04-13-2026Price:

The Frontier

Your signal. Your price.

BITCOIN

Quantum threat shrinks Bitcoin's security window to nine years

Monday, April 13, 2026 · from 3 podcasts, 4 episodes
3 SOURCESBitcoin AndWhat Bitcoin DidBitcoin Optech
  • Analysts now give even odds a quantum computer breaks Bitcoin's encryption by 2033, with 2029 the early window.
  • Over 6 million BTC sit in exposed addresses, ripe for seizure by a slow machine.
  • Developers are building fixes, but each carries major trade-offs in speed, fees, or wallet complexity.

The quantum threat to Bitcoin just got a deadline. Google's Willow paper and a new Oratomic design have slashed the estimated qubits needed to crack a private key by orders of magnitude. Alex Pruden of Project 11 now sees a 50% chance a cryptographically relevant machine arrives by 2033, with 2029 as a plausible early date.

Approximately 6 million Bitcoin, including Satoshi-era holdings, reside in UTXOs with permanently visible public keys. They are the first target for a slow-clock quantum attack. A fast machine, however, could derive keys in under ten minutes, allowing it to front-run any transaction from the mempool and erase the concept of on-chain ownership.

"If an attacker can derive a private key within a block time... the concept of on-chain ownership vanishes."

- Alex Pruden, What Bitcoin Did

Developers are already wrestling with the trade-offs of potential fixes. On Bitcoin Optech, Blockstream's Jonas Nick detailed 'Shrimps', a stateful, hash-based signature scheme where signatures stay small only if wallets perfectly maintain an incrementing counter. Lose that state, and signature sizes balloon to 8 kilobytes, punishing individual users to keep the network lean.

Another proposal, Ava Levy's Quantum Safe Bitcoin, avoids a soft fork by using hash puzzles within current script rules, but transactions become so large they require direct miner transmission and could cost $150 in fees. The alternative - a new quantum-safe chain - lacks Bitcoin's hash rate and would be vulnerable to 51% attacks.

"It moves the risk from the network to the individual. If a user messes up their state, they pay a high fee in data. But the Bitcoin network stays lean."

- Bitcoin Optech Newsletter #399

Consensus is forming that Bitcoin must start testing post-quantum cryptography now. Pruden urges deployment on signets to gather real-world data on speed and size. The community faces a profound property rights dilemma: whether to burn 'lost' coins like Satoshi's during a migration. With state actors incentivized to hide their progress, a visible crisis may only come after the window for a safe upgrade has closed.

ProtocolMiningAdoption
Jonas NickWorldcoinBitcoinSatoshiShrimpsGoogle

Source Intelligence

What each podcast actually said

Bitcoin And | Bitcoin & Economic News
Bitcoin And | Bitcoin & Economic News

CIA AI, Bitcoin Quantum Defense, and Tether AI Toolkit | Bitcoin NewsApr 10

  • Starkware developer Ava Levy proposed Quantum Safe Bitcoin, a scheme making transactions quantum-resistant without soft forks by replacing ECDSA reliance with hash functions.
  • The QSB scheme requires using services like Slipstream for direct miner transmission because transactions exceed standard network relay limits, posing a practical barrier for average users.
  • X402 protocol transaction volume peaked at 13.7 million in a week in November but plunged to just 112,700 weekly transactions by the last week of March.
  • Tether CEO Paolo Ardoino argues centralized AI is a dead end due to speed-of-light latency and single points of failure, positioning QVAC as a building block for a decentralized 'stable intelligence era'.
  • The Royal Government of Bhutan has sold over 70% of its Bitcoin holdings this year, moving out $233 million worth and reducing its stash from a peak of nearly 13,000 BTC to around 3,770 BTC.
  • Bitcoin network hashrate held at 952 exahashes per second with 33,000 unconfirmed transactions and an average fee of 0.02 BTC per block at the time of reporting.

