Galaxy Warns Quantum Leap Could Expose 7M BTC, Developers Race to Deploy Protections

19-Mar-2026 Crypto Economy

TL;DR:

  • A Galaxy report reveals that approximately 7 million BTC, around $470 billion, remain vulnerable to future quantum attacks.
  • Exposed public keys on-chain, belonging to early users and those who reuse addresses, face the greatest risk.
  • Developers are working on solutions such as BIP 360, SPHINCS+ signatures and the “hourglass” mechanism to mitigate a potential quantum threat to Bitcoin.

The research firm Galaxy published a report updating the status of the quantum threat to Bitcoin and detailing the technical defenses that developers are actively building. Although the threat is not imminent, the document warns that a cryptographically relevant quantum computer (CRQC) running Shor’s algorithm could derive a user’s private key from their exposed public key, allowing an attacker to forge signatures and steal funds.

The report acknowledges criticism from some sectors of the industry toward Bitcoin Core developers for moving too slowly in the face of advancing quantum computing. Nevertheless, it argues that defensive strategies are already in active development.

Galaxy bitcoin

The Most Exposed Funds

Bitcoin’s architecture offers a natural defense for most users: public keys remain hidden behind hashed addresses until the exact moment the coins are spent. The problem lies with funds where that key has already been revealed on-chain.

According to estimates from the security group Project Eleven, approximately 7 million BTC, equivalent to around $470 billion at current prices, sit in wallets with already-exposed public keys. These funds belong primarily to early adopters and users who reused addresses, a practice that leaves the public key visible ahead of any future spending.

Galaxy Digital Raises $113 Million for Crypto Investment Fund and Plans 30 Investments

Galaxy: A Technical Arsenal Under Construction

The Galaxy report details four proposals advancing within the Bitcoin development pipeline. The first is BIP 360, also known as Pay-to-Merkle-Root, a soft fork proposal that introduces quantum-resistant P2MR outputs. The second is the “hourglass” proposal, designed to limit the spending rate of legacy P2PK outputs—for example, to 1 BTC per block—with the goal of preventing a supply shock that could collapse the market if a malicious actor gained mass access to those funds.

The other two initiatives are SPHINCS+, a hash-based post-quantum signature scheme recently standardized by NIST, and the “reveal emergency backstop” mechanism, which would require users to publish a compact hash commitment before broadcasting their actual spend, adding a layer of preventive protection.

The consensus emerging from the Galaxy report is clear: the risk exists, the oldest funds are the most exposed, and the tools to neutralize the threat are being forged before that threat materializes.

Also read: Amundi Launches $100M Tokenized Fund SAFO With Spiko
Next
Author's Name
telegram Telegram Twitter Twitter Linkedin Linkedin Instagram Instagram
About Author Lorem ipsum dolor sit amet, consectetur adipiscing elit. Nunc fermentum lectus eget interdum varius. Curabitur ut nibh vel velit cursus molestie. Cras sed sagittis erat. Nullam id ante hendrerit, lobortis justo ac, fermentum neque. Mauris egestas maximus tortor. Nunc non neque a quam sollicitudin facilisis. Maecenas posuere turpis arcu, vel tempor ipsum tincidunt ut.
Read More Articles by Author
WHAT'S YOUR OPINION?
Related News