Ark Invest Sees One-Third of Bitcoin Supply at Risk From Quantum Threat

On March 11, the white paper was released. It was coauthored by Unchained and Ark Invest. In the document, three analysts — Dhruv Bansal, Tom Honzik, and David Puell — spent the entire time arguing that while quantum computing poses a serious long-term threat to Bitcoin, there is currently no reason to be alarmed. That statement is accurate on both sides. Whichever part best suits the current storyline will be highlighted by the cryptocurrency press.

The real figure is 34.6%. According to Ark, the Bitcoin supply is in address types that could be subject to a future quantum attack. Due to address overuse, about 5 million BTC are thought to be migratable. P2PK addresses, the network's original transaction format that locked money directly to public keys, are said to have already lost almost 1.7 million BTC. In more recent P2TR Taproot addresses, some 200,000 BTC may also transfer. Satoshi Nakamoto owns one million of those coins. Those are not being moved by anyone.

Conversely, 65.4% of the Bitcoin supply is already stored in address formats that are resistant to quantum computing. By default, the majority is secure. The minority that isn't is 34.6%.

What Quantum Risk Actually Requires

The existence of a quantum computer is not a threat. The danger is that a 256-bit elliptic curve cryptography key can be cracked more quickly than Bitcoin's roughly ten-minute block interval by a cryptographically relevant quantum computer, or CRQC. There is currently no such capability. Not even near.

Five phases of quantum development are described by Ark. Experimental systems that are unable to outperform classical computers on significant challenges are covered in the early phases. Applications in chemistry, materials research, and drug development are brought about by middle stages; they are commercially beneficial but cryptographically unimportant. The ability to possibly attack Bitcoin's ECC only becomes feasible in later phases, and even then, breaking a key quicker than a block verifies is a different, more difficult barrier.

According to the balanced scenario, which Ark presents as consistent with mainstream institutional projections, Stage 3 quantum capability won't be available for ten to twenty years. The gloomy scenario is predicated on an unexpected breakthrough that takes developers by surprise. The optimistic one believes that quantum completely stalls. Because there are already several post-quantum cryptography solutions that may be implemented under duress, Ark contends that even the most dire scenario isn't existential.

The final point is crucial. There are the tools. The question is whether the Bitcoin community takes action before it is necessary or if it waits until pressure becomes unavoidable.

The Governance Problem Is Harder Than the Technical One

Here, Ark is cautious. The difficult element is not the technological solution.

Schemes for post-quantum cryptography are already being developed. SLH-DSA, which is hash-based, and ML-DSA, which is lattice-based, are two of the top contenders for future Bitcoin resistance. An ongoing proposal for quantum-safe network addresses is BIP-360. Quantum hardware is not as advanced as cryptography research. Ark makes that clear.

Consensus is what's lacking. Upgrades to Bitcoin necessitate coordination between developers, miners, node managers, and the larger community. Coordination is already difficult with a single-fork update. It is far more difficult to implement post-quantum cryptography across the decentralized consensus paradigm of Bitcoin while maintaining performance and compatibility than it is to write the algorithm.

Ark doesn't pretend that the larger governance issue has been solved. Regarding coins whose public keys are already visible on the chain, there is no agreement. The most obvious example is the P2PK addresses that contain 1.7 million likely-lost Bitcoin. Theoretically, such coins could be recovered by a quantum attacker who targets exposed public keys. Should they be preemptively migrated by the protocol? Limit them? Allow them to stay exposed? When it comes to Bitcoin's decentralized ownership concept, no one has a clear solution.

CoinShares Sees a Much Smaller Problem

There are other estimates in the room than Ark's.

In a different analysis released in February, CoinShares estimated that the truly market-relevant quantum risk was approximately 10,200 BTC, or 0.05% of supply. They contend that there are significant differences between theoretical and practical exposure. Until quantum hardware is generations ahead of its current state, the majority of the vulnerable supply is either lost, remains unaltered for years, or is located in addresses that won't be targeted.

There is a huge difference between CoinShares' 0.05% and Ark's 34.6%. It's not that one company is incorrect. They're measuring different things. Ark is using theoretical exposure to count different types of addresses. CoinShares counts coins with a realistic attack surface in the near future.

Supported in part by funds connected to BlackRock, PsiQuantum is constructing a facility that can hold one million physical qubits. The project is expected to be finished in 2027. It's not a CRQC. However, the Ark framework advises keeping an eye on this kind of hardware milestone.

Gradually. Observable. There are warning signals accessible.

The only real question is whether Bitcoin's governance advances more quickly than its hardware.