Assets
Crypto Deposit
Fiat Deposit
Convert
Transfer
Withdraw
My vouchers
Fund history
Dashboard
Account Security
Identity verification
API Management
Transaction Report
Log out
Register
BTCC / BTCC Square / Cryptoslate /
Michael Saylor’s Quantum ’Hardening’ Claim for Bitcoin Ignores the 1.7 Million Coins Already at Risk

Michael Saylor’s Quantum ’Hardening’ Claim for Bitcoin Ignores the 1.7 Million Coins Already at Risk

Author:
Cryptoslate
Published:
2025-12-17 15:45:30
16
2

Michael Saylor says quantum will “harden” Bitcoin, but he’s ignoring the 1.7 million coins already at risk

Michael Saylor paints a future where quantum computing fortifies Bitcoin. The market's buying it. But there's a massive, ticking vulnerability he's not talking about.

The Ghost in the Machine: 1.7 Million 'Lost' Bitcoins

Forget futuristic quantum attacks for a second. The real threat is already sitting in the blockchain, frozen in time. We're talking about 1.7 million BTC—coins mined in Bitcoin's earliest days that have never moved. These aren't HODLer wallets; they're digital graves. Lost hard drives, forgotten passwords, keys buried with their owners.

That's over $100 billion in value at current prices, completely inert and permanently out of circulation. It's the ultimate ironic hedge: a deflationary asset that's so secure, even its rightful owners can't access it. Wall Street would call it 'impaired capital' and fire the CFO.

Quantum's Double-Edged Sword

Saylor's right that quantum resistance will be baked into Bitcoin's future. The protocol will evolve, as it always has. But here's the brutal truth: those same quantum capabilities that could 'harden' new transactions might one day crack the weak, early-era cryptography guarding those 1.7 million sleeping giants.

Imagine the chaos. A sudden, massive influx of supposedly lost Satoshis hitting the market. It wouldn't just be a sell-off; it would be a fundamental crisis of narrative. The 'digital gold' story relies on predictable scarcity. What happens when a vault everyone thought was sealed forever suddenly springs open?

The Unspoken Risk in Plain Sight

While VCs chase the next quantum-secure blockchain, Bitcoin's greatest vulnerability isn't technical—it's historical. The network's strength is also its greatest fragility: its immutable past. You can't upgrade the cryptography on a 2010 wallet. The code is set in stone, waiting for a future key it can't possibly foresee.

Saylor sells tomorrow's solution. Today's problem is a lot bigger, and a lot quieter. It's the sound of 1.7 million coins not moving, and the deafening silence about what happens when they finally do. Sometimes the biggest threat to a fortress isn't the army at the gate—it's the forgotten tunnel buried in its own foundation.

Quantum won't break Bitcoin (if migration happens in time)

Saylor's Core claim rests on the notion of directional truth. Bitcoin's main quantum vulnerability sits in its digital signatures, not proof-of-work.

The network uses ECDSA and Schnorr over secp256k1. Shor's algorithm can derive private keys from public keys once a fault-tolerant quantum computer reaches roughly 2,000 to 4,000 logical qubits.

Current devices operate orders of magnitude below that threshold, placing cryptographically relevant quantum computers at least a decade out.

NIST has already finalized the defensive tools Bitcoin WOULD need. The agency published two post-quantum digital signature standards, the ML-DSA (Dilithium) and SLH-DSA (SPHINCS+), as FIPS 204 and 205, with FN-DSA (Falcon) progressing as FIPS 206.

These schemes resist quantum attacks and could be integrated into Bitcoin via new output types or hybrid signatures. Bitcoin Optech tracks live proposals for post-quantum signature aggregation and Taproot-based constructions, with performance experiments showing SLH-DSA can function on Bitcoin-like workloads.

What Saylor's framing omits is the cost. Research from the Journal of British Blockchain Association argues that a realistic migration is a defensive downgrade: security improves against quantum threats, but block capacity could fall by roughly half.

Node costs rise because current post-quantum signatures are larger and more expensive to verify. Transaction fees climb as each signature consumes more block space.

The hard part is governance. Bitcoin has no central authority to mandate upgrades. A post-quantum soft fork would require overwhelming consensus among developers, miners, exchanges, and large holders, all moving before a cryptographically relevant quantum computer appears.

A16z's recent analysis emphasizes that coordination and timing pose greater risks than the cryptography itself.

Exposed coins become targets, not frozen assets

Saylor's claim that “active coins migrate, lost coins stay frozen” oversimplifies the on-chain reality. Vulnerability depends entirely on the address type and whether the public key is already visible.

Early pay-to-public-key outputs place the raw public key directly on-chain and permanently expose it.

Standard P2PKH and SegWit P2WPKH addresses hide the public key behind hashes until the coins are spent, at which point the key becomes visible and quantum-stealable.

