Physical Address
304 North Cardinal St.
Dorchester Center, MA 02124
Because Satoshi’s wallet is a primary quantum target
Satoshi’s 1.1 million BTC wallet is increasingly seen as a potential quantum vulnerability as researchers assess how advancing computing power could affect early Bitcoin addresses.
Satoshi Nakamoto estimated 1.1 million Bitcoin (BTC) is often described as the last “lost treasure” of the crypto world. It sits on the blockchain like a dormant volcano, a digital ghost ship that has not seen an onchain transaction since its creation. This massive stash, worth about $67 billion-$124 billion at current market rates, has become the stuff of legend.
But for a growing number of cryptographers and physicists, it is also seen as a multimillion-dollar security risk. The threat is not a hack, a server breach or a lost password; is the emergence of a completely new form of calculation: quantum computing.
As quantum machines move from theoretical research labs to powerful working prototypes, they pose a potential threat to existing cryptographic systems. This includes the encryption that protects Satoshi’s coins, the wider Bitcoin network and part of the global financial infrastructure.
This is not a distant “what if”. The race to build a quantum computer is a quantum-resistant defense it is one of the most critical and well-funded technological endeavors of our time. Here’s what you need to know.
Because Satoshi’s first wallets are easy quantum targets
Most modern Bitcoin wallets hide the public key until a transaction takes place. Legacy Satoshi pay-to-public-key (P2PK) addresses are not, and their public keys are permanently exposed on-chain.
To understand the threat, it is important to recognize that not all Bitcoin addresses are created equal. The vulnerability is found in the type of address Satoshi used in 2009 and 2010.
Most Bitcoin today is held in pay-to-public-key-hash (P2PKH) addresses, which start with “1”, or in newer SegWit addresses that start with “bc1”. In these types of address, the blockchain does not store the entire public key when the coins are received; it only stores a hash of the public key, and the real public key is only revealed when the coins are spent.
Think of it as a bank drop box. The hash address is the mail slot; anyone can see and remove money in. The public key is the locked metal door behind the slot. No one can see the lock or its mechanism. The public key (the “lock”) is only revealed to the network the one time you decide to spend the coins, at which point your private key “unlocks”.
Satoshi coins, however, are stored in much older P2PK addresses. In this legacy format, there is no hash. The public key itself, the lock in our analogy, is visible and permanently recorded on the blockchain for all to see.
For a classic computer, this does not matter. It is still practically impossible to reverse-engineer a public key to find the corresponding private key. But for a quantum computer, that exposed public key is a detailed plan. It’s an open invitation to come and pick the lock.
How Shor’s algorithm allows quantum machines to break Bitcoin
The security of Bitcoin, Elliptic Curve Digital Signature Algorithm (ECDSA), relies on mathematics that is computationally infeasible for classic computers to reverse. Shor’s algorithm, if run on a sufficiently powerful quantum computer, is designed to break that math.
Bitcoin’s security model is built on ECDSA. Its strength comes from a one-way mathematical assumption. It is easy to multiply a private key by a point on a curve to derive a public key, but it is essentially impossible to take that public key and reverse the process to find the private key. This is known as Elliptic Curve Discrete Logarithm Problem.
A classic computer did not know how to “split” this operation. His only option is brute force, guessing every possible key. The number of possible keys is 2256, a number so vast that it exceeds the number of atoms in the known universe. This is why Bitcoin is safe from all classical supercomputers on Earth, now and in the future.
A quantum computer didn’t guess. It would calculate.
The tool for this is Shor’s algorithm, a theoretical process developed in 1994. powerful quantum computerThe algorithm can use the quantum superposition to find the mathematical models, especially the period, hidden in the problem of the elliptic curve. It can take an exposed public key and, in a matter of hours or days, reverse engineer it to find the unique private key that created it.
An attacker would not need to hack a server. They can simply pick the P2PK public keys exposed from the blockchain, feed them into a quantum machine, and wait for the private keys to be returned. Then they could sign a transaction and move the 1.1 million Satoshi coins.
do you know It is estimated that breaking the Bitcoin encryption would require a machine with approx 2,330 stable logic qubits. Because current qubits are noisy and error-prone, experts believe that a fault-tolerant system would need to combine more than 1 million physical qubits just to create those 2,330 stable ones.
