Coinbase said that it has set up an independent advisory board focused on the security risks that advancing quantum computing could pose to blockchains and digital assets. The stated goal is to turn a long-range, theoretical threat into practical guidance that exchanges, custodians, and institutional treasuries can actually operationalize.
The board’s mandate is framed around triage and execution rather than alarmism. It will map cryptographic exposure, recommend mitigations for custody and key management, and publish position papers intended to standardize industry preparedness.
Who’s on the board and what they’re tasked to do
Coinbase named a mix of academic and industry specialists spanning quantum information, applied cryptography, and distributed systems. The roster includes Scott Aaronson (University of Texas at Austin), Dan Boneh (Stanford), Justin Drake (Ethereum Foundation), Sreeram Kannan (EigenLayer), Yehuda Lindell (Coinbase), and Dahlia Malkhi (UCSB Foundations of FinTech Research Lab).
The remit breaks into three practical workstreams: a baseline assessment of how quantum risk applies to public-key systems used in networks like Bitcoin and Ethereum, publication of security recommendations for market participants, and response guidance if major quantum breakthroughs emerge. Coinbase said the group is expected to deliver an inaugural position paper in early 2027 aimed at establishing measurable baselines for resilience planning.
Coinbase paired the advisory-board announcement with a post-quantum roadmap combining near-term engineering and longer-horizon research. Near-term work focuses on reducing exposure in scenarios where public keys are revealed or where a single-key compromise could translate directly into asset loss, including updates to Bitcoin address handling and internal key-management practices.
On the research side, Coinbase emphasized post-quantum signatures inside secure multiparty computation (MPC) frameworks. The logic is that distributing signing authority across multiple parties reduces single points of failure and improves operational robustness, even before the industry reaches a full network-level migration. One example cited was exploration of ML-DSA and similar lattice-based signature approaches as candidate post-quantum primitives.
Coinbase CISO Jeff Lunglhofer characterized the posture as deliberately pragmatic. He said the firm is approaching quantum impact in a “non-hype based way,” explicitly framing upgrades as a multi-year effort that requires early planning rather than a last-minute scramble. Board members also highlighted timing uncertainty, noting that estimates for when quantum systems could threaten existing public-key cryptography vary widely.
What this means for institutions
For custodians, trading desks, and compliance teams, the implications are primarily operational. Quantum readiness becomes a standing risk category that needs to live inside operational-risk frameworks, not a one-off technical project. Practical next steps implied by the announcement include incorporating post-quantum options into key-rotation and custody playbooks, tightening governance documentation around cryptographic decisions, and aligning vendor due diligence to the emerging baseline the board intends to publish.
The early-2027 position paper is positioned as the key deliverable that will translate this effort into concrete metrics, which could influence vendor selection, remediation budgeting, and the internal reporting posture expected of regulated entities.
