This article was first published on Deythere.
The BTQ Bitcoin quantum testnet got launched in early January 2026 with a focus on crypto security. This permissionless Bitcoin fork replaces the standard Elliptic Curve (ECDSA) signatures with a post-quantum scheme (ML-DSA) standardized by NIST.
With 64‑MiB blocks for larger signatures, the testnet invites developers and miners to build wallets, mining pools, and transactions in a quantum-resistant environment.
BTQ’s CEO said that this live experiment is aimed at enabling Bitcoin’s security model to survive the quantum era. Importantly, the testnet demonstrates how millions of ancient Bitcoins, many dormant since Bitcoin’s early days, could be susceptible once quantum computers come online.
How are Old Bitcoins at Risk?
In Bitcoin, a public key is revealed on the blockchain when coins are spent. Many old coins are in outputs that already expose a public key (e.g., early pay-to-public-key (P2PK) and multisig scripts).
In a world where powerful quantum computers exist, these public keys could be input into Shor’s algorithm to obtain the private key and empty the wallet. This longer-term risk is what’s known as “old BTC risk”.
Bitcoin’s quantum weakness boils down to vulnerable public keys. Old scripts or address reuse kept keys permanently onchain, meaning that coins in those addresses will continue to be at risk until spent.
Modern addresses which use hashed public keys like P2PKH or taproot key-path spends, generally avoid early key exposure, so they are less immediately at risk.
In essence, the old BTC risk is carried by early-age minted coins often sitting still on P2PK outputs and wallets that reuse addresses.
Bitcoin Quantum Testnet: Design and Changes
BTQ’s Bitcoin Quantum testnet is a Bitcoin Core fork that replaces cryptography with quantum-safe variants. The most important change is the signature algorithm where Bitcoin’s ECDSA (and Schnorr for taproot) is replaced by ML-DSA, a lattice-based signature scheme that has been standardized as FIPS 204 for post-quantum security.
Since ML-DSA signatures themselves are much larger (about 38-72× the size of an ECDSA signature), the testnet increases the block size to 64 MiB in response to them.
Everything else (proof‑of‑work, UTXO model, scripting) operates the same as Bitcoin’s, but with bigger cryptographic proofs. In other words, every transaction and address on the testnet can be secured against future quantum attacks at the cost of more bandwidth and storage.
The following table outlines some of the differences between the Bitcoin mainnet and the BTQ post-quantum testnet:
| Feature | Bitcoin Mainnet | Bitcoin Quantum Testnet |
| Signature algorithm | ECDSA (secp256k1, Schnorr) | ML-DSA (NIST-standard post-quantum) |
| Block size limit | 1 MiB | 64 MiB |
| Launch date | 2009 (Genesis) | Jan 12, 2026 |
| Purpose | Original Bitcoin currency | Open testbed for quantum resistance |
The primary goals are to allow miners, developers, researchers and users “battle-test” post-quantum cryptography (PQC) in a secure environment.
Participants can mine blocks and send quantum-secure transaction CSRs to each other to audit the ML-DVSA without using any real Bitcoin.
It also aids in qualifying engineering trade-offs and facilitates coordination for a potential mainnet upgrade. In other words, the Bitcoin quantum testnet shows what a quantum-resistant Bitcoin looks like and would require, well before a threat becomes real.
The Risk of Old BTC: Keys and Addresses in Danger
Not all Bitcoin is equally susceptible to quantum attack. The threat model is focused on public key exposure. If one has only a Bitcoin address which typically contains the hash of the pubkey, then there is no immediate exposure. But if the pubkey is already onchain, a future quantum computer could be able to reverse-engineer the private key.
Such is the case with traditional outputs (P2PK and P2MS) and even some Taproot key-spend outputs.
Once an output already exists with a published public key, the coins within it are permanently vulnerable to quantum attacks from any distance.
BTQ and independent analysts guess that between 6.26 to 6.65 million BTC ($650-$750 billion at current rates) are stored in those “exposed-key” addresses. This figure includes approximately 600k-1.1m BTC believed to be Satoshi Nakamoto’s earliest coins.
On the other hand, coins in modern addresses (P2PKH or unused Taproot keys) aren’t exposed until they become spent, so their short-term risk is low (only the brief time a transaction is broadcast).
So “old BTC risk” is meant to refer to this accumulated stock of old coins whose public keys have already been known. It is a history-bound static risk, not a dynamic one that all of a sudden affects every single coin.
P2PK outputs are only 0.025% of the UTXO set, yet they lock up 8.7% of BTC supply (1.72 million Btc). These are mostly early coins left to sit unregarded for years.
Value-wise, most of the old BTC risk comes from these small amounts of P2PK outputs. Multi-sig (P2MS) outputs are also keyed by pubkeys, but are of much lower value.
Even Taproot (P2TR), though prevalent by count (32.5% of UTXOs), only masks a tiny fraction of funds; roughly 0.74% of BTC supply (146,715 BTC) under key-path spends
Not only that, but address reuse makes risk worse, because by reusing an old address, a wallet keeps the pubkey on the chain and continues to expose the entire balance forever.
Institutional Perspective and Mitigation Path
The decision to create a Bitcoin quantum testnet shows how the crypto and finance sector is becoming more conscious. Quantum computing is now being treated as a material threat to the blockchain asset class by major institutions.
For instance, BlackRock’s $64B AUM Bitcoin fund (IBIT) updated the disclosure on quantum threats to say that further quantum progress could compromise the security of the Bitcoin network and result in losses to Shareholders.
CEO of VanEck has also warned that they would leave Bitcoin behind if the project’s cryptography is fundamentally broken.
