Bitcoin Magazine
When Quantum Computers Come for Your Bitcoin: What Classical Property Law Says Happens Next
Bitcoin’s quantum debate keeps slipping sideways because people keep arguing about two different things at once.
One question is technical: if quantum computing gets good enough to break Bitcoin’s signature scheme, the protocol can respond. New address types, migration rules, soft forks, deprecations, key rotation. That is a real engineering problem, but it is still an engineering problem.
The other question is legal: suppose someone uses a quantum computer to derive the private key for an old wallet and sweep the coins. What, exactly, just happened? Did he recover abandoned property, or did he steal someone else’s bitcoin?
In April 2026, BIP-361 proposed freezing more than 6.5 million BTC sitting in quantum-vulnerable UTXOs, including an estimated million-plus coins associated with Satoshi. No longer just an abstract discussion, it’s now a live fight over ownership, confiscation, and the meaning of property inside a system that ultimately recognizes only control.
I am not taking a position here on when a quantum computer capable of attacking Bitcoin will arrive. The narrower question is the one that matters first: if it does arrive, and someone starts moving long-dormant coins with quantum-derived keys, does the law treat that as legitimate recovery or theft?
Classical property law gives a fairly blunt answer. It is theft.
That answer will frustrate some Bitcoiners, because Bitcoin itself does not enforce title in the way courts do. It enforces control. If you can produce the valid spend, the network accepts the spend. But that only sharpens the point. The harder the network leans on control, the more important it becomes to state clearly what the law would say about the underlying act.
And on that front, the law is not especially mysterious.
Old coins are not ownerless just because they are old.
The actual quantum risk
It helps to begin with the narrower, more realistic version of the threat. Not all bitcoin is equally exposed. In the ordinary case, an address does not reveal the public key until the owner spends. That matters because a quantum attacker cannot simply look at any untouched address on the chain and pluck out the private key.
The real risk sits in a more limited category of outputs. Early pay-to-public-key outputs reveal the full public key on-chain. Some older script constructions do the same. Taproot outputs do as well: a P2TR output commits directly to a 32-byte output key, not a hash of one. Address reuse can also expose the public key once a user spends and leaves funds behind under the same key material. Those are the coins people really mean when they talk about exposed bitcoin.
The timeline for this scenario has compressed. On March 31, 2026, Google Quantum AI published research showing Bitcoin’s secp256k1 curve could be broken with fewer than 500,000 physical qubits,