Also from this episode:

AI & Tech (3)
  • The Central Intelligence Agency plans to embed AI coworkers into its analytic platforms within a couple of years to assist with drafting reports, testing conclusions, and identifying intelligence trends.
  • CIA Deputy Director Michael Ellis stated the agency's AI adoption is partly to counter China's narrowed technological innovation gap with the U.S., which he said was significant five to ten years ago.
  • The CIA reviewed 300 different AI projects last year for tasks like processing large datasets and language translation, and created its first intelligence report using AI.
AI Infrastructure (2)
  • Coinbase upgraded its X402 protocol to enable usage-based pricing for AI compute, replacing a flat fee model, and transferred protocol ownership to the nonprofit Linux Foundation.
  • Tether launched QVAC SDK, an open-source toolkit for building local, offline AI apps that runs on iOS, Android, Windows, Mac, and Linux without cloud servers.
Markets (1)
  • World Liberty Financial, co-founded by the Trump family, used nearly 2 billion of its own WLFI tokens as collateral on Dolomite, borrowing $31.4 million in stablecoins and creating concentrated risk for other depositors.
ProtocolAI InfrastructureAgentsWarBTC Markets

Quantum Salvage | Bitcoin NewsApr 9

  • Bernstein analysts led by Gautam Chughani estimate Bitcoin has a three to five year window to implement post-quantum security, framing it as a scheduled evolution rather than a crisis.
  • Google research estimates a future quantum machine could break Bitcoin's elliptic curve cryptography with under 500,000 physical qubits, a 20x reduction from prior estimates.
  • Bernstein notes scaling quantum computers to attack levels would require breakthroughs in hardware and error correction, potentially costing tens to hundreds of billions of dollars.
  • Bernstein identifies approximately 1.7 million BTC in Satoshi-era wallets with permanently visible public keys as the highest exposure segment to a quantum attack.
  • Nick Carter's fiction piece 'Trillion Dollar Salvage' explores a scenario where a quantum attack on exposed Bitcoin leads the US government to seize coins under maritime salvage law, testing Bitcoin's social consensus.
  • Roast Beef of Lightning Labs developed a prototype tool allowing wallet recovery via proof-of-ownership during a quantum emergency upgrade, generating a proof in 55 seconds and verifying it in under 2 seconds on a MacBook.
  • Developer Robert Graham argues Adam Back and Satoshi Nakamoto's C++ coding styles are completely different, with Back's resembling academic Unix code and Satoshi's that of a professional Windows programmer, contradicting the New York Times' linguistic analysis.
  • BitMEX co-founder Ben Delo donated $5.4 million to Nigel Farage's Reform UK party, a move Bennett suggests may fuel UK political efforts to ban crypto donations.
  • Arthur Hayes is skeptical of reports Iran is collecting Bitcoin tolls from oil tankers, demanding on-chain proof and calling it IRGC theater until verified.
  • Nunchuk released open-source tools for AI agents to interact with Bitcoin wallets using a bounded authority model, where agents operate within user-set spending caps and approval policies.

Also from this episode:

BTC Markets (1)
  • David Bennett reports the Morgan Stanley Bitcoin Trust (MSBT) raised $33.9 million on its first trading day, trading over 1.6 million shares.
AI & Tech (1)
  • Visa unveiled 'Intelligent Commerce Connect', a platform for AI-driven autonomous shopping that supports tokenized payments and is compatible with major AI agent protocols.
BTC MarketsProtocolBankingRegulation
What Bitcoin Did
What Bitcoin Did

