We’ve made this report freely available, adding our two sats to the ongoing Quantum Computing discourse for Bitcoin.

Please feel free to share, and we hope you find it a useful framework for thinking through the ‘freeze or not-to-freeze’ problem of Satoshi’s coins.

Share

G’day Folks,

The quantum debate pertaining to Bitcoin is in full swing, and in particular relating to the potential freezing of quantum vulnerable supply.

As I observe the debate, I have noticed one theme that just never seemed to match my intuition; that the hacking and sale of vulnerable coins would plunge Bitcoin prices into an impossibly deep, and possible fatal winter.

I’m calling bullshit on that claim.

A central theme of my analysis in late-2025 was the tremendously large spot sell-side pressure that the market absorbed last year. Folks leveled blame at market manipulation, Jane Street, and quantum fears, but I just saw billions of dollars a day of revived supply coming from HODLers.

Quantum bulls often quote the 6.9M vulnerable coins as being a sword of Damocles that threatens to kill Bitcoin should a CRQC ever come to market. As with most things, there is a tonne of lost nuance, and the devil is absolutely in the details.

As an engineer by trade, a big part of my process is breaking down complex problems into bite sized chunks. I also feel like I have a somewhat unique lens into the Bitcoin market given my years studying the UTXO set via onchain data.

In today’s piece, I am going to present a case for why the fear-factor pertaining to the sale of quantum vulnerable coins is unlikely to be anywhere near as severe as many claim.

I will also present an idea for further analysis of re-used addresses which is best picked up by data firms with comprehensive exchange, custodian, and entity labels.

This report builds upon my first QC write up One Day, Satoshi’s Coins Will Move, which will be a valuable primer for this one.

Disclaimer: This article is general in nature, and is for informational, and entertainment purposes only, and it shall not be relied upon for any investment or financial decisions.

TL;DR

• Today, I’m returning to the quantum computing debate, and this time focusing on quantifying how much of a risk the vulnerable coins are to the market.

• There are approximately 6.9M BTC which are technically vulnerable to a cryptographically relevant quantum computer (CRQC). 1.7M are Satoshi Era P2PK coins, 214k are modern Taproot coins, and ~5M are those held in re-used addresses.

• Specifically related to the re-used addresses, I am very confident we can heavily handicap this 5M BTC, as a great majority of these are managed by custodians and exchanges. These entities are highly likely to be aware of the QC risk, and will upgrade accordingly.

• The Taproot coins are modern, and thus the odds the owner is alive is very high. They are also disproportionately associated with inscriptions, and if a QC attacker wants to steal 10k sats and a monkey JPEG…good luck to them.

• The real risk are the 1.716M Satoshi Era P2PK coins, which many liken to a sunken galleon full of gold, there for the taking if the lock can be pried open.

• Assume the full 1.7M BTC is stolen and sold. When we compare this against a variety of sell-side metrics, such as revived supply, URPD supply changes, Exchange flows, and trade volumes, we get a very consistent result.

• The full 1.716M P2PK coins are equivalent to around 60-90-days of sell-side (and thus demand) we see in a Bitcoin bull market, but also in late stage bears around the capitulation event.

• In other words, HODLers routinely absorb this kind of sell-side, and especially when we remove the conservatism I build into this analysis, the picture becomes much less scary than the headline number.

• There is no doubt that a QC attacker selling all the P2PK coins would negatively impact the price. It probably creates a bear market. However, where will, I push back strongly, is it is nowhere near the ‘end-of-days’ fatal sell-side many quantum bulls in the debate seem to claim.

• I close with some thoughts on the Hourglass compromise, where miners can only include one P2PK coin per block. I find this to be a very fair middle ground, which respects the current spending frequency of P2PK coins, and has their migration timeline nearly identical to the rest of us at ~270-days.

In the conclusion, I also ask a more philosophical question; would the Satoshi entity really prefer to hoard their coins? Or would they rather them be distributed globally, and give people like you and I ownership instead.

