Quantum computing could eventually break crypto wallets, and Coinbase says the fix must start now

In its report released on June 11, Coinbase’s Quantum Advisory Board (CQAB) urged blockchain developers and crypto holders to begin migrating toward quantum-resistant cryptography.

They warned that billions of dollars’ worth of cryptocurrencies stored in wallets can be stolen by quantum computers in the future when quantum computing technology reaches a sufficiently mature stage.

Major threat to blockchain security

This major threat is not to mining nor block production. As per the position paper issued by the Coinbase Board in April, Bitcoin’s proof-of-work scheme depends on hashing, which quantum algorithms can only slightly accelerate. The real threat comes from wallets because of the use of elliptical curves for digital signature generation.

According to the Project Eleven 2026 Quantum Threat Report, a quantum computer with an ability to run Shor’s algorithm could theoretically reverse engineer the private key from its publicly visible counterpart. Thus, any wallet containing its public key can be compromised in such a scenario.

The CQAB, which is composed of cryptographers and computer scientists from institutions such as Stanford, UT Austin, Bar-Ilan University, the Ethereum Foundation, Eigen Labs, and UC Santa Barbara, said that currently there are approximately 6.9 million Bitcoins held in wallets where the keys are publicly visible.

Among these, there are around 1.7 million Bitcoins stored in legacy P2PK addresses with keys made public for good. These legacy P2PK addresses, most likely belonging to early users of Bitcoin including Bitcoin’s pseudonymous creator Satoshi Nakamoto, have been described in the latest report of the CQAB on abandoned coins.

No quantum computer can do this today

The advisory board is clear on one point: the threat is not imminent. No existing quantum machine has the power to crack blockchain encryption. Google, IBM, and others have built systems with hundreds of physical qubits, but running Shor’s algorithm against real-world cryptographic keys would require a fault-tolerant machine orders of magnitude more capable.

The U.S. National Institute of Standards and Technology (NIST) recommended that companies finish implementing post-quantum cryptography (PQC) standards by 2035.

According to CQAB, the period mentioned could relate to the strategic perspective of the U.S. NIST rather than the moment in time when a dangerous machine appears. At the same time, shorter deadlines could not be excluded.

As reported by Google in February 2026, it has started working on its PQC back in 2016 and plans to complete its own PQC migration according to the recommendations provided by NIST.

Migration is the hard part

NIST has already developed various quantum-proof cryptographic algorithms, including the lattice-based and hash-based methods for digital signatures and key exchanges. The math is there. But implementing it in decentralized networks with millions of wallet owners is an altogether different challenge. Post-quantum signatures are substantially larger than current ones.

A Dilithium-3 public key runs about 1.9 KB and its signature about 3.3 KB, according to the Quantum Intelligence Network, compared to roughly 64 bytes each for today’s ECDSA signatures. That size difference translates directly into higher transaction costs, slower confirmation times, and greater storage demands.

Several major chains have begun moving. Ethereum has published a detailed migration roadmap. Solana, Algorand, and Aptos have started offering or planning quantum-resistant options.

Layer 2 networks including Optimism have announced transition plans with deadlines, according to a summary from University of California-Santa Barbara Computer Science Department, whose Professor Dahlia Malkhi sits on the Coinbase board.

Bitcoin’s community is exploring new address formats but has not committed to a full upgrade plan.

What happens to wallets that never migrate?

The board’s June 11 report zeroes in on this question. Lost keys, deceased holders, and forgotten accounts mean some wallets will never move to quantum-safe addresses. Each blockchain community faces a choice: freeze those assets after a deadline, leave them exposed to eventual theft, or find some middle ground.

Options the board outlined include rate-limiting how many vulnerable coins can move per block after a deadline, allowing special cryptographic proofs as substitutes for legacy signatures, and letting users pre-commit to migrations without publicly moving funds, according to the Coinbase blog post by Yehuda Lindell, who leads Coinbase’s cryptography team and co-authored the report.

The Coinbase quantum advisory board took no position on which approach is correct, calling it a governance decision for each community. But it was direct on two points: the engineering work to support post-quantum signatures should begin immediately and independently of the governance debate, and users need clear communication that the issue is being addressed.

Perhaps, this is an apt question for everyone: When will quantum computers be able to crack blockchain encryption?