Former Mark Karpelès says the real quantum threat to Bitcoin isn’t what most people think — and it’s not about mining.
After Elon Musk asked Grok about quantum computers cracking Bitcoin’s SHA-256, the AI estimated the risk below 10% by 2035. But Karpelès argues SHA-256 isn’t the weak point.
The vulnerable layer is ECDSA (secp256k1) — the signature system that protects wallets. A powerful fault-tolerant quantum computer running Shor’s algorithm could theoretically derive private keys from exposed public keys, allowing attackers to forge signatures and steal funds.
The bigger issue? Migration.
Even if developers introduce post-quantum signatures via soft fork, every user would need to move coins to new quantum-safe addresses. That could take years — and 100% completion is practically impossible.
Early P2PK addresses and lost coins (including Satoshi-era holdings) are especially exposed because their public keys are already visible on-chain. Those coins can’t be manually upgraded.
Karpelès warns the network may eventually face a hard choice:
• Let quantum attackers claim vulnerable coins
• Or lock/burn them at protocol level
Either option challenges Bitcoin’s principles of immutability and property rights.
Bottom line: Quantum risk isn’t immediate — but the coordination problem could be the real nightmare.