Some truths are simple, yet hard to act on. Everyone knows that buying assets at the bottom is how you make money, but humans always only pay attention to opportunity at the top, itching to buy in — while at the bottom, we focus on risk and find every reason not to touch it.
Bitcoin is the perfect example. At the end of 2024 it broke through $100,000 for the first time, and everyone was either scrambling to buy or thinking it had risen too high and vowing to buy on the pullback. As I write this, Bitcoin is trading around $75,000 — up 20% from the $62,000 low, but still more than 20% below $100,000, and a full 40% below the all-time high of $126,000. If you believe in Bitcoin, putting spare capital to work here should be a simple decision. Yet instead, what we focus on at this moment is the risk — like the arrival of quantum computing. This was especially true after the Google Quantum AI team, together with Stanford and Ethereum Foundation researchers, published a white paper last month showing that the quantum resources needed to break Bitcoin wallet encryption are nearly 20 times less than previously estimated, suddenly putting the quantum threat squarely in the spotlight.
I agree the quantum computing risk is real, but I’m sticking with my advice in Buy $100 of Bitcoin Every Day — with one caveat. Let me first set the context, then offer concrete advice on how Bitcoin holders should prepare for the arrival of quantum computing.
Quantum Computing: A Y2K Bug Without a Set Date
Last century we had the urban legend of Y2K: the moment the clock struck midnight on January 1, 2000, banking systems would crash, public services would grind to a halt, airports would descend into chaos, and planes might even fall from the sky. In the end, Y2K was all thunder and no rain — apart from some elderly folks being tricked into buying deworming pills, nothing happened.
Quantum computing, by contrast, is a genuine Y2K bug. It won’t just affect Bitcoin, Ethereum, and every other cryptocurrency — the entire internet, all banking, and military communications will be impacted, and everyone needs to prepare in advance.
What makes this tricky: twenty-some years ago, everyone knew exactly which second Y2K would arrive (assuming it didn’t just stand us up). This time, the “quantum Y2K” has only given humanity a vague appointment called Q-Day — Quantum Day, the moment a quantum computer first has enough power to break mainstream public-key cryptography like RSA and ECDSA. But estimates for when Q-Day will actually arrive range anywhere from a few years to a few decades.
Bitcoin is secure because only the private key can move the assets, and deriving a private key from a public key through computation would take longer than the history of humanity — longer even than the universe. That logic holds for today’s computers, and it already accounts for computing speeds increasing by factors of thousands, billions, even trillions of times. But quantum computers work on an entirely different foundation, making them exceptionally good at deriving private keys — rendering mainstream public-key cryptography fundamentally broken. In other words, any Bitcoin stored at an address whose public key has ever been exposed — estimated at 6.7 million BTC, or 34% of circulating supply — could be easily stolen after Q-Day.
BIP-360: Voluntary Migration to a Quantum-Resistant Address
To counter this risk, the Bitcoin community has drafted BIP-360: Pay-to-Merkle-Root (P2MR). If adopted, holders will be able to move their Bitcoin into a new wallet format, P2MR, that doesn’t expose public keys (sparing you the technical details) — so even when Q-Day arrives, there’s nothing to worry about.
BIP-360 effectively counters quantum attacks, but it requires holders to proactively move their Bitcoin to the new safe wallet. Here’s the problem: of the 6.7 million BTC sitting in quantum-vulnerable addresses, an estimated 3.7 to 4 million BTC have lost private keys — including the 1 million BTC held by Satoshi. In other words, without some other solution, there is nothing to do but wait for Q-Day to arrive, at which point these coins will be “mined” by whichever institution or nation-state gets a working quantum computer first.
Given corporate competition and geopolitical rivalry, it’s unlikely that multiple companies or multiple countries will simultaneously possess the first practically deployable quantum computer. Which means that after Q-Day, a large amount of Bitcoin will end up in the hands of a few — or even a single — organization.
