I'm posting the WHOLE article that's copied from X.
! It's very important that everyone in the BitcoinTalk community to start getting actual awareness about the thread of the Quantum Event that could happen at a shorter amount of time than originally projected.
How to resolve the matter of the Satoshi coins without a freezeThe Overton window moved quickly. A few months ago I was public enemy #1 for pointing out that elliptic curves might not survive the decade and Bitcoin’s cryptography would have to adapt. Now Bitcoiners are mostly sold and arguing instead about how and when we should upgrade to deal with quantum computers. Bitcoin developers have finally begun to publish details of what they are planning with regards to quantum – ironically in an attempt to dispel my claim that they aren’t doing anything.
The thing about the PQ transition is, it’s impossible as a Bitcoiner to claim that this protocol is cutting edge technology if Bitcoin, a monetary system predicated entirely on cryptography, is a laggard when compared to Google (migration by 2029), Cloudflare (2029), Ethereum (2029) and the US government (2030-2035). Leaving aside the obvious insanity of wagering the entire fate of a multi-trillion-dollar monetary network on the vain hope that technology does not advance quickly, it’s just plain old embarrassing for Bitcoin to be the very last mover when it comes to updating its algorithms. Some Bitcoiners associate quantum computing with Vitalik and questionable public equities and reflexively dismiss the risk the technology poses. But there’s no reason to hold the network hostage to the ancient traumas of some old time Bitcoiners. Bitcoin selects for cranks and crackpots: some of them will happily deny the empirical reality of quantum mechanics to make a point, but it’s just a simple matter of tuning them out.
Ok, so we are going to add PQ signatures to Bitcoin sooner or later. I can tell you roughly what it will look like. Following a soft fork, there will be an intermediate period when you can sign either with your ordinary ECC Schnorr signature or a fancy new PQ signature (or possibly more than one!). Anytime ahead of Q-day, the network participants can migrate according to their perception of the risk. And eventually, again ideally before Q-day, ECC-based signatures (ECDSA and Schnorr) will be disallowed entirely. Hopefully this happens in an orderly manner with no nasty surprises, and all active participants get the chance to rotate their wallets before Q-day arrives.
Then the real trouble begins. As a cryptographically-relevant quantum computer (CRQC) looms (there will be early commercial use cases before ECC256 is broken, but the ramp could be very quick), a massive debate will erupt in the Bitcoin community as to the fate of the 1.7m p2pk outputs which did not migrate. These are Satoshi’s and other early miners’ coins. It will be extremely fraught because both sides have opinions that are strongly held and completely reasonable.
The battle lines have already been drawnThe split has already begun to emerge: Freeze camp (financial investors, institutions, fiduciaries): for them, freezing is the obvious choice. These coins are presumed lost, their owners have had almost 20 years to do something with them, they are being negligent by not transitioning them to PQ. They have had sufficient notice. For institutions, there will be no choice. Either delist and completely forego all revenue pertaining to Bitcoin asset management products, or ensure that Bitcoin adopts a freeze fork. A world where 1.7m+ BTC end up in the hands of a potentially hostile actor is unacceptable to these people, because they are fiduciaries of their clients’ money. Bitcoin would suffer devastating volatility as these coins are recovered quantumly, not only through unexpected inflation, but also because the motives of the new owner are unknown. For this reason, I expect most custodians, exchanges, and asset managers to precommit to only honoring a freeze fork, much to the chagrin of the other camp. The best exposition of this view comes courtesy of Jameson Lopp (@lopp).
Do not freeze camp (hardcore Bitcoin maxis, some developers, ideologues): for many in this group, there’s no real debate: Satoshi set 21 million as the monetary parameter, and no one alive has the authority to arbitrarily modify that to 19.x million. Bitcoin doesn’t engage in selective “irregular state changes” like Ethereum did after the DAO was hacked in 2016. Even after 850k BTC were lost to Mt Gox, nothing was done at the protocol layer to recover the funds. It’s just not in our DNA. Not to mention that Satoshi and other early miners fairly acquired their coins, and those coins are their due reward for being early stewards of the protocol. Besides, if we let the institutions effectively coerce the Bitcoin community into a massive monetary change, we have forsaken the original decentralized premise of the network. Who knows what they might push through next if we grant them this power – a change to PoW? KYC at the protocol layer? Plus, the attacker wouldn’t logically market-sell all the coins. Even if they are “malicious” in some way, economic rationality suggests that they will simply hold the coins rather than selling them off instantly. Better to absorb the temporary volatility than compromise the network’s ideals, this group holds. The “do not freeze” camp is positioning the freeze as an “attack on Bitcoin”, ignoring the fact that of course the freeze acolytes are equal and valid participants on the network too. If you want to get a sense of this position, see some of the replies to Jameson in this thread.
