classical computers.

By running Shor’s algorithm, sufficiently powerful quantum computers can derive private keys from public keys in a matter of minutes.

This means that any BTC on addresses with publicly revealed keys could be easily stolen. Legacy P2PK wallets, such as those attributed to Nakamoto, are currently the most vulnerable because their public keys have been recorded on the blockchain since creation.

With private keys forming the foundation of cryptocurrency ownership and security, this severely compromises the security model that underpins cryptocurrency systems.

Then there’s Grover’s algorithm, which can provide a speedup in attacking hash functions like SHA-256, which underpins Bitcoin’s proof-of-work (PoW) system. This, however, doesn’t “break” them outright, so it’s not a complete compromise of the system.

All of this makes it pretty clear that advances in quantum computing, accelerated by artificial intelligence (AI), are posing a major threat to Bitcoin. But that’s not the current reality, rather a problem still far in the future, as we are still many orders of magnitude away in qubit count and stability.

For instance, IBM’s 1,000+ qubit processors are built using “noisy” physical qubits, which are inherently error-prone. What cryptographic applications ultimately require, however, are logical qubits, meaning error-corrected units capable of performing reliable computations. Creating a single stable logical qubit can require anywhere from 100 to 10,000 physical qubits, depending on the error rates and the correction scheme used.

As per current estimates, breaking Bitcoin’s cryptographic security would require millions to billions of stable qubits, which are simply far beyond current capabilities.

While the quantum threat is still distant, Bitcoin’s security has never been stronger. The network’s hashrate has crossed 1,000 EH/s, currently at 1.134 ZH/s, near its ATH of 1.31 ZH/s hit on Feb. 15. This represents a strong wall of computational work protecting every block. Moreover, there are more than 23,000 reachable full nodes distributed worldwide, preventing a single point of attack.

However, a bigger problem for Bitcoin is the ‘harvest now, decrypt later’ (HNDL) strategy, which presents broader risks that extend beyond Nakamoto’s coins. HNDL refers to a cybersecurity threat in which attackers collect encrypted data today, store it for years or decades, and decrypt it in the future once quantum computers become capable of breaking current encryption standards. It is a present-day risk because data secured with classical cryptography can already be intercepted and archived.

For Bitcoin, the clock may be ticking for long-dormant wallets with exposed public keys. For most users, however, the threat remains limited. The primary vulnerability lies in a narrow attack window when a public key is broadcast to the network during a transaction. In theory, a sufficiently powerful quantum attacker using Shor’s algorithm could attempt to derive the private key within the brief period before the transaction is confirmed.

So, the quantum threat is real, though several years away for now, and in line with that, the community has begun discussing solutions and working on defenses.

The Solution to Bitcoin’s Quantum Computing Problem

One of the most debated questions in crypto today is what should be done with Nakamoto’s coins if quantum computing becomes viable. Several possible approaches are being discussed, each with its pros and cons.

One option is to leave the coins untouched, which would preserve Bitcoin’s core tenets: immutability and neutrality. But this brings a major problem. If quantum capabilities become practical, vulnerable coins could be stolen, and a massive loss of large, dormant holdings could trigger significant market disruption.

A more proactive approach would require owners of P2PK addresses to move their coins to quantum-resistant addresses before a deadline, rendering old addresses unusable.

Another possible option would be to modify the protocol to provide proactive defense and minimize the risk of theft. Developers have proposed upgrades that would ban sending funds to legacy vulnerable addresses and eventually freeze legacy unverifiable signatures.

One such proposal is BIP 360, which has been updated and merged into the Bitcoin Improvement Proposal (BIP) GitHub repository.

The proposal introduces Pay to Merkle Root (P2MR), a new output type to quantum-harden Bitcoin. The proposal will serve as a foundation for later upgrades that could introduce post-quantum signature schemes, such as ML-DSA (Dilithium) and SLH-DSA (SPHINCS+), into Bitcoin via soft forks. The team is also exploring proposals to address long-dormant holdings and other vulnerable coins that are unlikely to move.

Such an upgrade would essentially lock down vulnerable coins before quantum arrives, but comes with its own challenges.

“The hardest truth of Bitcoin quantum upgrade: It would likely require freezing Satoshi’s ~1M BTC, and millions more in old addresses,” noted CryptoQuant CEO Ki Young Ju. “Not just Satoshi. Anyone using old address types faces the same risk: coins frozen by design or stolen via quantum attacks. We may never hear another story of lost coins being recovered. Even securely stored keys could become useless if owners miss a protocol upgrade.”

