Should the Bitcoins of Satoshi Nakamoto be erased?

The quantum computer will place a large dilemma. What to do with Bitcoins of Satoshi Nakamoto and other million BTC lost?

Bitcoin and quantum threat

The developer Bitcoin Agustin Cruz offers a hard fork which would force everyone to transfer his BTC to addresses resistant to quantum attacks.

Her BEEP suggests a compulsory migration period since current Bitcoin addresses (that is to say the addresses secured by ECDSA) to addresses resistant to quantum computers. After a certain date, the Bitcoins who have not moved will become irrecoverable.

Before tackling the philosophical and technical questions raised by this beep, let us marten that the quantum threat is not a fantasy.

For Microsoftthe quantum computer will be a reality by several “Years, not several decades”. Google and IBM also predict that the great technological breakthrough is closer than it is believed.

Scott Aaronsona researcher with 25 years of experience in the quantum field, recently sounded the alarm:

I was so far used to say that it may be necessary, possibly, to consider the need to migrate from elliptical curve cryptography to cryptographic systems plausibly resistant to a quantum attack. I think that today the message must be: yes, clearly, worry. Have a plan.

Scott Aaronson, 2024

Pierre-Luc Dallaire-Demers, researcher at the University of Calgary, believes that he “Stay for about five years before the quantum computer can break the keys with an elliptical curve that secure bitcoins.”

It is therefore time to revive the debate.

The dilemma …

Should you prevent Google or Microsoft from getting your hands on the bitcoins that will not have migrated to resistant addresses? That is to say the million bitcoins undermined by Satoshi Nakamoto and the other two million BTCs that are lost?

Jameson Lopp published on his blog A long paper to weigh the pros and cons. Cypherpunk is of the same opinion as Agustin Cruz and recommends destroying BTCs vulnerable to the quantum computer. Here is his last conference on the subject:

Pieter Wuillethe most capped Bitcoin developer (25 BIP) is on the same wavelength:

Of course bitcoins must be destroyed. If and when (and it is a big Si) the existence of a quantum computer capable of breaking cryptography becomes a credible threat, we will have no other option than to remove the ability to spend bitcoins secured by ECDSA cryptography. Otherwise, millions of BTCs become vulnerable to theft. I do not see how a currency can keep any value in such a context. And that affects everyone, even those who have moved their bitcoins to resistant addresses [car ce vol pourrait faire baisser le cours du bitcoin].

Pieter Wuille, 2025

Others, like the CEO of Tetherdo not seem to worry about it too much:

Resistant addresses will be added to Bitcoin before the quantum threat became serious. All living people (and having access to their wallets) will transfer their bitcoins to this new type of addresses. All lost bitcoins, including those of Satoshi (if he is no longer alive), will be hacked and put back into circulation.

Paolo Ardoino, 2025

Would Satoshi Nakamoto wanted Microsoft to put his hand on his Bitcoins? Unlikely.

Incentive

Some emphasize that destroying bitcoins would deny the foundations of the network. First of all: resistance to censorship. No one should be able to deprive others of their bitcoins. Not to mention the sacrosanct tradition consisting in changing the code via retrocompatible soft forks.

On the other hand, we would prevent several million bitcoins to fall into the hands of multinationals. Knowing that Microsoft recently refused to add Bitcoin to his cash.

Satoshi BTC weighs around $ 100 billion. Those who are suspected of being lost forever weigh 250 billion. It is a hell of a jackpot that Microsoft could pour out on the markets.

These 350 billion could even easily represent more than 2,000 billion when the quantum computer is really functional. It is more than Google's market capitalization.

Which leads us to another pillar of Bitcoin matrix: financial incentive. The limit of the 21 m of BTC is due to the fact that we are financially encouraged not to modify it. [C’est avec cet argument que Bitcoin Core a refusé de filtrer les ordinals, qui sont une source de revenus pour les mineurs].

In the same vein, we are all encouraged to get lost bitcoins, including those of Satoshi, never come back in circulation. Let Microsoft sell millions of BTC depleted all those who have bitcoins. Conversely, preventing Microsoft from accessing lost funds would not worsen the situation of anyone.

“Person”, or almost. Some heads in the air will lose feathers, but whether via a hard fork or by the quantum computer, the result will be the same.

At the heart of bitcoin cryptography

Now let's get to the heart of the cryptographic matter. Bitcoin is based on hash functions (SHA-256), but also asymmetrical cryptography. In the second case, we are also talking about “public key” cryptography. It is she who is at the heart of the mechanics of transactions and which would be at the mercy of a quantum computer.

The pairs of private/public keys to which BTCs are linked are built using the Elliptical Curve SECP256K1 (ECDSA). These are the keys that bitcoins are “hung” by a mathematical relationship supposedly incassiable.

Creating a wallet means generating key pairs that are used to make transactions (move bitcoins from one public key to another). We say in the jargon that we create a “utxo”, that is to say a small piece of code (a “script”). This script links a public key to a quantity of BTC (a figure). The principle is that only the corresponding private key can “unlock” the script in order to link the BTC to another public key, AKA makes a transaction.

Clearly, a wallet does not contain bitcoins strictly speaking. It simply hosts private keys used to unlock UTXO that all the nodes of the network keep in memory. And the fact is that the quantum computer could decipher a private key from a public key thanks to Shor algorithm.

Now that we have said that, it's about explaining what types of Bitcoin addresses are vulnerable. Not all in truth. The very old P2PK type addresses (Pay-to-Public-Key type) are mainly concerned. These addresses were simply the public key of the script.

Since then, things have changed. Public keys are no longer really public. They are offended by taking a tour by the SHA-256 hash function which is resistant to the quantum computer.

Yes, but …

How long ?

Yes, but public keys are publicly revealed at the time of transactions. In other words, if you spend part of a UTXO, the remaining BTCs become vulnerable. This is one of the reasons why you should never reuse the same addresses.

In short, everyone will sooner or later have to move their BTCs to new addresses. And this may take some time since the network transactions flow is limited.

Jameson LOPP estimates that the equivalent of six months of block space will take to shelter all BTC. Or even a month if you do not count microscopic UTXO (Dust UTXO).

Of course, this is the ideal scenario. The process will certainly take longer, if only because of the increase in transaction costs which will encourage some to push the deadline. All weighed, a four -year migration period seems necessary. After which the BTC always associated with old addresses will be lost forever.

In summary, if the moral dilemma posed by the violation of one of the inviolable properties of Bitcoin questions, the theory of the games and the financial incentives suggest that the choice will be made to prohibit the powers with quantum superiority to arm the lost BTC.

The debate is likely to be exciting. Do not miss our other article on the subject: Bitcoin and quantum threat.