October 28 marks 10 years of Zcash. A full decade since the first block.
Zcash was born from Bitcoin’s codebase. Same UTXO model, same 21 million cap, same halving schedule. The difference was always about what Bitcoin left out: privacy as a protocol-level guarantee.
Ten years later, there’s a way to bring that guarantee back to Bitcoin holders directly.
Take a snapshot of Bitcoin’s UTXO set at a specific block height. Create a ZSA called zBTC with a hard cap of 21 million. Every BTC holder at the snapshot can claim their exact balance as zBTC on Zcash. Prove you own the private key, receive your tokens. No bridge. No custodian. One-way claim.
Same distribution. Same supply cap. But shielded.
So why would a Bitcoiner care?
About 25% of all Bitcoin sits in quantum-vulnerable addresses. Early P2PK outputs. Reused P2PKH addresses where the public key has already been exposed. That’s roughly 4 million BTC with public keys sitting in the open. When a quantum computer can run Shor’s algorithm at scale, those keys can be derived.
Bitcoin isn’t ignoring this. BIP-360 proposes a quantum-resistant address format and got its BIP number in 2025. But it’s still in draft. No activation timeline. No consensus on approach. A more aggressive proposal would freeze vulnerable addresses entirely, which nobody can agree on.
Zcash’s shielded pool doesn’t expose public keys on-chain. They’re encrypted inside notes. A quantum adversary scanning the blockchain can’t even identify which keys to target. That’s not full quantum resistance, but it’s a real asymmetry. And Quantum Recoverability (ZIP 2005) is laying the groundwork so that if the discrete log problem does get broken, a future protocol upgrade could recover funds.
zBTC would give Bitcoiners something that doesn’t exist today. Private Bitcoin transactions, right now. No chain analysis. No address clustering. And for the long term, a path toward quantum safety that Bitcoin itself hasn’t figured out yet.
Same monetary contract they already believe in. Same keys. No need to buy ZEC or trust anyone new. Just a claim on better infrastructure.
If over time people start treating zBTC as a more secure way to hold Bitcoin’s monetary properties, the value follows organically. Not because anyone was tricked into it. Because the properties speak for themselves.
Now, the elephant in the room. Bitcoin Private. In 2018, Zclassic merged with a BTC snapshot to create BTCP. A Coin Metrics investigation later found 2 million extra coins had been covertly minted at genesis and hidden in shielded addresses. Hundreds of thousands were moved to exchanges.
This would need to be the opposite. No extra minting. Open, verifiable snapshot. The claim mechanism would need to be fully auditable. Commit a UTXO Merkle root at a specific block height. Claimants prove key ownership with a secp256k1 signature. All transparent. All verifiable. Zcash’s history with this cautionary tale means the community knows exactly what to watch for.
ZSAs are finalizing for NU7. Quantum Recoverability is in the pipeline. Zcash turns 10 in October.
This isn’t a spec or a proposal. It’s a thought experiment. Could something like this work? Would Bitcoiners actually want it?
Zcash started as Bitcoin’s codebase with a privacy upgrade. Ten years later, it could return the favor.
What do you think?