Peter McCormack

Is the Quantum Threat to Bitcoin Actually Real? | Alex PrudenApr 9

  • Alex Pruden estimates a 50% chance a cryptographically relevant quantum computer capable of breaking Bitcoin will exist by 2033, potentially as early as 2029.
  • A quantum computer breaks Bitcoin by solving the discrete logarithm problem to derive private keys from public keys. A slow machine threatens only exposed public keys, while a fast one could front-run transactions from the mempool.
  • Roughly 6 million Bitcoin currently reside in UTXOs with exposed public keys, making them immediately vulnerable to a slow-clock quantum attack.
  • Recent quantum computing papers from Google and Oratomic lowered the resource estimates for breaking elliptic curve cryptography by orders of magnitude, moving the goalposts closer.
  • Pruden argues Bitcoin should start implementing and testing post-quantum cryptography now to avoid a rushed, forced migration later. He views a multi-year consensus and deployment process as inevitable.
  • BIP 360 is a first step toward quantum resistance but is insufficient. Pruden advocates for deploying multiple candidate algorithms on testnets now to understand real-world trade-offs like signature size and speed.
  • A quantum attack may not be detectable; stolen coins could look like a routine hack. Pruden argues Bitcoin is a uniquely attractive target due to its irreversible settlement and potential for immediate profit.
  • Migrating all Bitcoin UTXOs to post-quantum addresses would take 75-100 days if the network were dedicated solely to migration, or about a year with a more practical allocation of block space.
  • The community is split on whether to burn 'lost' coins like Satoshi's during a migration. Pruden leans toward burning for economic health but acknowledges the profound property rights dilemma.
  • Standardized post-quantum algorithms are based on hash functions or lattice problems, with no guarantee they will remain unbroken. This underscores the need for long-term cryptographic agility.

Also from this episode:

AI & Tech (2)
  • Google's Willow paper in 2024 demonstrated below-threshold error correction, proving error rates can decrease as more physical qubits are added. This was a key theoretical breakthrough for scalability.
  • Neutral atom quantum computers have progressed from zero physical qubits to arrays of thousands in five years. The Oratomic paper theorized an architecture needing only 10,000 physical qubits for a slow-clock attack.
ProtocolCustodyBTC Markets
Bitcoin Optech
Bitcoin Optech

Bitcoin Optech: Newsletter #399 RecapApr 7

  • Jonas Nick details Shrimps, a post-quantum hash-based signature scheme where signatures are 350 bytes on a primary stateful device. If that device is lost, imported devices produce 2.5 kilobyte signatures, with a final 8 kilobyte fallback for catastrophic failure.
  • Shrimps and its predecessor Shrinks require wallets to be stateful, tracking an incrementing integer for each public key to count signatures. If this state is lost or corrupted, security breaks and the wallet must use a large fallback signature.
  • Conduition highlights isogeny-based cryptography as a promising post-quantum candidate because its structure allows key re-randomization. This enables BIP32-like hierarchical key derivation and Taproot-like key tweaking, features hash-based and lattice-based schemes struggle to replicate.
  • SkiSign, an isogeny-based signature scheme, has 65-byte public keys and 148-byte signatures. Verification is about 50 times slower than Schnorr or Dilithium, posing a potential bottleneck for full block validation.
  • Conduition notes isogeny cryptography relies on the supersingular isogeny path problem, a newer but well-studied assumption. He cautions that schemes like SkiSign and PRISM have complementary security proofs, making it hard to prove both secure simultaneously.
  • Armin describes how wallet fingerprints - artifacts like signature grinding, SIGHASH flags, and nSequence values - can break PayJoin privacy. Analysts can partition transaction inputs between sender and receiver by spotting inconsistent behaviors between collaborating wallets.
  • Explicitly stating SIGHASH_ALL in Taproot signatures is a wasteful bug that creates a fingerprint. Since Taproot defaults to SIGHASH_ALL, including the byte adds unnecessary transaction weight and identifies non-compliant wallets.
  • BIPs 440 and 441, part of the "script restoration" effort, are now published. BIP 440 proposes a VAR Ops budget for limiting script complexity, while BIP 441 proposes re-enabling disabled opcodes like OP_CAT within a new Tapscript version.
  • Pais proposes BIP 2130, a standard for wallet backup metadata formats. It aims to create an interoperable way to export and import not just descriptors, but full wallet state including labels, transaction history, and coin data.
  • Eclair 3269 adds automatic liquidity reclamation, closing idle redundant channels. It reduces relay fees over time and closes a channel if, after five days at minimum fee, payment volume stays below 5% of capacity and the local balance is over 25%.
  • LDK adds support for zero-channel-reserve channels, primarily for LSP-user relationships. This lets users commit their full on-chain balance to a channel, shifting the trust and risk onto the service provider.
  • LND implements proper MuSig2 nonce handling and RBF support for cooperatively closing simple Taproot channels. The update hardens the protocol against nonce reuse, which could expose private keys.
ProtocolPrivacy

Related Stories