A new note from on-chain analyst James Check is doing the rounds today, and it cuts against one of crypto's most reliable scare narratives. According to coverage in CryptoPotato published on April 25, 2026, Check argues that the population of Bitcoin actually vulnerable to a future quantum computer is far smaller than the headline numbers suggest: roughly 1.716 million Satoshi-era coins held in old Pay-to-Public-Key (P2PK) outputs, not the full circulating supply.
For context on the market this lands into, Bitcoin is trading at $77,566 as of April 25, 2026, down 0.3% on the day, with the broader Crypto Fear and Greed index sitting at 44 (Neutral). The quantum debate is not moving price right now, but it has moved price before, and it tends to resurface every time a new chip benchmark goes viral.
What Check Is Actually Claiming
The argument is structural, not dismissive. Bitcoin addresses come in different formats, and they expose different things to the public. P2PK outputs from the earliest blocks, including many believed to belong to Satoshi Nakamoto, sit on-chain with their full public key visible. A sufficiently powerful quantum computer running Shor's algorithm could in principle derive the private key from that public key.
Modern address types behave differently. Pay-to-Public-Key-Hash (P2PKH), SegWit, and Taproot addresses publish only a hash of the public key. The actual public key only appears on-chain at the moment a coin is spent. That distinction is the entire basis for Check's claim that the credible target set is around 1.716 million coins, not 19 million.
It also implies a specific defensive move for the rest of the supply: when a credible quantum threat materializes, holders can spend coins from old addresses into new, quantum-resistant address formats faster than a quantum attacker can race the same transaction through the mempool. That race condition still favors the holder in most realistic scenarios, provided wallet software is ready.
Why The Number Matters
A 1.716 million coin attack surface is large in absolute terms, but it is a different story from "all of Bitcoin is at risk." At today's price of $77,566, that subset is worth roughly $133 billion. That is real money, but it is concentrated in coins that have not moved in over a decade. The market has already partially priced this in: dormant supply trades at a quiet, mostly forgotten premium, and the assumption among long-term holders is that any movement from those wallets would itself be a market event regardless of the cause.
The piece also nudges back at the more aggressive framings circulating on X, where some posts have implied that a near-term quantum breakthrough would zero out Bitcoin overnight. Check's data point reframes the conversation: the worst plausible early outcome is a slow drain of clearly identifiable legacy coins, which the network and the market would see in real time.
What Would Actually Need To Happen
For the 1.716 million coin estimate to translate into actual losses, several conditions need to line up at once. A quantum computer would need to reach the qubit count, gate fidelity, and runtime stability required to break secp256k1 in usable time. As of today, public benchmarks from IBM, Google, and the leading academic groups are nowhere near that bar, and the gap is measured in orders of magnitude, not percentage points.
Even then, an attacker would need to choose dormant coins as their first target. That is a strange choice, because moving Satoshi-era coins is the loudest possible signal an attacker could send. The price reaction would be immediate, exchanges would freeze incoming deposits from the affected addresses, and any second target would have time to migrate.
The more realistic concern, and the one the Bitcoin developer community has been quietly preparing for, is in-flight transactions. When a user spends a modern address, the public key briefly appears on-chain in the unconfirmed mempool. A quantum-capable adversary with low enough latency could theoretically rebroadcast a competing transaction. Even there, fixes exist: post-quantum signature schemes are an active research area, and proposals like a soft fork to Lamport-style or lattice-based signatures have been floating around in BIP discussions for years.
What This Means For Holders Today
Nothing in Check's note is an argument for complacency, and nothing in it is an argument for action this week. The practical takeaways are smaller and more boring than the headlines suggest.
If you hold Bitcoin in a modern wallet (any address starting with bc1 or 3, or a fresh P2PKH address starting with 1 that has never been spent from), you are not in the 1.716 million coin set. Your exposure is to the in-flight risk described above, which is not yet a real threat. If you are still holding coins in a legacy P2PK output (almost no one is, outside of historical wallets) you would want to consolidate into a modern format before any credible quantum milestone, not after.
For institutions, custodians, and exchanges, the more useful planning question is signature migration: how quickly can wallet software, hardware wallets, and multi-sig coordinators ship quantum-resistant signing once a standard exists. That is a coordination problem, not a cryptography problem.
Overview
James Check's argument narrows the credible quantum attack surface for Bitcoin to roughly 1.716 million Satoshi-era P2PK coins, worth about $133 billion at today's $77,566 price. The point is not that quantum risk is fake, but that it is concentrated, identifiable, and defensible. For modern holders, the immediate action item is essentially zero. For the protocol, the open question is when post-quantum signatures get standardized and shipped, not whether the entire supply is on the clock.
