A heated debate erupted on X this weekend after Gabor Gurbacs, founder of Pointsville and strategic advisor to Tether, dismissed growing fears about Bitcoin’s vulnerability to quantum computing. In a series of posts, Gurbacs called the notion of a “quantum doomsday” for Bitcoin “pure FUD,” arguing that Bitcoin’s cryptographic foundations are already resilient and adaptable enough to survive future advances in quantum technology.
“There’s a lot of FUD around Bitcoin’s quantum risk,” Gurbacs wrote. “The fact is that Bitcoin’s security is anchored in hash-based proof-of-work, which remains quantum-resistant. Quantum doesn’t break Bitcoin.”
Bitcoin Is “Quantum-Resilient By Design”
Gurbacs pointed to the distinction between Bitcoin’s hash-based consensus and its signature scheme, arguing that the consensus layer—secured by SHA-256—is already resistant to quantum attacks. Grover’s algorithm only provides a quadratic speed-up, he said, which does not undermine Bitcoin’s proof-of-work. The primary theoretical weakness, he acknowledged, lies in Bitcoin’s ECDSA signatures, which could be vulnerable if quantum computers reach the scale required to run Shor’s algorithm effectively.
But according to Gurbacs, even that threat is mitigated by best practices and Bitcoin’s modular design. “The main quantum target (ECDSA public keys) is already mitigated by non-reuse of addresses and can be upgraded to post-quantum signatures,” he noted, referencing NIST’s newly standardized FIPS-205, which formalizes the Stateless Hash-Based Digital Signature Algorithm (SLH-DSA).
“Bitcoin’s long-term security model was designed precisely for adversarial upgrades,” he added. “The consensus layer is hash-based and quantum-resilient, and the signature layer is modular, meaning post-quantum schemes like SLH-DSA/SPHINCS+ can be integrated without disrupting monetary integrity or supply rules.”
That assertion drew immediate responses from crypto security veterans, including Messari co-founder Dan McArdle and Project Eleven’s Graeme Moore, who both warned that Gurbacs was underestimating the complexity and timeline of a network-wide post-quantum transition.
McArdle agreed that mining and proof-of-work are not at immediate risk but outlined three structural issues Bitcoin must still face: legacy P2PK outputs with already-exposed public keys, the possibility of mempool sniping (quantum theft during transaction propagation), and the large size of post-quantum signatures, which could force a controversial blocksize increase.
“Given all that,” McArdle said, “it’s best to get serious about quantum robustness now. It’s not an issue to kick down the road until the threat is imminent.”
Gurbacs pushed back, calling those risks “real but remote.” The few P2PK addresses are “small and scattered,” and the kind of quantum computers required for mempool attacks are “unbelievably fast and stable—which we’re nowhere near.” He added that BTC could absorb larger signature schemes or even a blocksize upgrade “before any realistic threat shows up.”
“I agree we should take quantum hardening seriously,” Gurbacs wrote. “I just don’t buy the idea that we’re close to a break—and scammers tend to abuse the quantum narrative. The bigger risk now is people panicking instead of looking at actual timelines.”
The Open Questions For Bitcoin Devs
Graeme Moore countered that complacency is the greater danger. Citing his firm’s research, he argued that a coordinated post-quantum migration could take six months or more even under ideal conditions and that “we could have a CRQC in a couple years.” He pressed Gurbacs on whether the Bitcoin community could realistically agree on adopting NIST-approved standards like SLH-DSA or ML-DSA—especially since Satoshi Nakamoto intentionally avoided NIST curves for distrust reasons.
Moore also raised the thorny question of what happens to unmigrated or “lost” coins in a quantum transition, including Satoshi’s early holdings. “Are you in favor of freezing Satoshi’s coins?” he asked. “Why or why not?”
Gurbacs replied that governance choices should apply equally to all unmigrated keys and rejected any “special rules.” He reiterated that the threat is not existential in the near term. “We’ll see weaker cryptosystems fall first,” he said. “That buys years of warning for picking schemes, implementing and testing, and allowing gradual opt-in rotation before the ‘oh shit’ moment.”
While Moore insisted that “we’re already at the ‘oh shit’ moment,” Gurbacs disagreed. “If a real CRQC existed at the level needed to break secp256k1,” he argued, “the first signs wouldn’t show up in Bitcoin. They’d show up in TLS, PGP, government PKI, and weaker ECC systems long before. That simply hasn’t happened.”
For now, Gurbacs’ position is clear: quantum computing represents a long-term coordination challenge, not an imminent collapse. “Quantum panic is misplaced,” he said. “Bitcoin’s architecture is adaptable, conservative, and mathematically robust. Quantum doesn’t break Bitcoin.”
Gurbacs has also received independent approval from OG Adam Back. Via X, the legendary cypherpunk wrote: “Bitcoin can just add a new signature type, and make a “quantum ready” taproot leaf alternative spend method, under taproot/schnorr. In that way you can be ready without paying the cost of large signatures until it becomes relevant. NIST standardized SLH-DSA aug 2024 only.”
He added: “If cryptographically relevant quantum computers are developed, then my guess is schnorr & ECDSA signature methods would be deprecated (become unspendable). IMO it’s a lot further away than 2030 so people should have time to migrate and be quantum ready long before.”
At press time, BTC traded at $85,984.
