Selling Satoshi's Stack
Weâve made this report freely available, adding our two sats to the ongoing Quantum Computing discourse for Bitcoin. Please feel free to share, and we hope you find it a useful framework for thinking through the âfreeze or not-to-freezeâ problem of Satoshiâs coins. Gâday Folks, The quantum debate pertaining to Bitcoin is in full swing, and in particular relating to the potential freezing of quantum vulnerable supply. As I observe the debate, I have noticed one theme that just never seemed to match my intuition; that the hacking and sale of vulnerable coins would plunge Bitcoin prices into an impossibly deep, and possible fatal winter. Iâm calling bullshit on that claim. A central theme of my analysis in late-2025 was the tremendously large spot sell-side pressure that the market absorbed last year. Folks leveled blame at market manipulation, Jane Street, and quantum fears, but I just saw billions of dollars a day of revived supply coming from HODLers. Quantum bulls often quote the 6.9M vulnerable coins as being a sword of Damocles that threatens to kill Bitcoin should a CRQC ever come to market. As with most things, there is a tonne of lost nuance, and the devil is absolutely in the details. As an engineer by trade, a big part of my process is breaking down complex problems into bite sized chunks. I also feel like I have a somewhat unique lens into the Bitcoin market given my years studying the UTXO set via onchain data. In todayâs piece, I am going to present a case for why the fear-factor pertaining to the sale of quantum vulnerable coins is unlikely to be anywhere near as severe as many claim. I will also present an idea for further analysis of re-used addresses which is best picked up by data firms with comprehensive exchange, custodian, and entity labels. This report builds upon my first QC write up One Day, Satoshiâs Coins Will Move, which will be a valuable primer for this one. Disclaimer: This article is general in nature, and is for informational, and entertainment purposes only, and it shall not be relied upon for any investment or financial decisions. Today, Iâm returning to the quantum computing debate, and this time focusing on quantifying how much of a risk the vulnerable coins are to the market. There are approximately 6.9M BTC which are technically vulnerable to a cryptographically relevant quantum computer (CRQC). 1.7M are Satoshi Era P2PK coins, 214k are modern Taproot coins, and ~5M are those held in re-used addresses. Specifically related to the re-used addresses, I am very confident we can heavily handicap this 5M BTC, as a great majority of these are managed by custodians and exchanges. These entities are highly likely to be aware of the QC risk, and will upgrade accordingly. The Taproot coins are modern, and thus the odds the owner is alive is very high. They are also disproportionately associated with inscriptions, and if a QC attacker wants to steal 10k sats and a monkey JPEGâŠgood luck to them. The real risk are the 1.716M Satoshi Era P2PK coins, which many liken to a sunken galleon full of gold, there for the taking if the lock can be pried open. Assume the full 1.7M BTC is stolen and sold. When we compare this against a variety of sell-side metrics, such as revived supply, URPD supply changes, Exchange flows, and trade volumes, we get a very consistent result. The full 1.716M P2PK coins are equivalent to around 60-90-days of sell-side (and thus demand) we see in a Bitcoin bull market, but also in late stage bears around the capitulation event. In other words, HODLers routinely absorb this kind of sell-side, and especially when we remove the conservatism I build into this analysis, the picture becomes much less scary than the headline number. There is no doubt that a QC attacker selling all the P2PK coins would negatively impact the price. It probably creates a bear market. However, where will, I push back strongly, is it is nowhere near the âend-of-daysâ fatal sell-side many quantum bulls in the debate seem to claim. I close with some thoughts on the Hourglass compromise, where miners can only include one P2PK coin per block. I find this to be a very fair middle ground, which respects the current spending frequency of P2PK coins, and has their migration timeline nearly identical to the rest of us at ~270-days. In the conclusion, I also ask a more philosophical question; would the Satoshi entity really prefer to hoard their coins? Or would they rather them be distributed globally, and give people like you and I ownership instead. If a group of physicists and VCs really want to spend tens of billions to market sell Satoshiâs coins, you will find me on the other side of that, staying humble, and stacking Satoshiâs sats. This piece is not intended to opine on the probability of a cryptographically relevant quantum computer (CRQC) coming to market. I am also no physicist, and at this stage, the best I can do is read the research papers, and test them against various LLMs to better understand the problem and risk. My general opinion on the subject is as follows: It is clear the theoretical capabilities and resource requirements for a CRQC which can run Shorâs algorithm are coming down. The âon-paperâ ability of QCs to crack Bitcoinâs elliptic curve based signature scheme suggests a shortening timeline. There is considerably less acceleration in scaling the physical hardware space. Different quantum labs are using a variety of architectures, and there is little evidence of scaling quantum computers in production which are remotely close to the capabilities of running Shorâs algorithm for an attack on Bitcoin. Nevertheless, there is sufficient evidence of progress in the quantum industry, and I am unable to handicap the probability of a CRQC enough, to not take the risk seriously. I am of the view Bitcoiners should be supportive of the debate, development, and preparation of a (set of) credible post-quantum solution(s). Having a plan and not needing it, is a hell of a lot better than needing a plan and not having one. Now, the specific topic I want to address in this piece is about the risk of sold supply. The central reason I want to address this is I have seen claims in the debate which just feel extraordinarily hand-wavy to me, and I believe are based on incomplete premises. To paraphrase some of the claims I take issue with: âThere are 6.9M BTC vulnerable coins that a quantum computer will steal!. âWe simply must freeze vulnerable coins, because the sale of them will destroy the price, and then everyone will be rektâ. âBlackRock and Saylor will want to freeze the coins, and they have so many coins it would overwhelm the demand for the other side of any forkâ. Let me present a case for why these statements are all hyperbolic overestimates of the reality as I see it. We can generally break down quantum vulnerable supply into three main categories, based on WHY their public key is exposed: Vulnerable Script Types: This includes the Satoshi era P2PK, and Taproot P2TR address types, which expose the public key by default. Re-used Addresses: Irrespective of what address type is used, whenever you spend coins from it, the public key is necessarily exposed for verification purposes. Thus, any coins held in an address which has spent in the past, is QC vulnerable. Coins In Flight: The last two categories are long-range attacks, where the public key is exposed onchain, and a QC can take all the time they want to crack it. However, every coin is theoretically vulnerable whilst it is in the mempool waiting to be confirmed, called a short-range attack. This report will only be evaluating the first, and second categories. I have recommendations at the end for future work pertaining to the second category, which is best carried out by a data company with access to a comprehensive database of entity labels. The third category can only be solved by the development of post-quantum signing schemes, and is well outside my pay-grade. Bitcoin ReseâŠ
Send this story to anyone â or drop the embed into a blog post, Substack, Notion page. Every play sends rev-share back to Checkonchain Bitcoin Newsletter.