Strategy launched a structured security program to anticipate the risks posed by advances in quantum computing. Specifically, it will be designed to protect its Bitcoin holdings, which amount to 713,000 BTC.
Strategy’s initiative was presented as more than just a technical exercise: it was framed as a fiscal and custodial imperative. Michael Saylor, the company’s CEO, defined it as a “great responsibility as a Bitcoin owner,” describing the approach as thoughtful and responsible, and emphasizing the need to act at the right time, without being overly proactive or reacting too late.
From this perspective, the program positions the firm not only as an end user, but also as a funder and facilitator of research, standards, and a potential coordinated migration. The scale of its holdings makes the company a player with real capacity to influence the technical and operational direction of the network, especially in the face of emerging risks such as quantum computing.
Program design and Strategy’s immediate future
The adopted framework is structured in four phases, ranging from immediate threat assessment to ongoing monitoring after migration. The first phase is already underway and focuses on creating a dedicated quantum threat intelligence unit. Its objective is to closely monitor technological advancements and map the most vulnerable cryptographic assets, particularly certain reused ECDSA-based addresses.
The rationale behind this initial stage is pragmatic. Identifying the highest-risk address types early allows for prioritizing migration and reducing concentrated exposures before the problem becomes critical. In other words, risk inventory and segmentation become key proactive management tools.
The second phase targets the short and medium term and focuses on selectively funding research and standardization in post-quantum cryptography. The plan includes supporting the development and adaptation of algorithms aligned with recognized standards, participating in testing environments, and promoting gradual protocol changes that can be integrated without abrupt disruptions to consensus.
At this point, the company acknowledges that the process will not be without its challenges. Testing new implementations can introduce operational noise, affect performance assumptions, and require software adjustments by custodians, wallets, and platforms. Therefore, the emphasis is on phased adoption paths that are compatible with existing governance.
The third phase involves migration and gradual deployment, with an estimated timeframe between 2026 and 2028. The firm plans to move its own holdings to quantum-resistant addresses as a practical demonstration, while also contributing code and funding educational initiatives to facilitate broader adoption.
Finally, the fourth phase establishes an ongoing monitoring framework. The idea is to maintain continuous rapid response capabilities, technical updates, and community education, assuming that quantum risk is not a one-off event, but a structural variable that will evolve over time.
