Bitcoin developers are mostly not concerned about quantum risk
Recently some Bitcoin developers have begun to push back at my and others’ assertion that Bitcoin developers are not concerned about quantum risk.
That an influence-weighted majority of Bitcoin devs have longer timelines on quantum or dismiss the threat entirely should be obvious to anyone that has paid attention to the discussion, but let’s evaluate Matt’s claim concretely.
I knew this to be true already, having followed the discussions, but I was actually surprised when I did this exercise at how completely indifferent the most important developers were.
A quick note on methodology: if you aren’t aware, who controls the levers of power in Bitcoin development is kept deliberately opaque. When Craig Wright was harassing Bitcoin devs, some devs “stepped down” or “retired” while still remaining contributors to avoid his legal machinations. The list of Core Maintainers – the people that actually push updates to Bitcoin Core – is not a list of “most important Bitcoiners”. It’s just people that have been entrusted with a bureaucratic task of pushing updates. Since Gavin Andresen, they deliberately disclaim responsibility and ownership over Bitcoin. The Maintainers want to make it absolutely clear that they are not “in charge” but rather a nebulous consensus of stakeholders is. They will often claim to represent “the will of the people” in some vague Rousseauian sense.
Of course, they do not go around asking Bitcoiners worldwide whether they agree with a change. The actual way it works is, if you get a half dozen of the most influential developers to agree that a change is important, you might be able to get it through. This is very hard and unusual, and as a result, change almost never occurs. Bitcoin has only made two updates in the last decade. So the way it is structured is that you need virtually everyone who is perceived as important to agree on something. As you might imagine, this leads to gridlock and inaction. That’s been fine so far, but now that Bitcoin actually has to make fairly drastic changes in the face of an uncertain but accelerating threat, it’s precisely the wrong governance structure. Bitcoin has never actually faced an existential crisis in the modern era; the last time there were actual existential issues (2013 and 2010), the governance was still sufficiently centralized that a quick fix could be deployed.
So even though this is heretical, and Bitcoin developers will surely be upset that I’m exposing their deliberately structureless governance structure, I’ll take a stab at determining which developers have the most perceived authority.
(A quick note on my credentials: I’ve been following Bitcoin professionally for a decade, I wrote my master’s thesis [PDF] on Bitcoin governance, I have (through Castle Island) provided financial support bitcoin dev organizations, I have given many talks at Bitcoin conferences, I have met and had discussions with many of the developers named here personally. No one has Bitcoin governance truly mapped out, but I have a better perspective than most.)
I am aware that people will bristle at my ranking of Bitcoin developers by perceived influence, but it has to be done for the purpose of this exercise. We need to know who matters, so we can assess whether the most important Bitcoin devs are prioritizing quantum risk. You may pick holes in my ranking or suggest an alternative, but the only thing that matters is that I correctly identify the main gatekeepers.
The reason this is hard to do is because, again, Bitcoin devs keep the levers of power deliberately opaque from the public. I have been focused on this for a very long time so I have a good sense of who matters, but this is indeed a very hard exercise, and that’s because the developers themselves want it that way.
The most important Bitcoin developers/founders, in my opinion are Pieter Wuille (number 1 by far), Greg Maxwell, Jonas Nick, Anthony Towns, Adam Back, Gloria Zhao, Alex Morcos, Marco Falke, and Andrew Poelstra, Mara van der Laan, and Peter Todd. Their affiliations are listed.
Pieter Wuille was the coauthor of SegWit and the primary author of Taproot, the only two major changes to Bitcoin in the last decade. He created libsecp256k1. He wrote the Schnorr signature specification. He coauthored BIP9. He’s the most important Bitcoin developer as far as major changes are concerned, by far. Mara van der Laan (formerly Wlad) was the lead maintainer of Bitcoin Core between 2014 and 2021, stepping down officially in 2023, but she has apparently un-retired and is back in some meaningful capacity. Michael Ford is the longest-tenured active maintainer at Core and is quietly influential, even if he does not author BIPs. Andrew Poelstra is the least visible of all of the “very high influence” developers, but he is enormously influential – a developer’s developer, a Steely Dan of sorts. He was a co-creator of Taproot and the Schnorr implementation among many other huge contributions to crypto generally.