The U.S government seems to be taking it seriously. The Department of Defense currently requires that classic cryptography must be phased out by 2030.
A recent study by the Federal Reserve on “Harvest Now, Decrypt Later” warns that adversaries are already amassing blockchain data now to decrypt later, calling it an “active threat”.
Ethereum founder and co-creator Vitalik Buterin spelled out a 20% chance of quantum computers breaking current crypto by 2030, urging networks to be ready by the mid-2030s. All of this helps explain why BTQ’s experiment is so well-timed.
The Bitcoin community understands that the transition to post-quantum crypto is going to be long and complex. Solutions such as Bitcoin BIP360 (Pay-to-Tapscript-Hash) are being studied to reduce exposure without immediately committing to a specific new signature.
Such schemes try to keep the advantage of Taproot whilst getting rid of the on-chain public key. But even these measures are more difficult to implement and require a high level of consensus among participants on the network, as well as technical work.
No new standard is being forced upon the main Bitcoin chain by BTQ’s testnet, rather BTQ is showing what change costs.
Through the operation of a large, open PQ-sandbox, developers will be able measure factors like block propagation delays, signature verification load, and space requirements. Early data (e.g. ML-DSA signatures at 3-4 kB each) show how much larger the transactions could get with a full PQ upgrade.
In all, the Bitcoin quantum testnet reveals that upgrading Bitcoin to be secure against quantum attacks is predominantly an engineering and coordination issue.
It is obvious that the “old coins”, the ones already having public keys exposed, are where first losses would occur in a quantum attack. But it also confirms that every Bitcoin user can protect their funds, by switching to new addresses and supporting incremental fixes.
By testing in a real-world setting, it helps guarantee that when quantum computers do arrive, the Bitcoin ecosystem has had an opportunity to vet solutions and minimize unwanted surprises.
Conclusion
Bitcoin quantum testnet draws attention to the concentrated risk that old Bitcoin holdings face, and to the practical challenges of defending a network against future quantum threats.
The BTQ open demonstrates that without action, coins having exposed public keys (approximately 6-7 million BTC) will be at risk whenever quantum processors become strong enough to threaten them.
At the same time, it shows how post-quantum signatures (such as ML-DSA) would work and what trade-offs they have. This means Bitcoin’s old wallets, notably those originating from early mining addresses, have a very particular risk profile now and preparing for quantum computing will involve both technical upgrades and broad coordination.
BTQ’s testnet doesn’t demonstrate that Bitcoin will be broken imminently, but it does prove its concerns in concrete terms; that Old BTC risk is real and measurable, and worth addressing before a quantum threat becomes imminent.
Glossary
Quantum computer: A machine that operates using qubits and that can, for some (not all) problems, perform calculations such as factoring or discrete logarithms far faster than classical computers.
Public key / Private key: In Bitcoin, a private key is a secret number used to sign transactions. Its corresponding public key stays hidden in a Bitcoin address at least until the coin is spent.
ECDSA: Elliptic Curve Digital Signature Algorithm, the signature scheme that Bitcoin uses today (based on the secp256k1 curve).
ML-DSA: Module-Lattice Digital Signature Algorithm, a lattice-based signature scheme approved by NIST (FIPS 204). It is secure from quantum attacks. BTQ testnet employs ML-DSA instead of ECDSA
Shor’s algorithm: A quantum computing algorithm for factoring large numbers and solving discrete logarithms efficiently.
UTXO (Unspent Transaction Output): An entry on the Bitcoin blockchain that shows coins received by an address but not spent.
Taproot: A Bitcoin upgrade (activated in 2021) that, among other improvements, reduced onchain data used by multisig or script operations.
Pay-to-Public-Key (P2PK): An early Bitcoin output type, which simply contains a public key directly in the locking script.
Frequently Asked Questions About BTQ Bitcoin Quantum Testnet?
What is the BTQ Bitcoin Quantum testnet?
It is a permissionless Bitcoin fork that was announced in January 2026 by BTQ Technologies. The testnet swaps out Bitcoin’s standard signatures (ECDSA) for an NIST-standard post-quantum signature scheme (ML-DSA), and increases the block size to 64 MiB in order to accommodate larger signatures. It enables miners, developers and users to play with quantum-resistant Bitcoin transactions without risking any of the actual Bitcoins that are on the real Bitcoin network.
What does “old BTC risk” mean?
Old BTC risk refers to old outputs where the public keys are already exposed on the blockchain. If a quantum computer were to run Shor’s algorithm, it might be able to find the private key for a known public one and spend those coins. As such, coins in old scripts (especially early P2PK addresses) or recycled addresses now have a higher long-term risk. Current addresses (such as P2PKH or unspent Taproot) doesn’t suffer from this problem until they are spent.
How many Bitcoins are at risk due to advancements in quantum computing?
According to analysts, between 6.26 and 6.65 million BTC are at risk by being contained in addresses that have exposed public keys. This encompasses coins that were minted early on by Bitcoin’s creator(s) and early adopters. These are in the range of $650 to $750 billion worth of Bitcoin, and this is why it’s serious.
In what way does this replacement of ECDSA with ML-DSA fix things?
ML-DSA is a post-quantum signature algorithm. Swapping out ECDSA for ML-DSA ensures that a quantum computer, if one were to materialize, would not be able to easily crack the cryptography used to secure transactions.
When might a quantum threat against Bitcoin actually materialize?
Estimates vary widely. A rough estimate around 20% chance by 2030, is given by some experts and leaders like Vitalik Buterin.
References:
For advertising inquiries, please email . [email protected] or Telegram
