7 million Bitcoins face a quantum threat! Coinbase report: Cold wallets of multiple exchanges are at risk

Coinbase Quantum Advisory Council Releases Report Revealing Approximately 7 Million Bitcoins Exposed to Quantum Attack Risks. This includes active funds in cold wallets of major exchanges, exposed due to old-format addresses and frequent address reuse by institutions.

The Coinbase Quantum Advisory Council released its latest report on June 11, indicating that about 7 million BTC are currently at risk of future quantum attacks, including holdings in cold wallets of major exchanges. According to Crypto Briefing, this is not an academic hypothesis but supported by concrete address data showing the distribution of holdings.

Unlike the common narrative of "Satoshi-era BTC exposure," the key point of this report is that most of the exposed BTC are not dormant historical holdings but active, ongoing funds, including exchange cold wallets. Chain News previously provided a comprehensive analysis series on quantum threats to Bitcoin, focusing here on new data points from Coinbase’s June 11 report.

7 Million BTC Exposed in Two Categories: 1.7M P2PK Old Addresses + 5M Address Reuse

The report divides the 7 million exposed BTC into two categories:

• P2PK Old Addresses: About 1.7 million BTC scattered across roughly 20,000 pay-to-public-key format addresses, where the public key itself is the address and fully visible on-chain. These addresses mostly originate from early Bitcoin outputs. Theoretically, once quantum computers can crack ECDSA, the public key can be directly derived into the private key.
• Address Reuse Exposure: Approximately 5 million BTC exposed due to address reuse. Data tracked by research group Project11 shows that most of this is active holdings in exchange cold wallets. The reason is that after sending BTC, the public key appears in the signature; reusing the address even for receiving exposes the public key on-chain.

Chain News previously reported on Bitcoin 2026 quantum threat sessions: institutional address reuse is more dangerous than Satoshi-era coins, a point that aligns completely with the core argument of this Coinbase report: institutional address reuse, due to high transaction frequency and large volume, requires immediate attention more than dormant Satoshi coins.

Risks Are Not Just Future: "Harvest Now, Decrypt Later" Attacks Have Already Begun

The most important message emphasized in the report is: even if there are currently no quantum computers capable of cracking ECDSA, the "collect now, decrypt later" attack strategy is already in operation. Attackers can store on-chain transaction data now and decrypt private keys once quantum hardware matures. For long-term holdings, this presents a "risk of accumulation from now," not just a concern for the future when quantum computers are available.

Chain News previously reported that Coinbase established a Quantum Computing Advisory Committee, which is the organizational background of this June 11 report. The committee emphasizes that "current quantum hardware cannot crack elliptic curve cryptography protecting Bitcoin wallets," but the harvest-now-decrypt-later approach changes the timeline, making the quantum threat no longer a distant, single-point event but a time-cost that is already being accumulated.

Coinbase’s Three Recommendations: Migration, Avoid Reuse, Set Freeze Periods

The report offers three specific suggestions for BTC holders and exchanges:

1. Migrate to post-quantum secure address formats: Current mainstream formats (including P2PKH, P2WPKH) are still based on ECDSA, which inherently carries risks. The industry needs to reach consensus on post-quantum signature schemes and gradually migrate.
2. Avoid address reuse: Using a new address for each transaction reduces the window of public key exposure; this is also a long-standing recommendation from Bitcoin Core and other wallet software, though not always strictly followed in practice.
3. Set migration deadlines and freeze mechanisms: The report suggests industry-wide setting of a migration cutoff date, after which addresses that have not migrated will be frozen under new protocols. This is a highly controversial proposal, as "mandatory freezing" conflicts with Bitcoin’s principle of "permissionless" operation.

The third recommendation is the most politically charged part of the entire report. Chain News previously reported that Cardano founder Hoskinson said Bitcoin’s quantum fix must involve a hard fork, reflecting community disagreement over "forced migration." Coinbase’s proposal of a freezing mechanism can be seen as a clear stance from institutions on the "risk of disorderly migration."

• This article is reprinted with permission from: 《Chain News》
• Original title: 《Coinbase Quantum Report: 7 Million BTC Exposed, Including Exchange Cold Wallets》
• Original author: Elponcrab