- Quantum computers, once advanced enough, could derive private keys from exposed Bitcoin addresses and steal funds.
- Over 1.1 million BTC worth roughly $75 billion in early wallets, including those linked to Satoshi Nakamoto, are most at risk.
- Paradigm researcher Dan Robinson proposed PACTs on May 1, 2026: a way for holders to silently prove wallet ownership today, before any quantum threat arrives.
- PACTs do not require you to move your coins or expose yourself, but they will need a future Bitcoin soft fork to fully activate.
The $75 Billion Problem Hiding in Bitcoin’s History
Bitcoin has survived hacks, exchange collapses, regulatory crackdowns, and multiple bear markets. But there is one threat it has never had to face in practice: a computer powerful enough to reverse its cryptography.
On May 1, 2026, Paradigm researcher Dan Robinson published a proposal that put this threat front and center. The target: over 1.1 million BTC sitting in old Bitcoin wallets with exposed public keys, worth over $75 billion at current prices. Many of these wallets are suspected to belong to Satoshi Nakamoto. None of the coins have moved in years.
The proposal is called PACTs, short for Provable Address-Control Timestamps. Understanding it requires understanding why Bitcoin addresses are vulnerable in the first place.
How Bitcoin’s Security Actually Works
Every Bitcoin wallet relies on a cryptographic system called ECDSA, the Elliptic Curve Digital Signature Algorithm. Here is the core mechanic:
- Your private key is a secret number only you know
- Your public key is mathematically derived from the private key
- Your wallet address is derived from the public key
The security assumption is that working backwards, from public key to private key, is computationally impossible on classical hardware. It would take longer than the age of the universe.
The problem is that this assumption does not hold for quantum computers.
Modern wallets are relatively safe because they never expose the public key until you make a transaction. But older wallets, especially those created before 2012, and any address that has sent a transaction, have exposed public keys sitting on the blockchain permanently.
That exposure is the attack surface.
Why Quantum Computers Change Everything
A sufficiently powerful quantum computer could run an algorithm called Shor’s algorithm to reverse the ECDSA math. Private key derived from public key. Funds stolen. No way to stop it.
To be clear: quantum computers capable of breaking Bitcoin’s encryption do not exist today. The consensus among researchers is that this threat is years, possibly a decade or more, away from being real. But the key word in that sentence is “away,” not “impossible.”
The threat is asymmetric. Once a cryptographically relevant quantum computer (CRQC) exists, it will not announce itself. Anyone who builds or controls it will have a window to potentially compromise exposed wallets at scale on the Bitcoin network before defenses are in place. That window is the problem Robinson is trying to close.
What PACTs Actually Propose
PACTs give Bitcoin holders a way to prove they controlled a wallet at a specific point in time, without moving any coins, without broadcasting anything to the network, and without requiring Bitcoin to change anything today.
The three-step process works like this:
- Generate a secret salt: a random value only you store
- Sign a BIP-322 message with your private key, combining it with the salt
- Timestamp the proof using OpenTimestamps, a service that anchors a hash of your data to the Bitcoin blockchain
You store these three files offline. Nothing is published. No one knows you did this.
If Bitcoin later adopts a soft fork to implement quantum-resistant STARK verification, a PACT holder could submit a zero-knowledge proof showing they knew the salt and controlled the address before a specific cutoff date. This would let them reclaim their coins, even if a quantum computer had already derived their private key.
The system is designed so that the underlying keys and salt remain hidden throughout the entire process.
What This Means for You as a BTC Holder
If you hold Bitcoin in a wallet where your public key has been exposed, meaning you have made at least one outgoing transaction from that address, your funds sit in the potential attack surface.
The risk today is essentially zero. But the honest question is: why wait?
The Limits of PACTs
Robinson explicitly acknowledged that PACTs are not a complete solution. They are an interim hedge against a specific future scenario.
Key constraints:
- PACTs only work if Bitcoin adopts STARK verification via a soft fork, which requires broad community consensus and years of development
- They cannot protect you retroactively if a CRQC drains your wallet before a freeze is implemented
- The proposal is still in early review stage, not a finalised Bitcoin Improvement Proposal
- Even with PACTs, the network still needs a longer-term migration to a quantum-resistant signature scheme
The proposal builds on draft BIP-361, which addresses quantum-vulnerable legacy addresses. Solana has already announced its Falcon upgrade for quantum resistance. The XRP Ledger is planning a similar quantum upgrade by 2028. Bitcoin’s approach is characteristically more conservative, prioritising community consensus over speed.
Why This Story Is Bigger Than Satoshi’s Coins
The Satoshi angle grabs headlines, but the deeper story is about what this debate signals for the crypto industry as a whole. Bitcoin has never had to move fast to address an existential security threat in real time. Quantum computing is the first credible long-horizon threat that requires preparation now, not after the fact. The fact that Paradigm, one of the most respected research firms in crypto, is publishing serious proposals on this topic in 2026 means the conversation has shifted from hypothetical to planning.
Disclaimer: Click Here to read the Disclaimer.
