Executive Summary
Josh Mandell alleged quantum computers are stealing Bitcoin from dormant wallets. This claim is widely refuted by experts and onchain data, citing insufficient quantum technology. The debate highlights the ongoing long-term focus on post-quantum cryptography in the crypto industry.
The Allegation and Expert Refutation
Josh Mandell, a former Wall Street trader, asserted that a significant entity is deploying quantum computers to drain long-dormant Bitcoin wallets, particularly those belonging to inactive or deceased owners. His claim suggested that this accumulation occurs off-market, making detection reliant solely on blockchain forensics. Mandell provided no concrete evidence to substantiate these assertions.
However, industry experts, including Harry Beckwith of Hot Pixel Group and Matthew Pines of the Bitcoin Policy Institute, have broadly dismissed Mandell's claims. They emphasize that contemporary quantum technology does not possess the requisite scale, stability, or processing power to execute cryptographic attacks against Bitcoin's Elliptic Curve Digital Signature Algorithm (ECDSA). Current quantum machines typically operate with hundreds to a little over a thousand physical qubits, with significant error rates. Experts estimate that millions of error-corrected logical qubits would be necessary to effectively run Shor's algorithm against Bitcoin's 256-bit ECDSA keys within a practical timeframe. For instance, a 2017 study suggested that breaking a 256-bit elliptic curve could require 13 to 300 million qubits in hours, significantly exceeding the capabilities of machines like Google's Willow, which has 105 qubits.
Onchain data corroborates the expert refutations, showing no anomalous patterns indicative of quantum theft. Movements from old wallets are better explained by legitimate activities such as owner reactivations, inheritance transfers, or security upgrades. Attacks would only be plausible on wallets where public keys are already exposed, and even then, large-scale stealth drains would likely trigger red flags due to blockchain transparency.
Deconstructing the Quantum Threat to Bitcoin's Cryptography
While Mandell's immediate claims are unsubstantiated, the discussion highlights Bitcoin's underlying cryptographic vulnerabilities to future quantum advancements. The primary vulnerability lies in ECDSA, which secures wallet addresses and transaction signatures. This algorithm is theoretically susceptible to Shor's algorithm, a quantum algorithm capable of factoring large numbers. In contrast, SHA-256, used for proof-of-work mining and transaction hashing, is considered more resilient to quantum attacks.
The concept of a "harvest now, decrypt later" attack adds a layer of complexity, where encrypted data is collected today with the intention of future decryption by more powerful quantum computers. This forward-looking threat model necessitates ongoing research and development in post-quantum cryptography (PQC).
The consensus among experts places the realistic timeline for a full-scale quantum assault capable of dismantling Bitcoin's core algorithms at least a decade away, with some forecasts suggesting risks could emerge in the late 2020s, particularly for wallets with exposed public keys. The National Institute for Standards and Technology (NIST) recommends migrating to new cryptographic systems by 2035 to mitigate future quantum threats. Companies like IBM are making strides, with their "Starling" project aiming for a fault-tolerant quantum computer by 2029, potentially reducing physical qubit demands through innovative error correction.
Broader Market Implications and Post-Quantum Development
The debate surrounding quantum attacks on Bitcoin contributes to an uncertain and cautious market sentiment, as it underscores a potential long-term existential risk to the security model of cryptocurrencies. While the immediate threat is disproven, the discussion reinforces the need for continuous innovation and strategic adaptation within the Web3 ecosystem.
The industry is proactively addressing these future challenges through the development and adoption of post-quantum cryptography (PQC). NIST has standardized several PQC schemes, including CRYSTALS-Kyber for encryption, and CRYSTALS-Dilithium and SPHINCS+ for digital signatures, adding HQC as a backup in March 2025. These algorithms are designed to resist attacks from advanced quantum computers.
Blockchain platforms are actively integrating these quantum-resistant solutions. Ethereum, backed by the Ethereum Foundation, funds the ZKnox research group to develop PQC for its network. Its roadmap for 2025+ prioritizes quantum-resistant cryptography like STARKs (Scalable Transparent ARguments of Knowledge) and lattice-based algorithms. STARKs leverage hash functions, making them inherently quantum-resistant, and are being integrated into Layer-2 solutions like ZK Rollups. Hybrid migration strategies are also being explored to secure components across major blockchains like Bitcoin, Ethereum, Ripple, Litecoin, and Zcash. The continued evolution of the crypto landscape, including the potential for "lost" Bitcoin to become accessible via quantum advancements, emphasizes the dynamic nature of digital asset security.
source:[1] Are quantum computers stealing Bitcoin? Inside Josh Mandell’s claim and the pushback (https://cointelegraph.com/explained/are-quant ...)[2] Are quantum computers stealing Bitcoin? Inside Josh Mandell's claim and the pushback (https://vertexaisearch.cloud.google.com/groun ...)[3] Bitcoin's Quantum Shield: Industry Rushes to Fortify Against Future Cyber Threats (https://vertexaisearch.cloud.google.com/groun ...)