Morcos runs an important developer organization, Chaincode. Gloria is the most prominent current Core Maintainer (the set of people that actually push changes to Bitcoin). Greg Maxwell is a legendary and opinionated developer. Adam Back was cited in the white paper, co-invented Hashcash, and runs Blockstream. Marco Falke was an extremely active reviewer in Core although he stepped back from being a key-holding Maintainer in 2023. Jonas Nick was one of the principal authors of Taproot. Peter Todd is a longtime and multifaceted Bitcoiner that invented RBF among many other things. He is known for adversarial thinking and blocking unsafe changes. I would have included LukeDash but his influenced has waned somewhat, lately.
Everyone named here has enormous soft power. Collectively, they determine whether an update gets considered and eventually implemented. If you can’t convince basically everyone on this list of the importance of your update, it won’t happen. These are the people we refer to when we talk about the High Priests of Bitcoin.1
The other developers and thinkers in the lower part of the list are important, without a doubt – I mean we’re talking about a few dozen people stewarding a trillion dollar asset, so I don’t want to diminish their contributions at all – but they aren’t the gatekeepers, in my opinion. However, their views still matter a tremendous amount, so I’ve catalogued them here.
What the most important Bitcoin developers actually think about quantum risk
Let’s start with the high priests.
Pieter Wuille, Feb 2025 (source)
I certainly agree there is no urgency right now, but if (and only if) cryptography-breaking QCs become a reality, the ecosystem has no choice but disabling the spending of coins through schemes that become broken, and needs to have done so before such a machine exists.
April 2025 (source)
I’m unconvinced about the practicality [of Ethan Heilman’s proposal], but I’m happy to see thinking and discussion in this area.”
July 2025 (source)
I believe the main quantum-related threat to bitcoin, at least in the medium term, is not the actual materialization of a cryptographically-relevant quantum computer (CRQC), but the belief whether one may exist soon after. I don’t mean to imply that such a machine won’t ever appear, but I believe the fear that one may exist will likely have a more meaningful impact, and come much earlier. To be clear, I am not advocating for any specific cause of action here. Not on BIPs, timelines, approach, or even whether something should be done at all.
Pieter participates in discussions on quantum risk, but does not believe there is any urgency. To him, the problem is people selling because they are worried about it. (Which is happening, by the way.)
Mara Van Der Laan, Jun 2015 (Source)
Sure, most extreme: if secp256k1 or SHA256 starts to show chinks in its armor, or practical quantum computing is getting powerful enough to factor discrete logarithms of those sizes, I don’t doubt everyone would go along with a proposal to add new crypto algos.
Mara was a longtime Maintainer of Bitcoin Core, later retired, now unretired. She has addressed quantum in her historical posts but hasn’t indicated whether there is a risk of not.
Peter Todd, July 2025 (source)
For all the claims of progress on quantum computing hardware, the fact still remains that no-one is even close to demonstrating cryptographic-relevant quantum computing capabilities and the actual cryptographic-relevant capabilities of real hardware are laughable. It’s still an unknown whether or not they are physically possible, and outside of the part of the physics community that would like to sell you a quantum computer - or research developing one - they’re widely beleived to be not physical.
Adam Back, November 2025 (Source)
Probably not for 20-40 years, if then. And there are quantum secure signatures, NIST standardized SLH-DSA last year. Bitcoin can add over time, as the evaluation continues and be quantum ready, long before cryptographically relevant quantum computers arrive.
Though Adam Back leads an organization where post-quantum research occurs, his personal assessment of the risk is that we are still decades away from having anything to worry about. He has been explicitly clear about this and derided my concerns as FUD. In my opinion, this discredits the research being published under him. I don’t see how you can use Blockstream research to claim that developers are worried if the CEO is saying things like this.
