> it's not necessary for everyone to agree on what level of security to use, it's a lot more nuanced than that (trivial example: hashed addresses vs not, pre-QC consideration; it was never a trivial question. Remember Nicolas Courtois' scaremongering?). Of course it’s a lot more nuanced, sure, but I hope we agree that if I think a CRQC exists today (obviously it doesn’t, but as an example) then I should obviously sell all my bitcoin - a break in the cryptography that secures the vast, vast majority of Bitcoin doesn’t just impact my coin, but the value of the system overall (economic and otherwise). In the extreme, it’s simply too naive to pretend that a break which allows a substantial majority of coin to be stolen doesn’t impact people who happen to not rely on that crypto. Assuming we agree on that, we’re really just arguing thresholds and relative importance. > And there is no requirement for any specific users to move out of existing coins to be able to say "bitcoin has the functionality required to keep your coins secure". bitcoin has never yet required people to move their coins, don't forget. Sure but to my knowledge it’s also not recently been a material risk that a huge number of coins would simply trivial be stolen. I do not think we can discount how unique this situation is in recent memory. The only other comparable example in Bitcoin’s history i can think of is early 2010/2011. At that point the vast majority of Bitcoin was held in wxBitcoin/bitcoind wallets many of which were online and reachable over the public internet. During that period I often worried that we’d have a 0day in bitcoind which resulted in some malicious party stealing private keys for 50-75% of the total bitcoin supply. My view at the time (and AFAIU this was at least somewhat accepted) was that if this were to happen Bitcoin would simply fail and never recover. Not only would the malicious party’s control of that much coin result in massive loss of trust but a reasonable conclusion would have been that the science of software engineering was simply not ready to build something like a cryptocurrency. As much as Bitcoin has a history of operations now, I think in the extreme a CRQC stealing coin could result in the same outcome. Again, there are a lot of shades of grey here but I hope we agree on the extreme example. Finally, it is worth pointing to the DAO hack here. Obviously at the time bitcoiners ridiculed the ethereum ecosystem over the theft of something like 80% of all eth, but the same market dynamics would apply to bitcoin (again, in an extreme example). Ultimately there was ETC and ETH and the market decisively picked ETH (for many reasons that might not all apply to bitcoin, sure, but the biggest reason imo was simply that 80% of coins were going to be held by a demonstrably-malicious entity). > And to illustrate more concretely, the part you put in quotation marks: that describes me, I think that, but I don't agree with what follows: I don't prefer the fork "with fewer coins sold", I think that's a non sequitur (not that it can't follow, I mean that it doesn't logically follow), *and* I think it's the ethically wrong position, too, *and* I think long term it's a vector of failure for the project in its goals. Sure you might not but the point is about the market, because the only thing that really matters is what the market values. In your replies I haven’t yet seen you contend with my point about relative theft, so curious to get your specific take on it. In the scenario I raised in my previous post, I noted that disabling insecure spend paths would result in *vastly* more bitcoin going to its owners than coins that would be burned. Do you really think that it’s ethically wrong to prevent, say, 70% of Bitcoin from being stolen just to avoid burning, say, 10% of Bitcoin? And more generally do you really think that Bitcoin would survive 80% of total supply being stolen? I suspect I know the answers to these questions which means that we really arguing degrees and likely scenarios, and not really arguing about actual correct decisions.

On the DAO,ETC,ETH and my "bet": excellent point to raise, there. There is no doubt that the opposite side to my argument won. At the time as you'll remember it was just as obvious that it wouldn't have happened in BTC because of the "DNA" of what bitcoin even is, being so tied to uncensorability (let's not forget that it's a bit murky whether anything like "consensus" was actually reached in the ETH community; it might even be possible to characterise it as the equivalent to the new york agreement winning in btc's case; but I'd be willing to cede the opposite is possible, that the DAO coin "reassignment" was a community consensus). The DAO disaster just showed that there was a profound divergence between the communities at a not just technical but philosophical level. So yeah, another project which has a different less pure concept of decentralization might reasonably define cutoff dates, but I don't think BTC should. It's against its nature and purpose. Concretely, the tradeoffs bitcoin's design makes (e.g. no onchain obfuscation; no onchain global state and complex contracting; slow block times; etc) are all in service of that. I know that this is a retelling of history - SN didn't seem to see it quite like that, but somehow designed it like that despite himself, lol.

About extreme scenarios like 80% of btc stolen (- I'm going to ignore the "how do you measure it" part, though I suspect that'll come back to bite us at some point!): i mean there is presumably a failure mode where trust breaks down, but it's not really about a specific number or ratio. It's about whether there's any credibility that going forward, the system will be trustworthy. Anything above 30-40% is presumably disaster-level and the project *might* just kind of fall apart. But I really don't know. I just know that if you violate the core principle of private property you've mostly already lost. Maybe I'm wrong and everyone would love it, but what's the point in bitcoin in that case, I don't see it.