If a group of physicists and VCs really want to spend tens of billions to market sell Satoshi’s coins, you will find me on the other side of that, staying humble, and stacking Satoshi’s sats.

Watch Full Video

Setting the Scene

This piece is not intended to opine on the probability of a cryptographically relevant quantum computer (CRQC) coming to market. I am also no physicist, and at this stage, the best I can do is read the research papers, and test them against various LLMs to better understand the problem and risk.

My general opinion on the subject is as follows:

• It is clear the theoretical capabilities and resource requirements for a CRQC which can run Shor’s algorithm are coming down. The ‘on-paper’ ability of QCs to crack Bitcoin’s elliptic curve based signature scheme suggests a shortening timeline.

• There is considerably less acceleration in scaling the physical hardware space. Different quantum labs are using a variety of architectures, and there is little evidence of scaling quantum computers in production which are remotely close to the capabilities of running Shor’s algorithm for an attack on Bitcoin.

• Nevertheless, there is sufficient evidence of progress in the quantum industry, and I am unable to handicap the probability of a CRQC enough, to not take the risk seriously.

• I am of the view Bitcoiners should be supportive of the debate, development, and preparation of a (set of) credible post-quantum solution(s).

Having a plan and not needing it, is a hell of a lot better than needing a plan and not having one.

Now, the specific topic I want to address in this piece is about the risk of sold supply.

The central reason I want to address this is I have seen claims in the debate which just feel extraordinarily hand-wavy to me, and I believe are based on incomplete premises. To paraphrase some of the claims I take issue with:

• ‘There are 6.9M BTC vulnerable coins that a quantum computer will steal!.

• ‘We simply must freeze vulnerable coins, because the sale of them will destroy the price, and then everyone will be rekt’.

• ‘BlackRock and Saylor will want to freeze the coins, and they have so many coins it would overwhelm the demand for the other side of any fork’.

Let me present a case for why these statements are all hyperbolic overestimates of the reality as I see it.

Breaking Down The Problem

We can generally break down quantum vulnerable supply into three main categories, based on WHY their public key is exposed:

• Vulnerable Script Types: This includes the Satoshi era P2PK, and Taproot P2TR address types, which expose the public key by default.

• Re-used Addresses: Irrespective of what address type is used, whenever you spend coins from it, the public key is necessarily exposed for verification purposes. Thus, any coins held in an address which has spent in the past, is QC vulnerable.

• Coins In Flight: The last two categories are long-range attacks, where the public key is exposed onchain, and a QC can take all the time they want to crack it. However, every coin is theoretically vulnerable whilst it is in the mempool waiting to be confirmed, called a short-range attack.

This report will only be evaluating the first, and second categories.

I have recommendations at the end for future work pertaining to the second category, which is best carried out by a data company with access to a comprehensive database of entity labels. The third category can only be solved by the development of post-quantum signing schemes, and is well outside my pay-grade.

Bitcoin Research Kit has recently rolled out a set of metrics which measure the total volume of supply which is deemed vulnerable to a CRQC. We can start to bound how many vulnerable coins we’re talking about:

• 🔴 Satoshi Era P2PK 1.716M BTC. These coins are assumed to be lost, and are mostly held in 50 BTC coinbase block reward transactions from the first epoch.

• 🟣 Taproot P2TR: 214k BTC. Taproot addresses are disproportionately used for inscriptions, and thus have a large address count (4.83M), but a relatively small supply balance (214k BTC).

• 🟠 Re-used addresses: 4.996M BTC. This is the largest supply honey-pot, however it also encompasses many large entities like exchanges, ETFs, and custodians.

In total, a whopping 6.934M BTC have an exposed public key, and are thus vulnerable to a long-range quantum attack.

However, there is nuance required to constrain this problem.

• I do not believe a quantum computer is being developed to steal monkey JPEGs held in a Taproot inscription, nor the 10k sats attached to them.

• Taproot is a relatively new protocol, and thus its owners are likely to be alive and capable of upgrading. BIP-360 even proposes to fix the default Taproot vulnerability.