Gloria Zhao, Aug 2024 (Source)
I think people sometimes worry about quantum computers, and I think that concern is a bit more interesting [than worrying about AI attacks on Bitcoin], on the timescale of 30 to 50 years.
Greg Maxwell, Dec 2025
Greg has discussed post-quantum signatures on a couple exchanges but has made no mention of his assessment of the risk. (I also reviewed his entire Reddit history.) This is surprising because he is normally extremely opinionated.
Jonas Nick, Feb 2025 (source)
Thanks for your work on BIP 360. I think now is a good time to develop and discuss concrete PQ proposals.
Happily, Jonas is one of the most active PQ-researchers in the Bitcoin community. He published a paper on hash-based post-quantum signatures.
Anthony Towns did discuss quantum attacks back in 2018 but did not make any assessment of the risk.
Andrew Poelstra, March 2021 (source)
Andrew, an influential researcher at Blockstream, has not publicly commented on the risk, though he did say in 2021 that he was not concerned about Taproot adding quantum vulnerability to Bitcoin.
Alex Morcos, Michael Ford, and Marco Falke have not, as far as I can tell, publicly mentioned quantum risk at all, so I’m assuming they are unconcerned. (I know quantum research is happening under Morcos, but he hasn’t said anything.) They are welcome to email or DM and correct the record if they think I am mischaracterizing their views.
To summarize, a majority of the most influential Bitcoin leaders have never even acknowledged quantum risk. Those who do acknowledge it, with the exception of Jonas Nick, view it as theoretical, distant, or non-actionable. Peter Todd and Adam Back explicitly deny the risk. The most influential Core Maintainer, Gloria, denies that there’s any near term risk. Greg Maxwell has never mentioned the risk. And Pieter Wuille, the number one most important developer, acknowledges the problem, participates in discussions, but explicitly says it’s not a risk or priority today.
As a reminder, without these people on board, your update to Bitcoin will fail.
The current verdict is simply that the most influential Bitcoin devs do not care.
What the other Bitcoin developers think
Luke Dashjr, Dec 2025 (source)
Quantum isn’t a real threat. Bitcoin has much bigger problems to address.
Luke explicitly does not consider it a threat. He is historically one of the more influential and active Bitcoin developers, though he is at odds with Core now.
Matt Corallo, March 2025 (source)
(In response to Jameson’s “Against Allowing Quantum Recovery of Bitcoin”) “I think this is a strong motivation to do “simple PQC” today - while we don’t need to decide on the tough question of seizing non-PQC coins today, we want to have the option to do so in the future. In order for that option to be practical, wallets need to be embedding PQC public keys in their outputs probably at least a decade before the seizure occurs, with any additional time giving us an important safety margin. Thus it seems like time we add the simplest form of PQC we can - a trivial P_HASHBASEDSIG (probably SPHINCS+) to tapscript to enable wallets to have hidden PQC keys (including multisig) in their taptrees.
Matt Corallo does care. He does think there is a risk. But he explicitly denies my point that the most important developers do not care. He has labeled my criticisms “FUD”. Matt may be privy to some secret knowledge I do not possess. Maybe in private, the devs are tearing their hair out in fear of quantum. But in public, they are acting like there is no risk whatsoever.
Robin Linus, July 2025 (source)
Dogs are more scary than quantum computers
Robin is the author of BitVM and a respected researcher in the space.
Mark Erhardt (Murch), Nov 2025 (source)
Of all the things that might keep me awake at night, quantum computers are not one of them. Most of the ppl thinking it’s around the corner are ones trying to raise more funds to burn on their research. Please feel free to make fun of me if we see a CRQC in less than 20 years.
Antoine Poinsot, March 2025 (source)
(In reply to my claim that influential BTC devs are understating the threat)
I think the exaggeration undermines your (valid) point about uncertainty.
