Bitcoin Is Rising To The Quantum Challenge, Galaxy Report Says

Bitcoin’s quantum risk is real, but the network is not sleepwalking into it. That is the core conclusion of a March 19 research note from Galaxy Digital, which argues that while a sufficiently powerful quantum computer could one day threaten exposed Bitcoin wallets, developers are already doing substantial work on mitigation and migration.

Will Owens, a research analyst at Galaxy, frames the current debate as more polarized than the underlying facts justify. On one side are those who argue quantum computing is still decades away. On the other are those warning that the window may be far shorter and that Bitcoin needs to move now. Galaxy’s position sits between those camps: urgency is warranted, but so is perspective.

Bitcoin Is Getting Ready For The Quantum Threat

The report makes one point repeatedly. Not all bitcoin is equally exposed. Funds are only vulnerable when public keys are visible on-chain, which means the biggest long-term risk sits with legacy wallet formats, reused addresses, some exchange or custodian setups, and older outputs including coins believed to be tied to Satoshi Nakamoto. Citing analysis from Project Eleven, Galaxy says roughly 7 million BTC, worth about $470 billion at recent prices, may be vulnerable under a broad “long exposure” definition, though it notes other estimates come in lower depending on methodology.

That distinction matters because Bitcoin’s UTXO model still gives it structural protection that account-based chains do not. As Galaxy puts it, “In Bitcoin, public keys are typically revealed only when coins are spent, meaning a large share of the supply remains protected behind hashed addresses until transaction time.” The report adds: “This distinction does not eliminate risk for Bitcoin, but it does materially affect the scope and sequencing of exposure in a potential Q-day event.” In other words, Bitcoin has a narrower attack surface than many casual discussions imply.

Galaxy also pushes back hard on the idea that Bitcoin developers are ignoring the issue. Owens writes that recent social media criticism has overstated the gap between public perception and actual technical work. Ethan Heilman, one of the co-authors of BIP 360, said the proposal has received “more comments than any other BIP so far in history of BIPs,” according to the report.

It also cites two blunt remarks from active contributors: “Yes, developers are working on [quantum resistance]. I can point to many people working on this,” said Matt Corallo. Hunter Beast struck a similar tone: “We are working very hard on this very serious problem, and we think that it is the most serious concern that people have raised about Bitcoin.”

The technical path forward is beginning to take shape. Galaxy highlights BIP 360, or Pay-to-Merkle-Root, as the leading protective proposal. The design would remove Taproot’s always-visible key-path spend and create a more quantum-resilient output structure via soft fork, reducing long-exposure risk without forcing Bitcoin to immediately choose a final post-quantum signature standard.

From there, the conversation branches into harder territory. One layer is protection for future outputs. Another is mitigation for coins that are already exposed and may never migrate. That is where proposals like Hourglass enter the discussion. Rather than freezing vulnerable coins outright or allowing quantum-capable actors to sweep and dump them freely, Galaxy describes Hourglass as a “harm reduction” approach designed to limit the rate at which exposed coins could be extracted and sold during a quantum event.

The report also surveys fallback and emergency ideas, including hash-based signatures such as SLH-DSA, Tadge Dryja’s commit/reveal design for a worst-case early CRQC scenario, and seed phrase zero-knowledge proofs for recovery and authentication. None solves the entire problem alone. Together, though, they suggest Bitcoin’s response is becoming broader and more concrete.

Galaxy is careful not to understate the governance problem. Bitcoin upgrades remain slow by design, and the report points to the long timelines around SegWit and Taproot as reminders that even well-supported changes can take years. Still, Owens argues this threat is different. “There is no constituency,” he writes, “that benefits from Bitcoin being vulnerable to quantum attack.” That alignment of incentives may prove decisive if the risk becomes more immediate.

Overall, Galaxy’s message is straightforward: the threat is serious, the debate is no longer theoretical, and the work to prepare for it is already underway.

At press time, BTC traded at $70,360.

Bitcoin must break above the 1.0 Fib level, 1-week chart | Source: BTCUSDT on TradingView.com

Featured image created with DALL.E, chart from TradingView.com