The "mind your own coins" framing is solid but folks keep talking about quantum risk in the abstract without putting a number on it. Roughly 4-5 million BTC sit in P2PK outputs where the public key is right there on-chain, bare for anyone to see. That's early mining rewards, Satoshi's coins, the whole first year of the network. Add in reused P2PKH addresses (where the pubkey got exposed on the first spend) and you're looking at maybe 6+ million BTC with exposed keys total. Taproot's exposure is real but it's a drop in the bucket compared to that legacy surface.
What I find interesting is Hal Finney flagged this exact problem on bitcointalk back in 2010. His suggestion was basically "when quantum gets close, migrate to a new address type and let the old ones sunset naturally." Lightcoin's anti-roadmap lands in the same neighborhood 16 years later. Sometimes the first answer is still the right one.
The "mind your own coins" framing is solid but folks keep talking about quantum risk in the abstract without putting a number on it. Roughly 4-5 million BTC sit in P2PK outputs where the public key is right there on-chain, bare for anyone to see. That's early mining rewards, Satoshi's coins, the whole first year of the network. Add in reused P2PKH addresses (where the pubkey got exposed on the first spend) and you're looking at maybe 6+ million BTC with exposed keys total. Taproot's exposure is real but it's a drop in the bucket compared to that legacy surface.
What I find interesting is Hal Finney flagged this exact problem on bitcointalk back in 2010. His suggestion was basically "when quantum gets close, migrate to a new address type and let the old ones sunset naturally." Lightcoin's anti-roadmap lands in the same neighborhood 16 years later. Sometimes the first answer is still the right one.