How close are we to a Q-Day?
Companies like Rigetti and Quantinuum are racing to build a quantum computer relevant to cryptography, and the timeline is shrinking from decades to years.
“Q-Day” is the hypothetical moment when a quantum computer becomes capable of breaking current encryption. For years, it was considered a distant “10-20-year” problem, but that timeline is now rapidly shrinking.
The reason we need 1 million physical qubits to get 2,330 logical ones is quantum error correction. Qubits are incredibly fragile. They are noisy and sensitive even to slight vibrations, temperature changes or radiation, which can cause them to decohere and lose their quantum state, leading to errors in the calculation.
To do a complex calculation like breaking ECDSA, you need stable logic qubits. To create a single logical qubit, you may need to combine hundreds or even thousands of physical qubits into an error-correcting code. This is the top of the system to maintain stability.
We are in a rapidly accelerating quantum race.
-
Companies like Quantinuum, Rigetti and IonQ, along with tech giants like Google and IBM, are publicly pursuing aggressive quantum roadmaps.
-
Rigetti, for example, remains on track to reach a system of more than 1000 qubits by 2027.
-
This public progress does not count research classified at the state level. The first nation to reach Q-Day could theoretically hold a master key to global financial and intelligence data.
Defense, therefore, must be built and implemented before attack becomes possible.
Because millions of Bitcoins are exposed to quantum attacks
A 2025 Human Rights Foundation report found that 6.51 million BTC are in vulnerable addresses, with 1.72 million of it, including Satoshi’s, considered lost and immovable.
Satoshi’s wallet is the biggest prize, but it’s not the only one. One October 2025 report from the Human Rights Foundation analyzed the entire blockchain for quantum vulnerability.
The findings were startling:
-
6.51 million BTC is vulnerable to long-term quantum attacks.
-
This includes 1.72 million BTC in very early address types believed to be dormant or potentially lost, including Satoshi’s estimated 1.1 million BTC, many of which are in P2PK addresses.
-
Another 4.49 million BTC is vulnerable but could be secured by the migration, suggesting that their owners are likely still able to act.
This stash of 4.49 million BTC belongs to users who made a critical mistake: address reuse. They use modern P2PKH addresses, but after passing through them (which reveals the public key), they received new funds to that same address. This was a common practice in the early 2010s. By reusing the address, they permanently exposed their public key onchain, turning their modern wallet into a target as vulnerable as Satoshi.
If a hostile actor were the first to reach Q-Day, the simple act of moving Satoshi’s coins would serve as proof of a successful attack. It will instantly demonstrate that Bitcoin’s fundamental security has been breached, triggering market-wide panic, a bank of exchanges, and an existential crisis for the entire crypto ecosystem.
do you know A common tactic discussed it’s “collect now, decipher later.” Malicious actors are already recording encrypted data, such as internet traffic and blockchain public keys, with the intention of deciphering it years from now when they have a quantum computer.
How Bitcoin could switch to quantum-safe protection
The entire technological world is moving towards new quantum-resistant standards. For Bitcoin, this would require a major network upgrade, or fork, to a new algorithm.
The crypto community is not expecting this to happen. The solution is post-quantum cryptography (PQC)a new generation of encryption algorithms built on different and more complex mathematical problems that are believed to be secure against classical and quantum computers.
Instead of elliptic curves, many PQC algorithms rely on structures such as lattice-based cryptography. The US National Institute of Standards and Technology led this effort.
-
In August 2024, the National Institute of Standards and Technology published the first finalized PQC standards.
-
Key to this discussion is ML-DSA (Module-Lattice based Digital Signature Algorithm), part of the CRYSTALS-Dilithium standard.
-
The wider tech world has already adopted it. By the end of 2025, OpenSSH 10.0 had done a PQC algorithm is its default, and Cloudflare has reported that most of its web traffic is now protected by PQC.
For Bitcoin, the path forward would be a network-wide software update, almost certainly implemented as a soft fork. This update will introduce new quantum-resistant address types, such as the proposed “P2PQC” addresses. He was not forcing anyone to move. Instead, users will be able to voluntarily send their funds from older and vulnerable addresses, such as P2PKH or SegWit, to these new secure ones. This approach would be similar to how the SegWit update was launched.
