Blockstream CEO Adam Back said Thursday that a future post-quantum migration of Bitcoin could help clarify how many coins linked to Satoshi Nakamoto remain accessible, because any owner wanting to protect vulnerable holdings would need to move them to a new address format.
Speaking at Paris Blockchain Week, Back said such a migration would likely give users ample time to move funds and argued that coins left unmoved after that process could reasonably be treated as lost.
“This migration to post-quantum address format may tell us how many of those coins [Satoshi] still has,” said Back, adding that the pseudonymous creator has an estimated 500,000 to 1 million Bitcoin (BTC).
Satoshi’s Bitcoin stash has ignited heated debate among Bitcoin holders concerned by the quantum computing threat. On Wednesday, Jameson Lopp and five co-authors published a Bitcoin Improvement Proposal aimed at restricting the future movement of coins held in quantum-vulnerable address formats, including older coins whose public keys have already been exposed.
Blockchain data platform Arkham estimates that Nakamoto-linked wallets hold 1.09 million Bitcoin, currently valued at $81.6 billion.
Related: Bernstein says Bitcoin market already priced in quantum risk
Back sees long runway on quantum
Back said Bitcoin developers and holders still have substantial time to prepare, arguing that a quantum breakthrough capable of threatening Bitcoin signatures is at least 20 years away.
He argued that today’s quantum computers are “less powerful than a $5 calculator” and that some of their issues become more pressing as these systems scale, such as their energy consumption.
Back said that runway should give developers and users ample time to develop a post-quantum path and migrate to a new quantum-resistant standard underpinned by hash-based signatures.
In December 2025, Back’s Blockstream Research released a paper proposing a hash-based signature scheme that offers a “promising path for securing Bitcoin in a post-quantum world,” as a quantum-safe replacement for the ECDSA and Schnorr signatures. Under the proposal, security would rely solely on hash function assumptions, similar to the ones currently used in Bitcoin’s network design.
The Elliptic Curve Digital Signature Algorithm (ECDSA) uses elliptic-curve cryptography to verify the authenticity and integrity of a message. Schnorr signatures are another signature scheme praised for enhancing privacy and reducing data size, due to their ability to combine multiple signatures into one.
Magazine: Bitcoin vs. the quantum computer threat — Timeline and solutions (2025–2035)
