Coinbase Advisory Board Warns Quantum Computing Threatens Bitcoin, Ethereum Crypto

A new Coinbase advisory board report on quantum computing landed this week with a blunt message for Bitcoin and Ethereum holders: the threat is not science fiction anymore, and the industry has roughly a decade to rebuild the math that protects every wallet on chain. The 50-page paper, authored by independent cryptographers and academics, stops short of predicting a date. It does not need one. The authors argue the mere plausibility of a fault-tolerant quantum machine is already enough to justify moving now, not when the first keys start cracking. Call it the first serious adult conversation the largest U.S. exchange has had about a risk most of its users have never seriously priced in.

Inside the Coinbase Advisory Board Quantum Report

The paper was commissioned by Coinbase and written by an independent panel. The names matter. Dan Boneh from Stanford, Justin Drake from the Ethereum Foundation, and Sreeram Kannan from Eigen Labs sit on the Coinbase advisory board that produced it. These are not doomsday bloggers. They are some of the most cited cryptographers in the space, and they spent the document carefully avoiding the one thing quantum coverage usually falls into: hype.

Their core finding is simple. Today’s blockchains are still safe. The curve-based signatures that secure Bitcoin and Ethereum would require a quantum machine far beyond anything running in a lab in 2026. That is the easy part of the story. The harder part is what the authors say next: the build-out of such a machine is no longer a theoretical curiosity, and waiting for proof of threat before responding is the wrong strategy for a $3 trillion-plus asset class.

The report frames the situation less as a cliff and more as a deadline that moves. Estimates for when a cryptographically relevant quantum computer arrives range from “a few years to a decade or more.” Nobody knows. That uncertainty is the entire argument for acting now.

We have high confidence that a large-scale, fault-tolerant quantum computer will eventually be built. The timeline is uncertain but clearly on the horizon.

How Close Is Quantum Computing to Breaking Bitcoin?

Not close, but closer than most holders want to hear. Google researchers recently published estimates suggesting a sufficiently advanced quantum computing system could, in principle, break the elliptic-curve cryptography that guards every Bitcoin address where the public key is exposed. The qubit counts remain enormous. Engineering challenges, from error correction to stable coherence, remain unsolved at scale.

That does not make the threat abstract. The report singles out a specific class of vulnerability: Bitcoin wallets that have already broadcast their public keys on chain. Every time a user spends from an address, the public key goes public. A future quantum attacker with enough horsepower could, in theory, mine those exposed keys for private keys and drain the wallets. Addresses still hidden behind a hash, meaning never spent from, have a longer runway.

There is no clean split between “safe” and “doomed.” There is a gradient, and the gradient tilts against anyone sitting on dormant coins at a reused address. Satoshi’s early wallets are the textbook example. Most long-term holders are not far behind.

What Ethereum, Solana and Other Networks Are Doing

The larger ecosystems have already started work. The Ethereum Foundation is exploring new signature schemes specifically designed to survive a quantum attacker, with lattice-based and hash-based constructions among the leading candidates. The Solana research community has been publicly debating quantum-resistant wallet designs, and other chains are quietly doing the same.

None of this is cheap. Post-quantum signatures are larger, sometimes drastically so. Some candidate schemes produce signatures tens to hundreds of times the size of today’s ECDSA and Schnorr outputs. That is not a rounding error for a network that already fights over block space.

The advisory board puts numbers on the pain. In one estimate cited in the report, swapping today’s signatures for quantum-proof alternatives could inflate block sizes by up to 38 times. Throughput would drop. Fees would climb. User experience would take a hit before it improved. That is the trade the industry is being asked to plan for, and the authors do not pretend it is small.

• Ethereum: post-quantum signature research active, public roadmap at pq.ethereum.org
• Solana: publicly discussing quantum-resistant wallet formats and validator updates
• Bitcoin: no consensus yet on a migration path; exposed public keys remain the core risk
• Exchanges and custodians: wallet migration logistics are largely unsolved

The NIST 2035 Deadline and Why the Report Calls It Optimistic

Governments have been ahead of crypto on this. NIST finalized its first post-quantum cryptography standards in 2024 and has urged the private sector to complete migrations by 2035. The Coinbase paper treats that date as a ceiling, not a target, and suggests the industry may not even have that long.

The reason is logistical, not mathematical. Migrating cryptography on a blockchain is nothing like patching a server. It touches consensus rules, wallet software, signature libraries, hardware wallets, exchange hot and cold storage, and every piece of tooling that has ever touched a private key. Done badly, a migration could split a chain or strand user funds forever.

Then there is the sociological problem. Millions of wallets will never upgrade. Their owners are dead, have lost keys, or have simply forgotten about them. What happens to those coins once the underlying cryptography is obsolete? The report does not pretend to have an answer. It does flag the question, which is more honest than most of the industry has been on this topic.

Waiting for it to be urgent is not a good idea. Transitions across blockchains, wallets and exchanges could take years to execute safely.

Hybrid Cryptography and the Road to a Quantum-Safe Crypto Industry

The authors do not endorse a single fix. They recommend flexibility. That means hybrid systems, where current signatures run alongside post-quantum ones, giving networks a gradual path rather than a hard cutover. If one scheme fails, the other still protects the user. If post-quantum algorithms themselves turn out to have weaknesses, which has happened before, the fallback is still there.

The practical upshot for investors is worth stating plainly. Chains that take the threat seriously now, publish roadmaps, and fund the engineering will be the ones that survive a real quantum event without a crisis. Chains that drag their feet are betting that the hardware takes longer to arrive than their critics believe. It is a bet with an asymmetric downside.

For retail users, the actionable takeaway is smaller than the scale of the threat might suggest. Do not reuse addresses. Pay attention when your wallet provider ships a signature upgrade. Treat any chain that refuses to discuss this as a long-term credit risk on your portfolio, regardless of its current market cap.

The report closes with a line that reads like a warning and a to-do list at once. The time to begin preparing, the authors write, is now. Not when the headlines scream. Not when the first wallet gets cracked. Now.

This article is for informational purposes only and does not constitute investment advice. Every investment and trading decision involves risk. Readers should conduct their own research before making any financial decisions.