ARK Invest Report: 35% of Bitcoin Supply Vulnerable to Quantum Computing

A new white paper from ARK Invest and Unchained estimates that roughly 35% of Bitcoin’s total supply sits in addresses that could be theoretically vulnerable to future quantum computing attacks.

That sounds alarming. But the 67-page analysis published March 12, 2026, argues the threat is distant and gradual, not imminent. The report maps a multi-stage timeline stretching years or decades, and points to Bitcoin Improvement Proposal 360 (BIP-360) as the first step in a coordinated defense strategy.

The 35% breakdown

The vulnerable supply falls into two categories, according to the ARK Invest and Unchained white paper:

~1.7 million BTC in Pay-to-Public-Key (P2PK) addresses. These early-format addresses permanently expose public keys on-chain, making them prime targets if quantum computers ever become powerful enough to reverse Bitcoin’s elliptic curve cryptography. Most of this supply is believed to be permanently lost, including roughly 1 million BTC attributed to Satoshi Nakamoto.

~5.2 million BTC in reused addresses and Taproot outputs. These could potentially be migrated to quantum-resistant formats before any meaningful threat emerges.

The remaining 65.4% of Bitcoin’s supply sits in modern address types that only reveal a hash of the public key until coins are spent, providing protection against long-exposure quantum attacks.

Why the threat isn’t imminent

Current quantum computers are nowhere near powerful enough to break Bitcoin’s 256-bit elliptic curve cryptography.

Here’s the gap: today’s systems operate in what researchers call the “Noisy Intermediate-Scale Quantum” (NISQ) era, typically using around 100 logical qubits. Breaking a 256-bit elliptic curve key would require approximately 2,330 logical qubits and millions of error-corrected physical qubits (estimates range from 12 to 15 million).

The ARK Invest white paper estimates that “within 10-20 years, the practical quantum computing research community will make enough progress on algorithms to give the Bitcoin developer community time to adapt,” though industry roadmaps from IBM, Google, Microsoft, Amazon, and Intel suggest potential breakthroughs in 2 to 5 years.

The report emphasizes that any quantum breakthrough powerful enough to threaten Bitcoin would disrupt broader internet security first. The same elliptic curve cryptography secures HTTPS, SSH, VPNs, digital signatures, and cryptocurrency wallets across all blockchain networks. A working CRQC would trigger coordinated government and industry responses long before Bitcoin becomes a primary target.

Gradual timeline, not “Q-day”

Rather than a sudden catastrophe, ARK Invest models quantum threats emerging in stages:

Stage 1: Quantum computers become useful in specialized fields like chemistry and materials science (already happening).

Stage 2: Quantum systems can break weaker cryptographic systems, but lack the power to attack Bitcoin’s 256-bit elliptic curve cryptography.

Stage 3: Cryptanalytically relevant quantum computers emerge that can break 256-bit keys. This is when vulnerable Bitcoin addresses face real risk.

Stage 4: Quantum computers can break keys faster than Bitcoin’s ~10-minute block interval, enabling attacks even on freshly spent addresses.

The white paper states: “In our view, within 10-20 years, the practical quantum computing research community will make enough progress on algorithms to give the Bitcoin developer community time to adapt.”

BIP-360: Bitcoin’s quantum defense

BIP-360, merged into Bitcoin’s improvement proposal repository in February 2026, introduces Pay-to-Merkle-Root (P2MR), a new address format designed as Bitcoin’s first step toward quantum resistance.

P2MR works nearly identically to Taproot addresses, with one critical difference: it removes the “key-path spend” option that allows users to spend directly with a signature against an exposed public key. By eliminating key-path spending, P2MR protects against long-exposure quantum attacks where an attacker has extended time to run quantum algorithms against publicly exposed keys.

This matters because Taproot addresses are critical infrastructure for Bitcoin scaling technologies including Lightning Network, BitVM, Ark protocol, and other Layer 2 solutions. BIP-360 ensures these technologies can continue evolving without quantum vulnerability.

What BIP-360 doesn’t do yet

BIP-360 is only the first step. Future proposals will need to introduce post-quantum signature schemes to protect against short-exposure attacks, consensus rule changes to activate P2MR support network-wide, and ecosystem-wide migration across wallets, hardware devices, and exchanges.

BIP-360 co-author and cryptographer Ethan Heilman told Decrypt: “Bitcoin isn’t just one piece of software. There’s an entire ecosystem of wallets, hardware devices, and exchanges, and migrating all of that will take time. There are still open questions about which algorithms to use and what the right approach is, so discussions about post-quantum upgrades could take five to 10 years.”

The Satoshi problem

Roughly 1 million BTC attributed to Satoshi Nakamoto sits in early P2PK addresses with exposed public keys. If Satoshi’s identity remains unknown or the creator is deceased, those coins cannot be migrated to quantum-safe wallets, potentially leaving nearly $70 billion (at current prices) permanently vulnerable.

This raises complex governance questions: Should the Bitcoin network consider freezing or invalidating provably lost coins to prevent quantum theft? The debate touches Bitcoin’s core values around immutability and censorship resistance.

What users can do now

The threat is years away, but basic hygiene helps:

Avoid address reuse. Never send funds to an address you’ve already spent from. Once you spend from an address and reveal the public key, that address becomes vulnerable if reused.

Use modern address formats. SegWit or Taproot addresses are safer than legacy formats.

Don’t panic. Bitcoin developers are actively preparing, and you’ll have years to migrate when quantum-resistant addresses become available.

When that happens, wallet software will need updates to support P2MR or future post-quantum formats, hardware wallets will require firmware updates, and exchanges will need infrastructure upgrades. The good news: we already know how to protect against quantum attacks. The hard part is coordinating migration across Bitcoin’s decentralized ecosystem.

Market context

The report comes amid heightened concern about quantum threats to crypto. In January 2026, Jefferies portfolio strategist Christopher Wood recommended dropping 10% Bitcoin allocation in favor of gold due to quantum concerns. Ethereum co-founder Vitalik Buterin has been mapping quantum upgrade paths for Ethereum. Cardano founder Charles Hoskinson warned that becoming post-quantum will require trade-offs.

Bitcoin was trading around $70,000 at the time of the report’s publication.

The white paper was co-authored by Dhruv Bansal (Co-founder and Chief Security Officer at Unchained), Tom Honzik (Director of Custody Research at Unchained), and David Puell (Research Trading Analyst and Associate Portfolio Manager for Digital Assets at ARK Invest).

---

• ARK Invest White Paper
• BIP-360 Specification
• CoinDesk Coverage
• Decrypt Analysis
• Elliptic on Shor’s Algorithm
• BeInCrypto on Satoshi’s BTC
• Ethereum Quantum Plans
• Cardano Trade-offs
• Jefferies Gold Swap

Data as of March 12, 2026.