Coinbase's latest warning: The quantum risk of PoS chains exceeds that of Bitcoin

Recently, quantum computing FUD has resurfaced.

This time, the one sounding the alarm is Coinbase, the largest regulated exchange in the United States. On April 22, Coinbase’s Quantum Computing and Blockchain Independent Advisory Committee released a report that specifically pointed out that blockchains using proof-of-stake (PoS) mechanisms—such as Ethereum and Solana—may face greater quantum risks than Bitcoin.

What exactly did Coinbase say

First, let’s look at the core content of this report.

Coinbase’s advisory committee noted that PoS chains have two main risk points:

• First, validator signatures. Ethereum uses BLS signatures, while Solana uses ed25519 signatures. These signature mechanisms are the foundation for PoS chains to reach consensus. If future quantum computers become powerful enough to crack these signatures, attackers could forge validator identities, thereby threatening the security of the entire network.

• Second, wallet signatures. Whether PoS or PoW, user wallets use digital signatures to prove ownership, and they also face the risk of being cracked by quantum computers. The report specifically mentions that about 6.9 million Bitcoins across the network are stored in addresses where public keys have been exposed, which falls into the high-risk category.

But right after that, the report says an important point: there are currently no quantum computers that can crack modern cryptographic signatures; such machines would need to be far more powerful than today’s systems.

Coinbase’s spokesperson put it more plainly: customer assets are still safe today, and the industry should not equate “not urgent” with “not important.”

Why PoS chains are more vulnerable

Jiaochain has discussed in its book Practical Guide to Preventing Quantum Computing Threats that Bitcoin addresses come in two types: one is P2PKH addresses (starting with 1), which store a hash of the public key, with the public key itself not exposed; the other is P2PK addresses (starting with 04), which directly expose the public key. Only a few early old addresses have this format.

Satoshi Nakamoto said as early as 2010: to make Bitcoin addresses shorter, they use the hash of the public key rather than the public key itself. That means the security of transactions sent to a Bitcoin address depends only on the security of the hash.

Hash functions have a natural resistance to quantum computing. Grover’s algorithm can only reduce the difficulty of attacking a hash from 2^256 to 2^128, which is still an enormous number.

But PoS chains are different.

Ethereum validators need to use BLS signatures frequently to participate in consensus, and these signatures’ public keys are public. Solana is similar: its ed25519 signatures also expose public keys. This means that once Shor’s algorithm becomes practical, these exposed public keys can be directly worked backward to derive private keys, without any hash “shell” protection.

What’s even more troublesome is that PoS chains’ consensus mechanism itself relies on these signatures. As Coinbase’s report says: the challenge for PoS chains is not just upgrading wallets— the core consensus mechanism itself may need to be redesigned.

What about Bitcoin’s PoW mechanism? Coinbase’s report also provided an assessment: in theory, a quantum computer running Grover’s algorithm could solve PoW puzzles faster, but given the scale of today’s PoW puzzles, the overhead of running Grover’s algorithm exceeds its theoretical advantage.

In plain terms, the threat of quantum computing to PoS chains is far higher than the threat to Bitcoin mining.

The upgrade path: PoS chains’ unique challenges

Coinbase’s report also mentioned a key issue: Ethereum developers have actually already been taking action.

The report points out that Ethereum co-founder Vitalik Buterin proposed a plan as early as February this year to entirely replace BLS validator signatures, KZG commitments, and ECDSA wallet signatures with quantum-resistant alternatives.

That sounds promising, but the challenge lies in scale.

Coinbase’s advisory committee noted that quantum-resistant signatures are much larger than existing signatures, which will affect transaction speed, storage costs, and network throughput. For a network like Ethereum, which is already facing scalability challenges, this is not a small matter.

The report also raises a tricky question: what about wallets that will never upgrade? Lost keys, inactive accounts, abandoned wallets—if quantum attacks become possible, these assets will be permanently exposed.

This problem is more severe on PoS chains than on Bitcoin. Because Bitcoin users can migrate their coins to new addresses, but on PoS chains, staked assets and validator nodes involve the entire network’s economic security and governance structure.

Bitcoin’s preparedness and advantages

Jiaochain has always emphasized one viewpoint: Bitcoin is alive, and it can upgrade.

The Taproot upgrade at the end of 2021 has already paved the way for replacing signature algorithms in the future. The Bitcoin community has also been keeping a close eye on the latest developments in quantum-resistant algorithms.

Blockstream CEO Adam Back recently said in a Bloomberg interview that a cautious approach is to prepare Bitcoin so people have the option to migrate their keys to quantum-resistant formats. The longer Bitcoin users take to migrate their keys, the safer they are.

Coinbase’s report also acknowledges that Bitcoin’s core infrastructure—including the mining process, hash functions, and the historical ledger—is not considered to have any substantive vulnerabilities under the current understanding.

This is not because Bitcoin has any magic, but because it was designed more conservatively from the start. Features such as hash “shell” protection, not reusing addresses, and decentralized governance make Bitcoin much more composed in the face of quantum threats than PoS chains that chase high performance.

Conclusion

The true value of Coinbase’s report is not to create panic, but to give the industry a warning: quantum threats are real long-term risks that need to be planned for, but there’s no need to panic.

The final paragraph of the report says it well: a quantum computer with cryptographic relevance still needs to make a major leap from today’s systems, and upgrading wallets, exchanges, custodians, and decentralized networks is a multi-year effort. That is why we are releasing this report now: to ensure that discussions are grounded in science rather than hype, to clarify what truly faces risk, and to help the industry begin making practical migration decisions as early as possible.

In a long piece published earlier this year, a16z crypto also made a similar judgment: the likelihood of fault-tolerant quantum computing that can crack secp256k1 or RSA-2048 appearing within 5 years is extremely low.

Jiaochain’s stance has been very clear: stay alert, but there’s no need to panic.

It is true that the challenges for PoS chains are greater than for Bitcoin. But that doesn’t mean something will happen tomorrow. The industry has enough time to prepare, test, and upgrade.

After all, the most dangerous thing has never been the threat itself, but misjudging it—either overreacting in panic or completely ignoring it.