• Re-using addresses is a very common practice for exchanges. Most readers will have deposited funds to the same Bitcoin address at Binance or Coinbase because the user experience is deemed better. Exchanges also often re-use addresses for their hot and cold wallet infrastructure.

• Given their business depends on NOT losing coins, I am quite confident that Binance and Coinbase are well aware of the quantum risk, and will have engineering teams already heads down developing solutions for it.

• For the remaining re-used addresses held by individuals, a great number of them will be alive, and thus capable of upgrading to any post-quantum scheme as it arises.

As a result, the scary headline number of 6.934M vulnerable coins is a theoretical upper bound, however any honest analysis should attempt to handicap it to a much lower one.

Exchanges and custodians have a duty to protect clients’ funds, living Bitcoiners don’t want to be rugged, and quantum computers are not going after 10k-sat inscriptions.

Further Re-used Address Analysis

As a quick aside, I’d like to present a call-to-action for any onchain data providers, especially those with a comprehensive database of labelled entities.

There is tremendous value in performing a deeper breakdown and risk assessment of the 4.996M BTC held in re-used addresses:

• How many are held by labelled entities? These are low risk coins, as the centralised owner is highly motivated and capable of upgrading to post-quantum when solutions are ready.

• Of the non-entity re-used address supply (assumed individuals), what is the ‘activity’ breakdown of those coins?

  • If they are routinely spending their coins, then the entity is alive, and likely to upgrade.

  • If they have been dormant for several years, they are likely at a higher risk of being lost, and thus quantum vulnerable.

• Of the re-used, non-entity AND dormant supply, what is the wallet size breakdown of this subset? It would be highly unlikely for an expensive quantum computer to go hunting for $100 slugs, let alone the legal issues if they steal coins from someone who was just unaware and HODLing them.

Based on my very crude estimate from One Day, Satoshi’s Coins Will Move, I found that just 2% of the top 1000 Bitcoin rich list supply was in this high risk ‘re-used and dormant’ category.

My expectation is that the amount we will handicap the headline vulnerable coin volume by will be quite substantial.

Selling Satoshi’s Coins

Based on my analysis reasoning to date, I am fairly convinced that the primary target supply for a CRQC is the pool of 1.716M Satoshi Era P2PK coins.

• They are highly likely to be lost coins, which some have likened to gold treasure held within a difficult to reach sunken Galleon.

• Given they are likely lost, the odds of a legal dispute in the event they actually steal a living person’s coins is much lower.

For the sake of discussion, let’s assume that the quantum critics are correct, and all 1.716M P2PK coins are stolen, and sold by the attacker.

The question is, how capable is the Bitcoin market of absorbing such an event?

Naturally, it also matters whether the P2PK coins are cracked one by one, or all at once. I have heard quantum bulls claim the latter, so let’s give them the benefit of the doubt and assume the first CRQC is so good, it can just crack them all sequentially over a short period of time.

Satoshi vs Revived Supply

One of my preferred metrics for mapping the sell-side supply for Bitcoin is via revived supply. This metric is the daily volume of coins that were held for at least 6-months, but are being spent and ‘revived’ that day.

There are many reasons supply is revived:

• Investors move to a new custody setup.

• Exchanges rotate hot and cold wallets.

• People send their coins to an exchange for sale.

We can see in the chart below that ~10k BTC per day is a very typical baseline value, even in the depths of a bear market, when HODLers are selling the least.

Assume this 10k/day baseline is all the day-to-day noise of non sales.

Notice how the spot price stops going up in a bull whenever revived supply spikes above 20k to 30k BTC/day? That’s because it directly maps to HODLers taking profit in a bull market.

If we assume the P2PK coins are stolen in (or discretely held until) a bull market offers favourable pricing, it would take somewhere between 60 and 90-days of typical bull market demand to absorb.

Now a fair analysis would assume these coins are sold ON TOP of all the other HODLers who are selling, but this gives us an idea of the demand profile required.

We should also note, that revived supply of 6mth old coins usually only accounts for around half of the estimated sell-side activity. The other half comes from Short-Term Holders who swing trade within that 6-month window.