It also exacerbates what i think is the real material threat for the upcoming decade, which is the perception of an imminent existential quantum threat by important stakeholders.
Olaoluwa Osuntokun (roasbeef), Jul 2025 (source)
Laolu gave a talk on PQ hash-based signatures at the Presidio Bitcoin Quantum Bitcoin Summit. He kept it strictly technical and did not make an assessment of the risk.
Tadge Dryja, July 2025 (source)
(in response to Jameson’s post-quantum proposal): “Sure, there can be risks from CRQCs. But this proposal would go the other direction, disabling important functionality and even destroying coins preemptively, in anticipation of something that may never happen.
Tim Ruffing, July 2025 (source)
Tim published a paper entitled “The Post-Quantum Security of Bitcoin’s Taproot as a Commitment Scheme,” though he hasn’t commented directly on the risk, as far as I can tell. To his credit, he has been at it for a long time, even publishing a paper on post-quantum confidential transactions in 2017.
Gregory Sanders (instagibbs), Dec 2025 (source)
(In a reply to Scott Aaronson’s comments on rising quantum risk) Proof will be in the pudding and I’ll change my tune. Until then skepticism reigns.
Jeremy Rubin, July 2021 (source)
Fun Fact: Satoshi removed post quantum security from bitcoin in a 2010 hardfork.
Good News: Bitcoin can be made quantum secure *again* by reenabling OP_CAT or similar.
Jeremy has been concerned about quantum longer than most.
Amiti Uttarwar, Jan 2026 (source)
I think the conversation of the threat of quantum is really interesting. Several people who I consider smart, who have been engaged in this, think that quantum is an existential threat to Bitcoin
Augustin Cruz, Feb 2025
In 2025, Augustin published QRAMP, a quantum migration proposal, which has since been deleted.
Mikhail Kudinov, 2025
Mikhail co-authored Hash-based Signature Schemes for Bitcoin with Jonas Nick and is primarily focused on PQ crypto as his research agenda, so it’s fair to say he is concerned.
Ethan Heilman, Feb 2025 (source)
I strongly believe Bitcoin will need to move to PQ signatures in the near future.
Ethan has worked on several post-quantum proposals for Bitcoin, and has recently signed on to BIP360. He is one of the strongest advocates for a post-quantum transition.
Jameson Lopp, Jul 2025 (Source)
We seek to secure the value of the UTXO set and minimize incentives for quantum attacks. […] Never before has Bitcoin faced an existential threat to its cryptographic primitives. A successful quantum attack on Bitcoin would result in significant economic disruption and damage across the entire ecosystem. […] NIST ratified three production-grade PQ signature schemes in 2024; some academic road-maps now estimate a cryptographically-relevant quantum computer as early as 2027-2030
Jameson has also been extremely active in sounding the alarm on quantum, both in terms of formal migration proposals and opening the discussion around the fate of Satoshi’s coins. Though he is not a core developer per se, he has been one of the most strident advocates for a transition.
Jonas Schnelli, Dec 2025
(Responding to a tweet saying “quantum computers aren’t coming tomorrow”), “For everyone predicting quantum doom, read this” (Source)
Jonas is an influential former Core Maintainer, now retired from Bitcoin work. He has downplayed the risk.
Anthony Milton
Anthony is a low-profile but very active researcher in the Bitcoin post-quantum space. He coauthored Chaincode’s important Bitcoin and Quantum Computing report and runs PQ-Bitcoin.org where he advocates for Bitcoin to upgrade.
Clara Shikhelman
Clara is head of research at Chaincode and coauthored Chaincode’s Quantum report with Anthony Milton and also runs PQ-Bitcoin with him.
Hunter Beast, Dec 2025 (Source)
Industry roadmaps—led by companies including IBM, Google, Microsoft, Amazon, and Intel—suggest that quantum computers may be able to decrypt ECDSA cryptography used for Bitcoin’s public/private key encryption in as little as 2-5 years.
