USDCoinbase paper says crypto is safe today from quantum computers
Advisory board warns preparation cannot wait
TL;DR
- Coinbase’s quantum advisory board said customer assets are safe today because a cryptographically relevant quantum computer does not yet exist.
- The paper said the main risk is to digital signatures and identified exposed Bitcoin holdings and proof-of-stake validator systems as key areas of concern.
- Coinbase and Chief Security Officer Phillip Martin said the industry should begin a post-quantum transition before the threat becomes urgent.
We’ve launched the all-new COIN360 Perp DEX, built for traders who move fast!
Trade 130+ assets with up to 100× leverage, enjoy instant order placement and low-slippage swaps, and earn USDC passive yield while climbing the leaderboard. Your trades deserve more than speed — they deserve mastery.
Coinbase’s Independent Advisory Board on Quantum Computing and Blockchain said in a position paper published April 21, 2026, that customer assets are safe today because a cryptographically relevant quantum computer does not yet exist, while warning that the crypto industry should begin preparing now for a future migration to quantum-resistant systems.
The board said it has “high confidence” that a sufficiently powerful quantum machine will eventually be built. Coinbase said, “The right time to prepare for a cryptographic transition is before it becomes urgent.” Phillip Martin, Coinbase’s chief security officer, made the same point more directly, saying, “Your crypto is safe today. But a quantum computer capable of threatening blockchain cryptography will eventually be built, and the industry needs to start preparing now, not when it’s urgent.”
The paper said the main threat is not to Bitcoin mining, hash functions, or the historical blockchain ledger, which it described as not meaningfully threatened under current understanding. Instead, it identified wallet-level cryptography as the main attack surface, particularly the digital signatures used to prove ownership and authorize transfers. It said about 6.9 million BTC are held in wallets where key information is publicly visible on-chain, and separately highlighted about 1.7 million BTC in old pay-to-public-key outputs, including early “Satoshi coins,” as a particularly visible abandoned-asset problem.
Proof-of-stake chains face extra migration challenges
The paper said proof-of-stake networks face a broader problem because validator signatures help secure consensus itself, meaning the issue is not limited to user wallets. It identified Ethereum’s BLS validator signatures and Solana’s Ed25519 validator and user signatures as examples of systems that may require changes. Ethereum was described as having a relatively clear migration path, including work on replacing BLS validator signatures, KZG commitments, and ECDSA wallet signatures with quantum-resistant alternatives. The paper said protection will be needed at both the consensus layer and the execution layer.
Coinbase’s advisory board said post-quantum cryptographic tools already exist and noted that NIST has standardized several quantum-resistant schemes. It also said deploying them across blockchain networks will be difficult because post-quantum signatures are much larger than classical ones, creating pressure on transaction throughput, storage, and cost. The paper said migration would require coordination among millions of users, wallets, exchanges, custodians, and hardware providers, and would likely take years rather than weeks.
The paper said the exact arrival date of a cryptographically relevant quantum computer is unknown, but pointed to at least a decade as likely while warning that a shorter timeline cannot be ruled out. It said U.S. government and NIST migration targets around 2035 should be treated as a reasonable deadline for completing transition work rather than as proof that a crypto-breaking quantum machine will only emerge then.
Chain readiness varied across the systems discussed in the paper. Solana was said to have created a Winternitz Vault using a hash-based signature scheme, though those signatures were described as roughly two orders of magnitude larger than ECDSA. Aptos was said to allow users to update authentication keys without moving assets to a new account. Algorand was described as already having production post-quantum work at the transaction layer while still relying on classical cryptography in parts of consensus. Sui was said to have outlined several strategies without choosing a final path.
Layer 2 systems were described as further along in planning. The paper said Optimism, Arbitrum, Base, and other networks had announced post-quantum plans, and noted that Optimism’s superchain plan includes a January 2036 “flag day” after which ECDSA signing keys would no longer control externally owned accounts, with control shifting to smart-contract wallets secured by post-quantum keys.
The paper also identified inactive and abandoned wallets as a major unresolved governance problem because chains may eventually need to revoke, constrain, or otherwise neutralize exposed assets rather than leave them open to future theft at scale. It said those decisions should be made sooner rather than later and communicated publicly because the uncertainty is already affecting markets and deterring investment. Among the Bitcoin-specific ideas it discussed was the “Hourglass” spending rule, which would cap spending of vulnerable pay-to-public-key outputs at 1 BTC per block.
The advisory board includes researchers from Stanford, the University of Texas at Austin, the Ethereum Foundation, Eigen Labs, Bar-Ilan University, UC Santa Barbara, and Coinbase. Members named in the paper and related coverage include Scott Aaronson, Dan Boneh, Justin Drake, Sreeram Kannan, Yehuda Lindell, and Dahlia Malkhi. The broader discussion around the paper followed a March Google research warning that a quantum system could theoretically crack a Bitcoin transaction in about nine minutes, but the paper’s final position was clear: no such machine exists today, immediate panic is not warranted, and preparation should begin now.
FAQ
Is crypto currently at risk from quantum computers?
No. Coinbase said customer assets are safe today because such a machine does not yet exist.
What is the main vulnerability identified?
Digital signatures used in wallets and validators, not mining or blockchain history.
How much Bitcoin is considered exposed?
About 6.9 million BTC, including 1.7 million BTC in old pay-to-public-key outputs.
When could the quantum threat become relevant?
The paper points to at least a decade, but says a shorter timeline cannot be ruled out.
This article has been refined and enhanced by ChatGPT.
