I'm afraid the abandoned p2pk addresses are doomed to be compromised sometime in the future. Is that 5 years? 10? 20? Their public keys are exposed, their private keys are likely to be found one day. The problem is that they're abandoned. If came into an agreement to move to a quantum-resistant algorithm, the owners could secure their funds.

However, if the owners have lost their keys, they can't move them. And the community will, hopefully, never agree on transfering money without the permission of their owners. That would be unconstitutional.

Debatable. What if the algorithm is strong enough to compromise a private key while the transaction is still in the mempool?

What most of these articles seem to be missing is the fact that when these addresses do become vulnerable some time in the future, unless a lot of other things are changed in the way people use encryption changes many more things will be vulnerable and most of them are worth a lot more money.

You think some p2pk and reused p2pkh are vulnerable. Try some older NFC RFID cards. How about old web & internet services and so on.

I put stuff like this in the FUD pile and move on. Yes it's going to happen, yes people will loose money, and YES there will be a way to stop it long before it happens and yes some people will not do it. They are the same people who go to https://haveibeenpwned.com/ and find that the one password they use for everything has been compromised and still do not change it.

-Dave

Quantum computers are vastly inferior and super expensive to use devices. Selling QC as a "superior to classic computers" is a scam. There is only one quantum superiority - generating noise.

The biggest number factored by QC so far has only 19 bits. It's almost like one can find the factors faster by hand. Something more, it was done by "adiabatic quantum computer", which is useless for ECDLP. There is a fishy result of factoring 41 bit number, but it consists of mostly zeroes, and in fact is equivalent to factoring a 9 bit number.

Companies are making devices with more and more magical qbits, but the reality strikes back:
Yes, this is 5 bits. No improvement for 9 years. No better result from 53 qbit, or 127 qbit quantum computers.

This is what will happen one day: someone will discover an ECDLP algorithm and keep it to himself, nobody will know. In the event of NSA or the likes finding out such algorithm, they would claim it's done by using quantum computer, in order to lead astray everybody and keep the advantage.

These are only assumptions.

The threat of quantum computing is overstated at present. Not all algorithms are susceptible for QC enabled cracking. You aren't going to easily replace your 5 GHz processors and algorithms tuned over decades with something that has been shown with a few qubits in a lab. It will be years if not several decades or longer before this becomes an issue.

Changing the consensus mechanisms of bitcoin prematurely would destroy its long term value prospects. To the point, if the algorithms are changed so rapidly that people can't store wealth for ~10 years, then it won't become the global settlement layer that it should be.

Finally, those vulnerable bitcoin are high prized targets that serve as a warning for when and if major QC enabled cracking became prevalent. Of course, those addresses are a small drop in the global bucket for the havoc that would be caused if someone had such capabilities without warning, but that makes them worthwhile to leave untouched. (Although if those addresses moved it could be misconstrued as QC becoming available..)

I see no point to rush this, as there could be worse flaws in future algorithms that we might prematurely assume would be safe. These addresses have done well enough so far, so they might be safe enough for a long while yet.

Why not? It is a trivial thing to do.

Of course. But it will be years between a quantum computer which can reverse elliptic curve multiplication, and a quantum computer which can elliptic curve multiplication in the 10 minutes it takes for a transaction to confirm.

Not to mention that the post QC algorithms we have access to at the moment will undergo significant improvements and developments and have their own weaknesses discovered in the next 10-20 years. If we forked now, we might end up with a clunky solution with huge signatures and yet find we still need to fork again in the future.