CZ outlines crypto’s survival plan in a quantum future
The latest research from Google has reignited a long‑running fear in the digital asset space: what happens to crypto when quantum computers become powerful enough to crack today’s cryptography? In response, former Binance CEO Changpeng Zhao (CZ) offered a blunt but strategic answer: the industry must upgrade its cryptographic foundations to quantum‑resistant standards – and it must start preparing now.
Google rings the alarm on quantum risk
On March 30, Google published a whitepaper warning that the cryptographic schemes underpinning most major cryptocurrencies are more exposed to future quantum attacks than many had assumed. According to the research, around 6.9 million Bitcoin (BTC) could be vulnerable under realistic quantum‑attack scenarios. That figure includes an estimated 1.7 million coins believed to belong to Bitcoin’s pseudonymous creator, Satoshi Nakamoto.
The threat is not about quantum machines instantly destroying Bitcoin tomorrow. Instead, it’s about an emerging class of computers that could eventually break widely used public‑key algorithms such as ECDSA and RSA. If that happens before networks migrate to quantum‑resistant schemes, attackers could potentially forge signatures, steal funds, or disrupt blockchains at scale.
CZ’s prescription: upgrade – and don’t panic
Reacting to Google’s findings in a post on X, CZ distilled the solution into a single directive: upgrade the cryptography.
> “All crypto has to do is upgrade to Quantum‑Resistant (Post‑Quantum) Algorithms. So, no need to panic.”
His message was deliberately calming, but not dismissive. Yes, the problem is technically solvable, and the theory behind post‑quantum cryptography (PQC) is already well‑developed. But in practice, migrating global, decentralized networks, wallets, and infrastructure to new cryptographic standards is a complex and politically charged process.
A coordination nightmare for decentralized systems
CZ emphasized that the real difficulty lies not only in the math, but in the coordination. To defend against quantum attacks, blockchains and crypto applications will need to agree on:
– Which post‑quantum algorithms to adopt
– How to roll them out without breaking existing systems
– How to migrate billions of addresses and smart contracts safely
Decentralized networks are famously resistant to unilateral changes. Every major upgrade triggers debates, competing proposals, and sometimes contentious hard forks. CZ acknowledged that this will almost certainly happen as communities argue over which PQC schemes are safest, fastest, and most future‑proof.
Some networks, especially smaller or abandoned projects, may never complete the transition. CZ suggested that in such cases, letting stalled or defunct projects quietly die might be preferable to keeping them alive as easy targets for quantum‑enabled attackers.
New risks in the transition period
Paradoxically, defending against quantum attacks will introduce new vulnerabilities in the short and medium term. Any large‑scale rewrite of cryptographic code is fertile ground for implementation bugs, side‑channel leaks, and unforeseen security flaws.
CZ highlighted two practical dangers:
1. Fresh code, fresh bugs – New cryptographic libraries and protocols will need extensive peer review, testing, and audits. History shows that even well‑studied algorithms can be undermined by subtle implementation errors.
2. User‑side migration – Holders who control their own private keys will have to move funds to wallets that support quantum‑resistant signatures. Every migration step, from generating new keys to interacting with upgrade tools, becomes a potential point of failure or social engineering attack.
For many users, the biggest risk may not be a quantum computer, but human error during the transition.
The Satoshi question: what to do with dormant coins?
CZ also raised a more philosophical – but highly practical – issue: Satoshi Nakamoto’s long‑dormant stash. The millions of coins attributed to Satoshi have never moved. Under today’s cryptography, that silence is generally interpreted as long‑term holding or permanent loss.
In a post‑quantum context, however, those same unmoved coins become a tantalizing target. If an attacker eventually breaks legacy signatures, Satoshi‑linked addresses could be among the most lucrative prizes on the network.
CZ suggested a controversial approach: if those coins remain untouched long enough, the community might consider effectively locking or burning them. The logic is simple:
– If Satoshi (or whoever controls those keys) eventually moves the coins, that strongly signals that the original owner is active and capable of migrating to new schemes.
– If they never move, permanently neutralizing those coins could remove a massive honeypot for future attackers and reduce systemic risk.
Such a step would raise major governance and philosophical questions about property rights, immutability, and what it really means for a blockchain to be “neutral.”
Ethereum and Bitcoin begin to adapt
While the debate is heating up, work on post‑quantum resilience is already underway.
On March 25, Ethereum (ETH) unveiled a dedicated resource hub focused on post‑quantum security. The goal is to centralize research, proposals, and educational materials on how Ethereum can harden itself against quantum‑enabled threats.
