Saylor on Quarters and Bitcoin: Why Optimism May Ignore 1.7 Million Threatened Coins

Michael Saylor recently made a bold statement about Bitcoin’s future in the era of quantum computers, claiming that instead of breaking the network, quantum technology will strengthen it. However, the technical reality is much more complex than his optimistic vision, and a hidden scenario involves around 1.7 million BTC potentially at risk of being seized by attackers. What is a quantum, and why does this technology evoke so much excitement among security experts? The answer lies in Bitcoin’s cryptographic foundations.

What is a quantum, and why does it pose a threat to Bitcoin

Quantum computers represent a leap in computational power, but they are not all-powerful machines capable of destroying all cryptography. Quantum operates differently than traditional computers — it uses qubits, which can exist in multiple states simultaneously, not just 0 or 1. This fundamental property allows a quantum system to explore many computational paths at once.

Shor’s algorithm, known for factoring large numbers, poses a real threat to Bitcoin. It would target digital signatures rather than proof-of-work (where SHA-256 is relatively resistant). Bitcoin uses ECDSA and Schnorr schemes on secp256k1 for transaction authorization. If a fault-tolerant quantum computer reaches around 2,000–4,000 logical qubits, it could potentially derive private keys from on-chain public keys.

Key detail: current devices operate orders of magnitude below this threshold, meaning the cryptographic threat is at least a decade away. This time window is both an opportunity and a curse.

Quantum attacks on Bitcoin: which coins are truly at risk

Exposure to quantum is not uniform across the network. Vulnerability depends entirely on the type of address and whether the public key has already been revealed on-chain.

Early pay-to-public-key (P2PK) addresses place the raw public key directly on the blockchain from day one. These assets are immediate targets. Estimates suggest about 1.7 million BTC from the “Satoshi era” are in this format, many of which have been inactive for years.

Standard P2PKH and SegWit P2WPKH addresses are safer — they hide the public key behind a hashed value until the coins are spent. However, at the moment of transaction, the key becomes visible. Subtle risk exists in the mempool: when a transaction is waiting to be mined, a quantum attacker monitoring the network could quickly recover the key and race the transaction with higher fees.

Taproot (P2TR) outputs encode the public key from the start, so even unused UTXOs are vulnerable. Hundreds of thousands of BTC in this format are under continuous risk.

Chain analysis indicates that about 25% of all Bitcoin already have publicly revealed keys in their outputs. Coins labeled as “lost” are not necessarily frozen — they could become loot for the first attacker with suitable hardware.

Post-quantum migration: hidden costs and complexity in optimism

Saylor is correct that defensive standards already exist. NIST has approved ML-DSA (Dilithium), SLH-DSA (SPHINCS+), as FIPS 204 and 205, and FN-DSA (Falcon) is undergoing FIPS approval. These schemes could be integrated into Bitcoin via new output types or hybrid signatures.

However, what his narrative omits is the economic and political cost. Research indicates that a realistic migration would involve changing security parameters: vulnerability to quantum would decrease, but block capacity could drop by about half because post-quantum signatures are much larger. Transaction fees would rise, as each signature takes more space.

The main challenge is governance. Bitcoin has no central authority. A post-quantum soft fork would require overwhelming consensus among developers, miners, exchanges, and large holders — people who would need to act before the threat materializes. The latest analysis from A16z clearly shows that coordination and timing pose greater risks than cryptography itself.

Supply scenarios: from shrinking to chaos

Saylor’s claim that “supply will decrease” assumes an ideal transition. Reality could take three competing forms:

Shrinkage through abandonment: Coins in vulnerable outputs whose owners never migrate could be considered lost. This would be bullish for valuation.

Distortion through theft: Quantum attackers could drain exposed wallets in chaos. Initial losses might occur, followed by potential chain splits and social disputes over transaction legitimacy.

Panic ahead of physics: The mere perception of upcoming quantum capabilities could trigger sell-offs before the actual threat, causing a speculative price crash or community fragmentation.

None of these scenarios guarantees a clean reduction in circulating supply. They could also cause chaotic price swings, contentious forks, and waves of attacks on old wallets.

What math really says about Bitcoin’s security against quantum

Standards and development timelines are clear: quantum won’t break Bitcoin overnight. There is a window — perhaps a decade or more — for a thoughtful migration. Bitcoin can strengthen itself through new signatures, update vulnerable outputs, and improve security guarantees.

But much depends on political and managerial factors. Developers and large holders must act early, coordinate the transition, and avoid panic. The flow of about 20 million BTC in circulation provides flexibility, but only if governance is managed effectively.

Saylor’s confidence is a bet on coordination, not cryptography. Whether Bitcoin will strengthen or face crisis depends less on the timeline of quantum computers and more on whether the network can carry out costly, politically challenging upgrades before physics catches up. There is no simple answer — and that is exactly what Saylor might overlook, but every investor should understand.