Coinbase 展望 2026：量子威脅未至，比特幣雙軌應對策略已成形

Coinbase states in the 2026 Market Outlook report that quantum computing is expected to have a positive impact on fields such as medical research and climate modeling in the future, but it will also pose challenges to existing cryptographic systems. Recently, investors’ concerns about related risks have significantly increased. BlackRock has identified quantum computing as a potential long-term risk factor, and regulatory agencies in the US and EU are also requiring critical infrastructure to complete the transition to post-quantum cryptography by 2035 at the latest. Overall, quantum threats have not yet materialized, but proactive policy and market-level preparations have officially begun.

Risk Node Q-day, the Critical Point When Quantum Computers Truly Become a Threat

Coinbase defines the true risk node as “Q-day,” the day when quantum computers with the ability to break encryption (CRQCs) officially appear. In this scenario, quantum computers may run two key algorithms:

Shor’s Algorithm: Potentially cracks the ECDSA digital signatures currently used by Bitcoin.

Grover’s Algorithm: May weaken the security margin of SHA-256, affecting mining and proof-of-work.

Therefore, quantum computers pose two different levels of threats to Bitcoin:

Potentially cracking private keys and directly stealing funds.

Theoretically improving mining efficiency but disrupting the overall economic and security models.

However, Coinbase explicitly states that, at present, “quantum mining” remains a low-priority risk. The real issue that needs to be addressed is the migration of signature systems.

Which Bitcoins Are Actually Exposed to Quantum Attacks?

According to Coinbase, as of block height 900,000, approximately 65 million Bitcoins, about 32.7% of the total supply, could theoretically be exposed to “long-term quantum attack” risks. These risks mainly stem from two reasons:

Address reuse: Leading to public keys being exposed on-chain.

Specific script types: Which directly reveal public keys.

Involved address types include:

Pay-to-Public-Key (P2PK)

Bare multisig (P2MS)

Taproot (P2TR)

And some early P2PK outputs from the Satoshi era.

Additionally, Coinbase points out that all Bitcoins face short-term risks at the moment of spending because public keys are temporarily exposed when transactions enter the mempool (Mempool), which could theoretically be targeted by pre-attack strategies.

(Note: Mempool refers to the temporary storage area for unconfirmed transactions. When a user broadcasts a transaction, it is first propagated among nodes and spreads across the network, temporarily residing in the mempool, waiting for miners to select and include it in a block.)

Risk Trend Observation: The Number of Vulnerable Bitcoins Continues to Rise

Coinbase’s charts show that as block height advances, the number of Bitcoins categorized as “quantum risk medium” continues to increase. The primary risk comes from “address types” rather than just address reuse. Even though address reuse risk remains relatively stable, structural exposure continues to accumulate.

This has led the market to gradually realize that, even though quantum attacks have not yet appeared in the short term, the costs and technical preparations for migration must be initiated in advance.

(Countdown to Quantum Threat? Vitalik and Venture Capitalists Warn: Cryptography Could Be Broken by 2028)

Community Proposes Three Key Technical Solutions to Address Quantum Risks

In response to quantum risks, the Bitcoin community has proposed several concrete technical directions, including:

BIP-360: Changing the “funding lock” method, replacing verification logic with pre-hash and post-signature, paving the way for post-quantum signatures.

BIP-347: Script instructions used for “splicing data,” based on hashing, enabling one-time signatures with future expandability at the script level.

Hourglass Mechanism: Limiting the spending rate of vulnerable UTXOs to ensure a more stable transition period.

Practically, Coinbase emphasizes best practices such as avoiding address reuse, transferring vulnerable UTXOs to new addresses, and establishing user-facing quantum preparedness procedures.

(Note: UTXO refers to unspent transaction outputs, which are still usable. Each Bitcoin transaction creates one or more outputs; as long as these outputs are not spent in subsequent transactions, they are called UTXOs.)

Is Post-Quantum Cryptography Really Necessary? Experts Mock: If You Can’t Even Factor 21, How Can You Break RSA?(

Dual-Track Response Strategy and Quantum Readiness Timeline Revealed

Coinbase cites research from Chaincode Labs, indicating that responses to quantum risks may follow two timelines:

Short-term Emergency Plan: If a sudden breakthrough occurs in quantum technology, protective measures can be rapidly deployed within about two years by prioritizing migration transactions.

Long-term Standardization Path: If no sudden events occur, a soft fork could introduce quantum-resistant signatures. However, due to larger signature sizes and slower verification, wallets, nodes, and fee mechanisms will need time to adapt, potentially taking up to seven years.

Currently, the most advanced quantum computers have fewer than 1,000 qubits, still far from the capability to crack Bitcoin encryption systems.

)Bitcoin Post-Quantum Upgrade Will Take 10 Years, Core Developers Say Short-term Quantum Threats Are Minimal(

This article, Coinbase Outlook 2026: Quantum Threats Not Yet Materialized, and Bitcoin Dual-Track Response Strategy Have Taken Shape, first appeared on Chain News ABMedia.