Hunter is the lead researcher behind BIP360, the only named BIP that aims to facilitate a quantum transition.
The following influential figures in Bitcoin have expressed no recent views on quantum risk:
Satoshi (last discussed in 2010)
Gavin Andresen (last discussed in 2010)
Hal Finney
Mara Van der Laan (last discussed in 2015)
Marco Falke
Michael Ford (fanquake)
Hennadii Stepanov (hebasto)
Ryan Yanofsky (ryanofsky)
TheCharlatan
Alex Morcos
Ava Chow (last discussed in 2019)
Suhas Daftuar
Neha Narula
Samuel Dobson (meshcollider)
Rusty Russell
Gleb Naumenko
Cory Fields (cfields)
So, what do Bitcoin developers think about quantum risk overall?
Based on my initial table of Bitcoin developers ranked (roughly) by influence, and the quotes I have assembled, we can now determine how much Bitcoin developers care about quantum risk, weighted by their influence.
Unfortunately the top tier, most important devs who determine whether updates are made or not are virtually all in agreement that there is no imminent threat, with Jonas Nick being the sole exception. Pieter Wuille, the literal number one most important dev, has discussed quantum on many occasions but does not think there is a present risk.
In the moderate influence camp, you have an array of different views. You have some quantum-focused researchers like Hunter Beast, Jameson Lopp, Clara Shikhelman, Anthony Milton, Ethan Heilman, Mikhail Kudinov, Augustin Cruz, Laolu, and Tim Ruffing.
On the other hand, you have powerful Core Maintainers who are silent on the threat, or well-known developers like LukeDash, Greg Sanders, Jonas Shnelli, or Tadge who downplay the risk.
Though the work being carried out by researchers like Hunter Beast, Milton, Jonas Nick, and Lopp is essential, it isn’t getting traction among the most elite gatekeeping developers. Don’t believe me? Just look at the reaction on the mailing list to Hunter’s announcement of a major update to BIP360. One reply. A roadmap Hunter laid out was also met with polite replies but no action. Until the most influential devs sign on to one of these proposals, nothing will happen.
Summing up
If you’ve read this far, it should be pretty obvious to you. Among the developers who actually matter for protocol changes, quantum is viewed as theoretical, distant, or speculative, not as a live engineering problem. Peter Todd, Adam Back, and Luke Dash explicitly deny feasibility or relevance. Pieter Wuille, Gloria Zhao, and Adam Back frame quantum as a 30-50 year concern at best. Van der Laan, Poelstra, Maxwell, Towns, Morcos, Falke, and others have either never commented or refuse to engage publicly. Only Jonas Nick has expressed concern in the most important group.
Serious concern does exist below the power line. Genuinely great researchers like Heilman, Shikhelman, and Milton are working on this, but they aren’t influential with Core. Lopp is making intelligent noise about it too, which I genuinely appreciate. Hunter Beast and his team are the most active in terms of putting serious effort into a named BIP to solve one aspect of the problem (Taproot signatures’ quantum vulnerability), but BIP360 has been met with total apathy from the tastemakers so far.
Don’t let Adam Back or Matt Corallo gaslight you. There is a pathological lack of concern among the most influential Bitcoin developers. There are a handful of bright spots, but the quantum transition is clearly not a major priority for Core and the major organizations that sponsor development.
Update: Made revisions. Thanks to those who gave feedback.
Yes, you are free to quibble with the precise ordering of my list, but it’s undeniable that a group of unelected developers wielding soft power control what updates are considered and which are not.
Amazing research, thank you for sharing it. Hopefully this piece gets the attention it deserves (from the devs mentioned especially). Quantum risk is absolutely affecting the Bitcoin price right now (people are selling due to the perceived risk), and ultimately that impacts Bitcoin's mission.
Thanks for having the courage to write and publish this piece and taking it largely upon yourself to push for the necessary changes ahead of time. Many, many Bitcoiners appreciate it.