Ethereum co‑founder Vitalik Buterin has repeatedly stressed that preparing for quantum advances will require more than a simple swap of algorithms. Changes may be needed in:
– How accounts and keys are represented
– How signatures are used in transactions and smart contracts
– How data is stored on‑chain to avoid exposing information that future quantum computers could exploit
On the Bitcoin side, BTQ Technologies made a concrete move with the release of Bitcoin Quantum testnet v0.3.0 on March 20. This testnet implements the first working version of Bitcoin Improvement Proposal 360 (BIP‑360), which experiments with quantum‑resilient signature schemes in a Bitcoin‑like environment.
These early projects are still exploratory, but they show that the industry is treating quantum risk as a long‑term engineering challenge rather than an abstract academic concern.
What “post‑quantum” actually means for crypto
Beneath the headlines, “post‑quantum” is not a single technology, but a family of cryptographic constructions designed to remain secure even in the presence of powerful quantum computers. Instead of relying on the hardness of factoring or discrete logarithms, many PQC schemes are based on:
– Lattice problems
– Code‑based cryptography
– Multivariate polynomial systems
– Hash‑based signatures
For blockchain systems, the leading candidates tend to be lattice‑based and hash‑based schemes that can support digital signatures at reasonable speeds and sizes. However, each option involves trade‑offs:
– Some algorithms require much larger keys and signatures, impacting block size and transaction throughput.
– Others may be faster but newer, with shorter track records of cryptanalysis.
This is why CZ warns about potential disputes: the “best” post‑quantum algorithm for one network may be unacceptable to another, depending on priorities around performance, decentralization, and security assumptions.
Why “harvest now, decrypt later” matters
One subtle but critical aspect of the quantum threat is timing. Even if practical, large‑scale quantum computers are still years away, attackers can already start collecting sensitive data today – including public keys and encrypted communications – and store them for future decryption once the hardware catches up.
In the context of crypto, this means:
– Any address that has revealed its public key on‑chain (for example, by sending a transaction from a pay‑to‑pubkey output) could become vulnerable later if that key is not rotated into a quantum‑resistant scheme.
– Long‑term holders who rarely move funds may be especially at risk, as their keys might sit exposed on public ledgers for years before PQC migration.
This “harvest now, decrypt later” strategy is one reason why proactive upgrades are so important, even if quantum computers capable of breaking current schemes do not yet exist.
How users and projects can start preparing
While protocol‑level upgrades will take time and coordination, there are several practical steps that projects and users can start considering:
1. Inventory cryptographic dependencies
Projects should map exactly where and how cryptography is used – from signature schemes and key derivation functions to wallet formats and backup procedures. This makes it easier to pinpoint what must change in a PQC migration.
2. Design for agility
Cryptographic agility – the ability to swap out algorithms without redesigning the entire system – should become a core design principle. Smart contracts, wallets, and protocols that hard‑code a single scheme will face higher migration friction later.
3. Support key rotation and multi‑sig
Encouraging regular key rotation, and using flexible multisignature setups, can provide more options for transitioning to new algorithms without putting all funds at risk during a single cut‑over event.
4. Educate users early
When the actual migration wave hits, user confusion will be one of the biggest liabilities. Clear, early communication about what quantum risk is – and what it isn’t – can reduce panic and help users recognize legitimate upgrade tools versus phishing attempts.
Economic and market implications of a quantum scare
Quantum computing is as much a narrative shock as a technical risk. News that millions of coins could be vulnerable can shake market confidence, even if the practical threat remains distant. Traders may:
– Reprice long‑term risk for “old” assets that rely heavily on exposed public keys
– Favor networks or tokens that demonstrate clear, coherent PQC roadmaps
– React emotionally to alarmist headlines, causing short‑term volatility
At the time referenced in CZ’s comments, Bitcoin was trading around 66,833 dollars, down 1% over 24 hours and nearly 5% over the previous week. While those moves were driven by multiple factors, quantum headlines add another layer of uncertainty that macro traders and long‑term holders will need to factor in.
In the longer run, assets that successfully navigate a transition to post‑quantum security could emerge with stronger narratives and institutional confidence, especially among long‑horizon investors such as funds, family offices, and treasuries.
Why CZ remains optimistic
Despite outlining a messy road ahead, CZ’s conclusion is ultimately upbeat. He pointed to a fundamental asymmetry:
> “Fundamentally: It’s always easier to encrypt than decrypt. More computing power is always good. Crypto will stay, post quantum.”
In other words, as quantum computers gain power, so too can cryptographic defenses. New algorithms can leverage the same or greater computational resources to maintain a security margin. As long as the industry moves fast enough to upgrade its primitives, blockchains and digital assets can coexist with – and even benefit from – advances in computing.
Quantum computing does not spell automatic doom for crypto. It represents a forcing function: a push for maturing governance, better engineering practices, and more flexible protocol design. Those networks and projects that treat this as an opportunity to evolve, rather than a distant sci‑fi threat, are the most likely to still be standing in a post‑quantum world.