Now the two groups are not cleanly divided. Strong bitcoin advocates that might fall in the “no freeze” camp are investors too, but they have different time horizons and exposures than the institutions holding BTC for clients. Some developers are loosely in the freeze camp too. Pieter Wuille, probably the most influential current Bitcoin Core dev, has said: Of course they have to be confiscated. If and when (and that’s a big if) the existence of a cryptography-breaking QC becomes a credible threat, the Bitcoin ecosystem has no other option than softforking out the ability to spend from signature schemes (including ECDSA and BIP340) that are vulnerable to QCs. The alternative is that millions of BTC become vulnerable to theft; I cannot see how the currency can maintain any value at all in such a setting. And this affects everyone; even those which diligently moved their coins to PQC-protected schemes.
You can find some more aggregated developer perspectives here.
But by and large, you can sort the two camps into hardcore, ideologically-motivated Bitcoin maxis (no freeze), and institutions and large investors (freeze). Or, in other words, “economic nodes” (big asset managers, institutions, investors) versus “the social layer” (Bitcoiners more concerned about principles than expediency). During the Blocksize war, the “social layer” is largely understood to have won out over the desires of the economic nodes.
Fighting the last war
Within the contours of this debate, there’s two main ways people expect it to go (and a secret third way). The most likely, in my opinion, is that the economic nodes win: the most important institutions in Bitcoin get together and sign a letter saying they will only recognize a “freeze” fork of Bitcoin as the “true” Bitcoin, with any other forks being incidental. The other alternative for these institutions is to delist Bitcoin and deprecate their Bitcoin practice entirely, which some might actually do, lacking the stomach for the fight. I am guessing that most of the large ETF issuers, to avoid fragmentation (how do you have a Bitcoin ETF that suddenly splits into two?) will strenuously avoid a value-destroying split and will decide early to champion only one side of the fork. The other side will be sold off and go into the corporate entity, not to clients. Exchanges might be more ecumenical, choosing to support both forks and “letting the best man win”, giving their clients the choice. But generally, I think the institutions will be strongly on the side of just supporting the freeze fork, because they simply cannot tolerate the liability of having their client assets zeroed out overnight by a rogue actor.
The other alternative is that Bitcoin’s “immune system” activates and we get a similar outcome to the Blocksize war, which is that the corporates back down and accede to the desires of the community. I think this is very unlikely – though many Bitcoiners will expect it to go this way – because 2026 is simply not 2017. In 2015-2017, the only active institutions were crypto-native – firms like the CME had only just barely begun to support Bitcoin and were not yet a factor, let alone asset managers or ETF issuers. So the crypto native corporates like Coinbase ultimately understood that there was no need to die on the hill of 2x or even larger block sizes, which allowed the “purists” to win out through the UASF and the activation of SegWit. 2x also failed because there was insufficient developer talent to push through the blocksize increase fork. That is not the case with the freeze fork. You will find plenty of developers willing to work on the freeze side.
Today, as I said, is different, because such a large fraction of BTC is held in corporate entities like Microstrategy or custodians, exchanges, and asset managers. The economic side simply has more sway today, and it’s much more concentrated into a dozen or so important firms, all of whom get a vote. Moreover, the case for freezing is much more economically obvious than the case to expand the blocksize, which was an economically marginal issue and more of an engineering question. And you have some influential developers and community members with tons of social cachet like Jameson Lopp and Pieter Wuille that have already come out in favor of a freeze, so the “ideological hardliner” side will be more divided.
So my base case is that the investors and institutions will win out, and they will do so cleanly by precommitting only to a freeze fork. Many Bitcoiners will complain but they will ultimately recognize the economic validity of the argument. They want to make money, too. Most people are not willing to let their nest egg and savings go to zero for the sake of ideological purity.