Taproot P2TR outputs encode a public key in the output from day one, making those UTXOs exposed even before they move.

Analyses estimate that roughly 25% of all Bitcoin is already in outputs with publicly revealed keys. Deloitte's breakdown and recent Bitcoin-focused work converge on this figure, encompassing large early P2PK balances, custodian activity, and modern Taproot usage.

On-chain research suggests approximately 1.7 million BTC in “Satoshi-era” P2PK outputs and hundreds of thousands more in Taproot outputs with exposed keys.

Some “lost” coins are not frozen, but rather ownerless and could become a bounty for the first attacker with a capable machine.

Coins that have never revealed a public key (single-use P2PKH or P2WPKH) are protected by hashed addresses, for which Grover's algorithm provides only a square-root speedup, which parameter adjustments can compensate for.

The most at-risk slice of supply is precisely dormant coins locked to already-exposed public keys.

Supply effects are uncertain, not automatic

Saylor's assertion that “security goes up, supply comes down” separates cleanly into mechanics and speculation.

Post-quantum signatures, such as ML-DSA and SLH-DSA, are designed to remain secure against large, fault-tolerant quantum computers and are now part of official standards.

Bitcoin-specific migration ideas include hybrid outputs that require both classical and post-quantum signatures, as well as signature-aggregation proposals to reduce chain bloat.

But supply dynamics are not automatic, and three competing scenarios exist.

The first is “supply shrink via abandonment,” where coins in vulnerable outputs whose owners never upgrade are treated as lost or explicitly blocklisted. The second is “supply distortion via theft,” where quantum attackers drain exposed wallets.

The remaining scenario is “panic before physics,” where the perception of looming quantum capability triggers sell-offs or chain splits before any actual machine exists.

None of these guarantees a net reduction in circulating supply that is cleanly bullish. They could just as easily produce a messy repricing, contentious forks, and a one-time wave of attacks on legacy wallets.

Whether supply “comes down” hinges on policy choices, uptake rates, and the attacker's capabilities.
SHA-256-based proof-of-work is relatively robust because Grover's algorithm only gives a quadratic speedup.

The more subtle risk lies in the mempool, where a transaction spending from a hashed-key address reveals its public key while it waits to be mined.

Recent analyses describe a hypothetical “sign-and-steal” attack in which a quantum attacker watches the mempool, quickly recovers a private key, and races a conflicting transaction with a higher fee.

What the math actually says

The physics and standards roadmap agree that quantum does not automatically break Bitcoin overnight.

There is a window, possibly a decade or more, for a deliberate post-quantum migration. However, that migration is costly and politically hard, and a non-trivial share of today's supply already sits in quantum-exposed outputs.

Saylor is directionally right that Bitcoin can harden. The network can adopt post-quantum signatures, upgrade vulnerable outputs, and emerge with stronger cryptographic guarantees.

However, the claim that “lost coins stay frozen” and “supply comes down” assumes a clean transition in which governance cooperates, owners migrate over time, and attackers never exploit the lag.

Bitcoin can come out stronger, with upgraded signatures and possibly some effectively burned supply, but only if developers and large holders MOVE early, coordinate governance, and manage the transition without triggering panic or large-scale theft.

Whether Bitcoin grows stronger depends less on quantum capability timelines than on whether the network can execute a messy, expensive, politically fraught upgrade before the physics catches up. Saylor's confidence is a bet on coordination, not cryptography.

|Square

Get the BTCC app to start your crypto journey

Download on the App Store GEI IT ON Google Play

Get started today Scan to join our 100M+ users

Exchange for a better future

Products
Services
Guides
About Us
Terms & Agreement
Customer Service

Risk warning: Digital asset trading is an emerging industry with bright prospects, but it also comes with huge risks as it is a new market. The risk is especially high in leveraged trading since leverage magnifies profits and amplifies risks at the same time. Please make sure you have a thorough understanding of the industry, the leveraged trading models, and the rules of trading before opening a position. Additionally, we strongly recommend that you identify your risk tolerance and only accept the risks you are willing to take. All trading involves risks, so you must be cautious when entering the market.

The world’s longest-running cryptocurrency exchange since 2011 © 2011 - 2025 BTCC.com. All rights reserved

All articles reposted on this platform are sourced from public networks and are intended solely for the purpose of disseminating industry information. They do not represent any official stance of BTCC. All intellectual property rights belong to their original authors. If you believe any content infringes upon your rights or is suspected of copyright violation, please contact us at [email protected]. We will address the matter promptly and in accordance with applicable laws.BTCC makes no explicit or implied warranties regarding the accuracy, timeliness, or completeness of the republished information and assumes no direct or indirect liability for any consequences arising from reliance on such content. All materials are provided for industry research reference only and shall not be construed as investment, legal, or business advice. BTCC bears no legal responsibility for any actions taken based on the content provided herein.