Paradigm's Quantum Bitcoin Proposal Could Save Early Adopter Holdings Without Moving Coins

Approximately 1.7 million bitcoin sits in addresses vulnerable to future quantum computers, including roughly 1.1 million BTC linked to Satoshi Nakamoto's wallets. At current prices, that's about $75 billion in the founder's stash alone, potentially ripe for theft once cryptographically relevant quantum computers (CRQCs) arrive.

On May 1, 2026, Paradigm general partner Dan Robinson published a proposal that could offer these dormant coins a lifeline, one that doesn't require moving a single satoshi or revealing anyone's identity.

The Satoshi Problem Gets a Potential Solution

The proposal, called PACTs (Provable Address-Control Timestamps), tackles what Robinson and others call the "Satoshi Problem." Early Bitcoin addresses, particularly those from before 2012, used a format called Pay-to-Public-Key (P2PK) that exposes public keys directly on the blockchain. Once quantum computers become powerful enough, exposed public keys become crackable private keys.

This creates an uncomfortable dilemma. Either these coins eventually get stolen by quantum-equipped attackers, or Bitcoin implements something like the BIP-361 "sunset soft fork" drafted in mid-April 2026 by Jameson Lopp and others, which would freeze vulnerable addresses entirely. Neither outcome is particularly appealing.

PACTs offers a third path. Using existing tools like BIP-322 signatures and OpenTimestamps (ironically, a timestamping concept that traces back to Satoshi's original 2008 white paper), holders can privately create cryptographic proof that they controlled their keys at a specific point in time. No on-chain transaction required. No public announcement. Just a quietly timestamped proof stored offline.

How It Would Actually Work

The mechanics are straightforward in concept. A holder signs a message with their private key, then timestamps that signature using OpenTimestamps or a similar service. This creates verifiable proof that someone controlled those keys before quantum computers became a threat.

If Bitcoin eventually implements a quantum sunset that freezes vulnerable addresses, these pre-quantum proofs could enable redemption through STARK zero-knowledge proofs, a quantum-resistant cryptographic method that can verify the original signature without exposing it to quantum attack.

For individual holders worried about quantum threats, solutions like Casa already provide multi-signature setups that can incorporate multiple key types. As quantum-resistant signature schemes mature, multi-sig architectures offer a natural migration path, though Casa's current offerings focus on the immediate security benefits of distributed key management rather than quantum-specific features.

The Ongoing Quantum Debate

PACTs enters a Bitcoin community already wrestling with quantum preparedness. At Paris Blockchain Week earlier this year, Blockstream CEO Adam Back advocated for opt-in quantum-resistant upgrades rather than forced freezes. His position reflects a longstanding Bitcoin principle: users should control their own coins, even if that means accepting risk.

On the other side, Naoris Protocol CEO David Carvalho warned that dormant wallets would be "ripe for the picking" once CRQCs arrive, suggesting more aggressive protective measures may be necessary.

Robinson's proposal attempts to thread this needle by giving holders agency without requiring them to act publicly or immediately. It's compatible with either a soft fork approach or the status quo, at least until quantum computers force the issue.

Significant Caveats Remain

Robinson himself noted that PACTs needs substantial review before anyone should rely on it. The proposal requires cryptographer scrutiny, community consensus to support STARK verification in a potential future fork, and additional work to handle edge cases like multisig wallets and hardware wallet implementations.

"Holders should not rely solely on it yet," Robinson wrote, acknowledging that Bitcoin may never implement a quantum sunset at all. The proposal is a hedge, not a guarantee.

The Bitcoin community is currently reviewing the technical details. No fork is required to create PACTs proofs today, but actually redeeming them would require future protocol changes that haven't been agreed upon.

What This Means Going Forward

For holders of significant bitcoin in older address formats, PACTs represents a low-cost insurance policy. Creating a timestamped proof costs nothing in bitcoin and preserves optionality. If quantum computers never become a threat, or if Bitcoin finds another solution, the proof simply sits unused. If the worst case arrives, it could mean the difference between recovery and total loss.

The broader significance lies in what PACTs represents for Bitcoin's governance philosophy. Rather than forcing a choice between security and property rights, the proposal attempts to preserve both, letting holders prove ownership without forcing premature action or exposing themselves to current-day risks.

Whether the technical implementation survives peer review, and whether the Bitcoin community reaches consensus on quantum migration at all, remains to be seen. But for the first time, there's a concrete proposal for how Satoshi's coins (and millions of other early-era bitcoin) might be preserved through the quantum transition without anyone needing to know who controls them.