In other words, in a proper bull market, Bitcoin routinely handles at least 10k to 20k BTC worth of profit taking from HODLers.

The next chart takes this ~90-day figure, and computes the 90-day sum of revived supply for different age bands. Think of these as the waves of quarterly sell-side, which are shown to occur both in bulls, and in late stage bears (capitulations).

When we compare Bitcoin’s quarterly supply absorption, in both good and bad times, we can see that market selling all 1.716M P2PK coins would be equivalent to one quarter of peak bull demand.

The capitulation events in 2018 and 2026 are also interesting, as they show how an equivalent volume of sell-side occurs out of fear, and not only greed.

For the critics who think Bitcoin would go to zero under the pressure of the P2PK coins being sold, I’d like to float the idea that similar sell-side isn’t all that uncommon, and Bitcoin hasn’t gone to zero under those loads so far.

Satoshi vs URPD

Another lens we can frame up how ‘large’ the P2PK coin haul would be, is to compare it to how many coins rotate to a new onchain cost basis day-to-day.

The chart below shows the supply difference over a 90-day period. red bars show how many coins have been spent from that onchain cost basis, and green bars are where they have been moved to.

For folks who are not regular subscribers, let me preface this chart with a few insights that I cover regularly:

• We’re currently in a bear market, and since late-Nov-2025, revived supply, and profit taking has dropped off a cliff. You can see this by how small the red bars are on the left third of the chart. Very few people holding coins with a cost basis below $60k have moved them over the last 90-days (despite all the bearish headlines and news flow).

• Over 86% of the coins which have moved, are those locking in large losses, concentrated around $85k and above $100k. This is a story we often see in bears, where top buyers are progressively washed out of their positions.

All of this is to setup the idea, that a majority of those red bars are from top buyers crystallising their losses. In turn, the green bars reflect the buyers, who are those crazy HODLers buying Bitcoin when it is down -50% from the ATH.

That green blob of demand sums to 2.24M BTC, and that is just over the last 90-days. The context of that green blob is top buyers selling to HODLers who were unshaken by the Iran war, quantum fears, and Jane Street selling at 10am.

Here is another lens showing the supply broken down into Short-Term (red) and Long-Term (blue) Holders.

Since the sell-off down to $60k on 5-Feb-2026, over 2.3M BTC have capitulated losses, and transferred to a new set of buyers between $60k and $80k.

In a bear market, 1.36x the P2PK haul has been absorbed by the market during the depths of a bear market.

Bitcoin can actually take quite the punch, it seems.

Let’s plot the size of that green blob over different time windows, and compare it to the 1.716M P2PK coins.

• 🔴 Every 7-days, ~400k BTC change cost basis onchain.

• 🟠 Every 30-days, ~1.4M BTC change cost basis onchain.

• 🟡 Every 90-days, ~2.3M BTC change cost basis onchain.

It is very true, that not every coin moving onchain is explicitly sold.

It is also true, that a lot of them are.

Handicap these numbers by a factor of 2x, or even 5x and we are still talking about a Bitcoin market that routinely sees hundreds of thousands to millions of coins changing hands on a quarterly basis.

Let’s compare the P2PK coins to actual exchange deposit volumes.

• 🔴 Every 30-days, ~850k BTC are deposited to exchanges.

• 🟠 Every 60-days, ~1.8M BTC are deposited to exchanges.

• 🟡 Every 90-days, ~2.7M BTC are deposited to exchanges.

Once again, we have an equivalent sell-pressure measured in 1-3 months, not years.

As a final sense check, let’s compare the P2PK coins to the daily trade volume Bitcoin markets experience. I know trade volume isn’t a perfect measure, since it reflects bi-directional buyers and sellers, whereas the quantum attacker is going to be a seller only. However, I think it can still provide a sanity check benchmark, and at least an appreciation of how deep and liquid Bitcoin markets actually are.

The equivalent of 1.716M BTC is traded over X-days in the following markets:

• Futures: every 2-3 days.