A secret third thingBut there is another way. Bitcoin doesn’t necessarily face a stark choice between economic doom and abandoning its founding principles. A possible “compromise” could be reached whereby the coins are rescued from their quantum plight while keeping Bitcoin’s monetary policy and ideological purity (mostly) intact. I’m speaking of a legal recovery or “salvage” of these vulnerable coins.
There’s one condition necessary to ensure this outcome: one or more US-based firms have to win the quantum race (which to me, looks eminently likely).
It would go like this. A US firm, whether it’s Google, or IBM, or one of the other quantum leaders (most of whom are US-based companies) acquires a CRQC first, and contracts with the US government to lawfully recover the 1.7m p2pk coins. They do not obtain ownership of these coins, but are rather appointed by a court as a neutral receiver or court-authorized custodian, tasked with securing and returning the assets to their rightful owners where possible and otherwise holding them in trust pending judicial disposition. This is analogous to the concept in maritime law of “salvor-in-possession,” in which a salvage firm recovers property from a vessel in peril and obtains a court-determined salvage award but not ownership of the recovered assets. This is, for instance, how the Titanic wreck is administered.
Some might say Satoshi’s Bitcoin would be treated more analogously to the “law of finds”, or “finders keepers” more colloquially. If property is considered to be abandoned, the finder who takes possession gets full ownership. I think this is much more unlikely, since US courts tend to require that the prior owner affirmatively relinquishes control, which is most likely never going to happen with Satoshi.
Salvor in possession, while not being the actual judicial doctrine employed (since Satoshi’s bitcoins are not literally a shipwreck on the high seas), is the best analogy and something that a court could reasonably look to for inspiration. In that case, Google, or whoever else it is that first builds a CRQC, would gain temporary exclusive authority to recover the 1.7m BTC which would be considered “imperiled” (since some other adversary might be close on their heels with a CRQC). Other firms would either be brought into a consortium or legally barred from attempting recovery. These coins would be swept into court-controlled addresses and sent into a receivership estate or trust structure. From there, claimants (Satoshi or other) could prove ownership, by providing conventional evidence that they did indeed mine the coins in 2009/10. This would be hard, but not impossible, if enough electronic records were kept. The salvor would get a salvage award commensurate with the difficulty and expense incurred. It could be substantial. In the case of the SS Central America, the salvor was awarded 90 percent of the roughly $150m in gold recovered. Though this is not the norm, and in cases where ownership was belatedly asserted, as with the monster $500m Nuestra Señora frigate recovery, the award can be 0% (Spain asserted an unbroken sovereign ownership claim – 200 years later).
The fate of the coins if unclaimed (and I believe few if any would be subsequently claimed by Satoshi or others) is a little muddier. In theory, the property would be escheated to the state, liquidated and the proceeds used, but with a perpetual liability attached – if Satoshi returns and demands their money. The size of the liability and the unclear domiciling of the coins (what state were they mined in? none? all?) suggests that this would have to be federalized in a kind of ad hoc process; no state would want such a huge liability. So what I think is most likely is the coins would ultimately come to rest inside of Treasury in the Bitcoin Reserve – claimable by Satoshi but effectively property of the US government.
Now this isn’t the most cypherpunk outcome, but most Bitcoiners already made their peace with the US government getting involved in Bitcoin and many vociferously supported the Strategic Bitcoin Reserve, so it’s not like Bitcoiners are allergic to the government getting involved in their protocol when it suits them. In this case, the USG would be doing us all a favor by proactively tackling the biggest threat to Bitcoin and ensuring the coins would not be dumped on the market – and doing it in a manner that required no arbitrary changes to the protocol layer.
The idea seems fanciful but I think it could genuinely take place. I actually wrote an entire speculative fiction short story premised on the idea last year entitled Trillion Dollar Salvage.
Now, what do I want to happen?
My preference, in order, is:
The coins are lawfully salvaged, held in Trust for Satoshi to claim, and ultimately escheated into the SBR
The Freeze
[a big gap]
3. No Freeze and Bitcoin dies valiantly
1 is preferable to 2, in my opinion, because if Bitcoin really does freeze the coins, then something about Bitcoin will truly have died. It would survive, but it will be forever changed – arguably not the same network Satoshi set up all those years ago.
https://x.com/nic_carter/status/2044834475796738280 
