Paradigm researcher Dan Robinson published a proposal on May 1, 2026 for what he calls PACTs, a scheme designed to let long-dormant Bitcoin holders prove ownership of their coins before quantum computers can break the cryptography protecting them. The idea was outlined in a post on X flagged by Bitcoin News, and it targets a specific failure mode that has been on Bitcoin researchers' radar for years: coins parked in addresses whose public keys are already visible on-chain.
Why dormant coins are the soft target
Most current Bitcoin balances live behind P2PKH or P2WPKH scripts, which only reveal a hash of the public key until the coins are spent. That is the security model people usually cite when they argue Bitcoin is quantum-resistant in practice. Once a coin moves, however, the spending transaction publishes the actual public key. Anything held at an exposed key, including very old P2PK outputs from the network's earliest blocks and any address that has been used to send funds, becomes a candidate for an attacker who can run Shor's algorithm at scale.
Estimates of how much BTC sits in this vulnerable state vary, but research groups have placed the figure in the millions of coins, including the early-mining stash widely associated with Satoshi Nakamoto. At the BTC price of $78,410 as of May 1, 2026, even a small fraction of that supply is a meaningful target, and once a fault-tolerant quantum machine exists, those coins have no owner-side defence unless the owner moves first.
What PACTs are trying to solve
The hard part is not designing a post-quantum signature scheme. NIST has already standardized candidates, and Bitcoin Core developers have discussed soft-fork paths that would add a quantum-safe output type. The hard part is the transition. If Bitcoin simply announced a switch to a new signature scheme, holders would still need to move their coins to upgrade. Anyone who has lost their keys, anyone who is dead, and anyone who is intentionally inactive would be left behind. Worse, the act of broadcasting that legacy migration could itself create a feeding window for an attacker watching the mempool.
PACTs, according to Robinson's framing, attempt to break that race. The idea is to give holders a way to commit to ownership ahead of time, so that if a quantum threat materializes later, the network can recognize a pre-registered claim without the holder having to expose a public key under hostile conditions. The exact construction was not detailed in the surfaced excerpt, and the proposal is at the research stage rather than a Bitcoin Improvement Proposal with code attached.
Why Paradigm matters here
Robinson is not a peripheral commentator. He has been on the protocol-design side of Paradigm's research output for years, and the firm has historically pushed work that ends up on actual production roadmaps, including contributions on MEV mitigation, account abstraction, and intent-based architectures on Ethereum. A research note from him is not a deployment timeline, but it tends to seed serious follow-on work from core developers who treat his framing as a starting point rather than as marketing.
The other reason this matters now is that quantum-readiness has shifted from a theoretical tail risk to an item that institutional holders are starting to ask about. Custodians underwriting cold storage for ETF issuers, sovereign reserves, and corporate treasuries cannot easily price a "we will migrate when needed" answer if the migration itself requires the holder to be alive, attentive, and online during a narrow window. PACT-style mechanisms are an attempt to give those holders a defence that does not depend on perfect operational readiness.
What this does not change
PACTs do not protect coins whose private keys are already lost. If nobody can prove ownership, no scheme on the network side can keep an attacker out forever. The proposal is also not a soft fork yet, and any deployment would need broad miner and node-operator buy-in, the same political path that historically takes Bitcoin years even on uncontroversial upgrades. SegWit, the closest analogue in scope, took roughly two years from BIP draft to lock-in. A quantum-related upgrade would likely face a longer debate because it touches the most sensitive parts of the address space.
For self-custody users today, the practical takeaways are smaller. Move funds from any address that has reused a public key. Avoid sending change back to the same address. Prefer modern script types over P2PK outputs. None of this defeats a quantum attacker on its own, but it removes the easy targets while researchers like Robinson work on the harder problem.
Overview
Dan Robinson's PACT proposal is a research-stage attempt to solve the migration problem that quantum-resistant Bitcoin upgrades have always run into: how do you protect coins whose owners are absent? The mechanism would let dormant holders pre-commit to ownership claims before the threat arrives, sidestepping the open-mempool race that any standard migration creates. It is early, undeployed, and far from consensus, but it is the kind of work that tends to shape the eventual Bitcoin response, and it lands as institutional holders are starting to ask custodians for an answer beyond "we will move the coins later."
