Coinbase's latest warning: The quantum risk of PoS chains exceeds that of Bitcoin

Writing by: Liu Jiao Lian

Recently, quantum computing FUD has come up again.

This time, the alarm was sounded by Coinbase, the largest compliant exchange in the US. On April 22, Coinbase’s independent advisory committee on quantum computing and blockchain released a report specifically pointing out that proof-of-stake (PoS) blockchains, such as Ethereum and Solana, may face greater quantum risks than Bitcoin[1].

What exactly did Coinbase say?

Let’s first look at the core content of this report.

Coinbase’s advisory committee pointed out that PoS chains face two main risks:

First, validator signatures. Ethereum uses BLS signatures, Solana uses ed25519 signatures. These signature mechanisms are the cornerstone of consensus in PoS chains. If future quantum computers become powerful enough to crack these signatures, attackers could forge validator identities, thereby threatening the security of the entire network.

Second, wallet signatures. Whether PoS or PoW, user wallets use digital signatures to prove ownership, which are also at risk of being cracked by quantum computers. The report specifically mentions that about 6.9 million Bitcoin are stored in addresses with exposed public keys, which are considered high risk.

But the report then emphasizes an important point: currently, quantum computers capable of cracking modern cryptographic signatures do not exist. Such machines would need to be vastly more powerful than current systems[1].

A Coinbase spokesperson explained more plainly: customer assets are still secure today, and the industry should not equate “not urgent” with “not important”[1].

Why are PoS chains more vulnerable?

In “Practical Guide to Preventing Quantum Computing Threats,” I explained that Bitcoin addresses fall into two types: one is P2PKH addresses (starting with 1), which store the hash of the public key; the other is P2PK addresses (starting with 04), which directly expose the public key. Only some very early old addresses are in this format[2].

Satoshi Nakamoto mentioned in 2010 that to make Bitcoin addresses shorter, they adopted the hash of the public key instead of the public key itself. As a result, the security of transactions paid to Bitcoin addresses depends only on the security of the hash[3].

Hash functions are naturally resistant to quantum attacks. Grover’s algorithm can reduce the difficulty of attacking a hash from 2^256 to 2^128, which is still an astronomical number.

But the situation is different for PoS chains.

Ethereum validators need to frequently use BLS signatures for consensus, and these signatures’ public keys are public. Solana’s case is similar; its ed25519 signatures also expose public keys. This means that once Shor’s algorithm becomes practical, these exposed public keys can be directly reversed to derive private keys, with no hash shell protection.

Worse, the consensus mechanism of PoS chains itself depends on these signatures. As Coinbase’s report states: the challenge for PoS chains is not just upgrading wallets; the core consensus mechanism itself may need to be redesigned[1].

What about Bitcoin’s PoW mechanism? Coinbase’s report also provides an assessment: theoretically, quantum computers running Grover’s algorithm could solve PoW puzzles faster, but under current PoW puzzle scales, running Grover’s algorithm would be more costly than its theoretical advantage[1].

In plain language, the threat of quantum computing to PoS chains is much higher than to Bitcoin mining.

Upgrade Path: The Unique Challenges of PoS Chains

Coinbase’s report also highlights a key issue: Ethereum developers are already taking action.

It notes that Ethereum co-founder Vitalik Buterin proposed a plan in February this year to replace BLS validator signatures, KZG commitments, and ECDSA wallet signatures with quantum-resistant alternatives[1].

That sounds promising, but the challenge lies in scale.

Coinbase’s advisory committee pointed out that quantum-resistant signatures are much larger than current signatures, which would impact transaction speed, storage costs, and network throughput. For a network like Ethereum, already facing scalability challenges, this is no small problem.

The report also raises a tricky question: what about wallets that will never upgrade? Lost keys, inactive accounts, abandoned wallets—if quantum attacks become feasible, these assets could be permanently exposed[1].

This issue is more severe on PoS chains than on Bitcoin. Bitcoin users can migrate their coins to new addresses, but on PoS chains, staked assets and validator nodes are tied to the network’s economic security and governance structure.

Bitcoin’s Preparedness and Advantages

The blockchain always emphasizes one point: Bitcoin is alive and can upgrade.

The Taproot upgrade at the end of 2021 has paved the way for future signature algorithm changes. The Bitcoin community has also been paying close attention to the latest developments in quantum-resistant algorithms.

Blockstream CEO Adam Back recently told Bloomberg: a cautious approach is to prepare Bitcoin for the possibility of migrating keys to quantum-resistant formats. The longer Bitcoin users take to migrate their keys, the safer they are[1].

Coinbase’s report also admits that Bitcoin’s core infrastructure—including mining processes, hash functions, and the historical ledger—is not believed to have any substantive vulnerabilities under current understanding[1].

This isn’t because Bitcoin has some magic, but because it was designed more conservatively from the start. Features like hash shell protection, address reuse avoidance, and decentralized governance make Bitcoin much more resilient to quantum threats than high-performance PoS chains.

The true value of Coinbase’s report is not to create panic but to alert the industry: quantum threats are real long-term risks that require planning, but there’s no need to panic.

The final paragraph of the report is very well said: a quantum computer with cryptographic relevance still needs to make significant breakthroughs from today’s systems, and upgrading wallets, exchanges, custodians, and decentralized networks is a multi-year effort. That’s why we are releasing this report now: to base discussions on science rather than hype, clarify what truly faces risks, and help the industry start making practical migration decisions early[1].

A16z Crypto also issued a similar judgment earlier this year: a fault-tolerant quantum computer capable of cracking secp256k1 or RSA-2048 is extremely unlikely to appear within five years[4].

The blockchain community’s stance has always been clear: stay alert but don’t panic.

PoS chains face bigger challenges than Bitcoin, that’s a fact. But that doesn’t mean disaster is imminent tomorrow. The industry has enough time to prepare, test, and upgrade.

After all, the greatest danger is never the threat itself but misjudging the threat—either overreacting with panic or ignoring it altogether.

References:

[1] Jason Nelson, “Coinbase Flags Proof-of-Stake Chains Like Ethereum, Solana as Potential Quantum Risks”, Decrypt, Apr 22, 2026

[2] Liu Jiao Lian, “Practical Guide to Preventing Quantum Computing Threats”, Dec 20, 2024

[3] Liu Jiao Lian, “History of Bitcoin”, 2023

[4] a16z crypto, “Quantum Computing and Blockchain: Separating Signal from Noise”, Jan 25, 2026