Of course, the real game theory is more complex. If Q-Day arrives suddenly, Bitcoin will plunge, so shorting heavily first and then proving to the market that quantum computers have arrived could be even more profitable, and faster. Or consider this: relative to Bitcoin’s “mere” $1–2 trillion market cap, using a quantum computer to steal US dollars or military secrets would be far more valuable. Either way, as quantum computers arrive and proliferate, quantum-vulnerable addresses will become ATMs — and more fundamentally, Bitcoin’s entire narrative of decentralization and digital gold could collapse.
BIP-361: Forced Freezing of Unmigrated Assets
And so, recently, the Bitcoin community has proposed BIP-361: Post Quantum Migration and Legacy Signature Sunset. It takes the active approach: three years after activation, the consensus layer will force legacy quantum-vulnerable addresses to only send, never receive Bitcoin; then five years after activation, any Bitcoin that still hasn’t migrated will be frozen, preventing post-Q-Day plunder.
You don’t need me to explain that while BIP-361 is a proactive bomb-defusing measure, forcibly freezing holders’ assets is undeniably an abandonment of principles the Bitcoin community has upheld for over a decade. Compared to the simple directness of BIP-360, BIP-361 is enormously controversial and stands little chance of winning clear community support. Freezing specific addresses violates core values; not freezing them means being picked clean. And with no concrete date for Q-Day, no hard deadline, reaching community consensus is all the more difficult.
BIP-360’s activation via soft fork is only a matter of time, not really in doubt. BIP-361 or its variants, however, will almost certainly struggle to get Bitcoin Core developers on board for a long time. Yet at the same time, there will no doubt be plenty of supporters — especially corporations holding large amounts of Bitcoin, who aren’t as “stubborn” as the fundamentalists and tend to take a more “pragmatic” approach. With both sides deadlocked, a hard fork becomes very likely — splitting into a die-hard BTC and a pragmatist coin like BTQ. Or the other way around: the pragmatist chain may inherit the OG name BTC, while the die-hards become BTCC, Bitcoin Classic — after all, ticker symbols are ultimately decided by the exchanges.
A split is usually seen as a negative, but in the crypto world, a split is sometimes an “airdrop” opportunity. Take Ethereum’s hard fork after The DAO hack. Because ETH — the side that forcibly froze assets — had the backing of the Ethereum Foundation, Vitalik, and most core developers, its price was unaffected by the fork, rising from $12 in July 2016 to around $2,400 today. Meanwhile ETC — the die-hard Ethereum Classic — went from $0.75 at launch to $8.70 today. ETC may look shabby on the surface, but its market cap still sits at $1.3 billion — all of it an “airdrop” to former ETH holders.
The One Thing Bitcoin Holders Need to Do
After all that, what do Bitcoin holders actually need to do in the face of the quantum threat? Self-custody.
The reason is simple. When Bitcoin really does split in two, existing holders will own both coins. If you hold 1 BTC before the hard fork, afterward you’ll have 1 BTC + 1 BTCC. But you must control your own private keys to receive the forked coin. If your Bitcoin is on an exchange — or even in an ETF — the custodian will likely pick a side. Your original holdings and units won’t be affected, but you’ll probably never receive the new coin.
If the two post-split coins turn out to be as lopsided as ETH and ETC, and your exchange picks the right side, your loss is relatively limited — you’ve simply handed your “airdrop” to the exchange for free. And in fact, this has already happened repeatedly during Bitcoin’s 2017 and 2018 hard forks into BCH, BTG, and BSV.
The Ethereum precedent offers a reference, but if Bitcoin really does hard fork, the price ratio won’t necessarily be as one-sided as ETH and ETC. This time, core developers will likely side with the die-hards, and the assets being frozen aren’t a hacker’s — they belong to OGs including the founder himself. One side controls the capital, the exchanges, the ETFs; the other side holds the moral legitimacy. It’s evenly matched. In that scenario, being stuck with only the coin your exchange chose becomes a significant cost. The “fun” part: the forked-out coins don’t disappear — they all become the exchange’s assets.
The oft-repeated saying “Not your keys, not your coins” — this is exactly what it means.
p.s. Has anyone noticed that since the government loudly declared last year it would “make Hong Kong a virtual asset management hub,” Web3 has hardly been mentioned lately? Of course — prices are down, AI is hot, the Northern Metropolis is here. Time for another new story.
Leave a Reply