Then there’s the fact that these proposals require community consensus to move forward, which slows the process.

“The real debate is not whether Q-day is five or ten years away. Consensus has always moved slower than technology. Developers are not the bottleneck. Social consensus is.”

– Young Ju

We’ve already seen this happen with the block size debate that lasted over three years and resulted in hard forks. “SegWit2x ultimately failed to gain sufficient community support. Freezing dormant coins would face similar resistance,” said Young Ju.

That same resistance can be seen now, with Strategy CEO Saylor warning that frequent protocol changes are the biggest threat to the asset, adding that he doesn’t believe the quantum narrative is the greatest security threat to Bitcoin. There are many others in the community who believe immutability is Bitcoin’s greatest value and neutrality is foundational to its credibility, opposing any changes to the protocol.

According to Tether (USDT) CEO Paolo Ardoino, what’s important is that there will only ever be 21 million Bitcoin, and “nothing can change that. Not even quantum computing.”

Meanwhile, Blockstream CEO Adam Back is of the view that the “whole thing is decades away” but “it’s ok to be “quantum ready”’.

In his post Against Allowing Quantum Recovery of Bitcoin, Jameson Lopp, the Co-founder and Chief Security Officer of Casa, a non-custodial Bitcoin security service, argued that quantum-vulnerable funds should be burned and placed “out of reach of everyone.”

Quantum recovery would reward technological supremacy as “quantum miners don’t trade anything,” rather, “they are vampires feeding upon the system,” wrote Lopp.

Avalanche (AVAX -2.34%) founder Emin Gün Sirer is also among those supporting a hard fork to “freeze” untouched coins, making them unspendable and protecting them from theft by malicious actors.

Freezing or burning dormant coins is seen by many as being in conflict with Bitcoin’s core philosophy, and Young Ju said that makes it even more important that the community starts quantum discussions now. “Full agreement may never come, raising the risk of rival Bitcoin forks emerging as quantum technology advances. Technical fixes move fast. Social consensus does not,” he added.

People Are Concerned, Is It Warranted?

So, there are a few approaches that can be taken once the Bitcoin community reaches an agreement. But what about Nakamoto? That’s right, they have already shared their views on the matter.

Just like how Nakamoto had addressed issues years before they became subjects of debate, they also provided guidance on what could be done if Bitcoin’s encryption were ever broken.

“If SHA-256 became completely broken, I think we could come to some agreement about what the honest blockchain was before the trouble started, lock that in and continue from there with a new hash function,” Nakamoto wrote at the time.

If the hash breakdown occurs gradually, the transition can be done in an orderly way. What this means is that “the software would be programmed to start using a new hash after a certain block number. Everyone would have to upgrade by that time. The software could save the new hash of all the old blocks to make sure a different block with the same old hash can’t be used.”

Still, the people are concerned, which is understandable given that cryptography is foundational to Bitcoin’s security. If broken, anyone could forge signatures or steal coins. And when high-value dormant wallets like Nakamoto’s come into the picture, they amplify the stakes and the perception of risk.

So, the concerns are warranted, but it’s important to keep in mind that quantum computers capable of breaking Bitcoin’s cryptography simply don’t exist right now. Research estimates also vary widely, with many believing that it’s years to decades away. There is plenty of time for the Bitcoin ecosystem to adapt.

Not to mention, everything from financial records, medical data, and business communications to intellectual property and government secrets, which are protected by classical public-key encryption, is at risk. And that’s why post-quantum cryptography standards are being developed across the broader security ecosystem.

That’s why digital asset manager CoinShares advocates a gradual transition to post-quantum signatures, in a report that frames quantum risk as a predictable engineering problem that Bitcoin can solve over time.

The risk is not immediate, so while concern is rational and helpful for being proactive, panic is overblown at present.

Conclusion

The controversy surrounding Nakamoto’s coins isn’t just speculation anymore, but rather a growing point of contention among the community as it touches the core of Bitcoin’s philosophy: decentralization, immutability, and resistance to control.

The danger of quantum computing has brought these coins back into the spotlight, forcing the community to grapple with difficult questions about security, protocol change, and the long-term resilience of decentralized money. While the quantum threat is not urgent, the debate over how to confront it will shape Bitcoin’s evolution.

Click here to learn all about investing in Bitcoin.