• Spot: every 10 to 20-days.

• Options: every 20 to 40-days.

• ETFs: every 25 to 60-days.

Across all of these relative metrics, we get a fairly consistent story, that the sale of every P2PK coin would be equivalent to around a full quarter of typical selling we see in a bull market (or during a bear market capitulation event).

There is no doubt that an additional 1.716M BTC market sold will have an appreciable and depressing force on the price.

However, I find it difficult to support any claim that such sell-side pressure is unprecedented, fatal, and so tremendously large that we MUST freeze the coins.

The Bitcoin market has, and arguably routinely does chew through as much supply as the P2PK coins hold. In reality, a quantum attacker is far more likely to hack and then sell them periodically, and even use derivatives to hedge their market risk.

Humble HODLers can, and routinely do provide more than this volume of demand support over relatively short periods of time, and it is measured in single digit months, not years.

The Hourglass Approach

As part of the BIP-360 discussion, it has been proposed that instead of freezing P2PK coins, we could install an ‘hourglass’ approach, where no more than one P2PK output could be mined per block.

There are approximately 38k P2PK outputs, which if mined once per block, would take approximately 264-days to fully exhaust.

As I covered in One Day, Satoshi’s Coins Will Move, this time-frame is approximately equivalent to the time it would optimistically take for the rest of the Bitcoin world to migrate their coins to a post-quantum secure system.

• We have seen only a few hundred P2PK coins moved since 2023. The hourglass does not disrupt their current spending behaviour at all.

• The time it would take to rotate all P2PK if they were not lost is no different to the time it will take you and I to rotate ours given network congestion. P2PK holders are not disadvantaged in any way on a block inclusion basis.

• The sell-side pressure of 50BTC per block will be handled by the market, in my opinion. I cannot see a world where this would be any different in impact to a classic bear market, none of which were fatal.

It is my opinion, that the hourglass approach is more than sufficient as a compromise between the ‘freeze’ and ‘law of the jungle’ camps in this debate.

Concluding Thoughts

I find the quantum debate fascinating, as it is a test of Bitcoin governance, and asks a deeper question of Bitcoin principles.

‘to freeze, or not to freeze’.

We have so much data available around how Bitcoin is held and spent onchain, and yet I see so few people building robust arguments around this evidence.

• Yes, re-used addresses are quantum vulnerable. So let’s quantify how many of them are exchanges, custodians, and active participants, and isolate the high risk portion of inactive supply.

• Yes, Taproot is quantum vulnerable. It is also new and mostly holds a few thousand sats. The owners will upgrade if they choose to, and if a quantum attacker wants to steal monkey JPEG inscriptions…have at it!

• Yes, the 1.716M BTC held in P2PK addresses are quantum vulnerable, and indeed the most likely targets. However, 1.716M BTC is not even close to a fatal volume of sell-side, especially once you factor in the reality that it is unlikely an attacker hacks them all in one go. It will take time, and the process is expensive to run.

To the folks who claim we MUST freeze the coins because of the sell-side, I’d encourage you to put some numbers to your claims.

Instead, the actual thrust of this debate is around the principles of what Bitcoin is.

• Do we protect Bitcoin’s upholding of property rights?

• Do we steal freeze the coins as we’re worried someone else will steal them?

• Do we assume the original owners of lost coins would rather them stay lost?

• Do we believe the Satoshi entity would rather hoard them, or distribute them?

I actually find that last question very intriguing.

I own Bitcoin because someone sold it to me.

I weathered bear markets, and that helped me appreciate what I own.

I’ve navigated several downturns, and each one helped me refine my thinking.

Bitcoin only works if it is widely distributed.

Would Satoshi rather hold 1.1M BTC so nobody else can?

Or would they rather more people own it, such that the Bitcoin project can flourish.

We are all Satoshi.

And if the physicists and VCs who want to spend tens of billions of dollars just to steal those coins choose to sell them, who is the actual loser of that transaction?

I’ll be staying humble, and stacking sats.

Thanks for reading,

James