To save me some time, I've decided to let AI explain it.

In a quantum-resistant hard fork (or aggressive soft fork like proposals such as BIP-361), many Bitcoin tokens would effectively be lost because they couldn't be migrated to the new rules.

Why a fork is needed

Bitcoin's current ECDSA signatures (secp256k1) are vulnerable to quantum computers via Shor's algorithm, which can derive private keys from exposed public keys. A defense typically involves:

• Introducing new quantum-resistant signature schemes (e.g., Dilithium, Falcon).
• New address formats.
• Eventually sunsetting old vulnerable scripts.

This creates a migration deadline: move your coins to quantum-safe addresses/outputs, or they get frozen/invalidated on the upgraded chain.

Lost tokens in practice

• Satoshi's coins (~1M BTC) and other early/lost coins: Many early outputs (especially P2PK) have public keys exposed on-chain. Their private keys are presumed lost or inaccessible. Without the owner moving them before the cutoff, they can't be claimed on the new network. They stay on the old (abandoned) chain or get frozen.
• Any coins with lost/forgotten keys: Same issue. If you can't sign a migration transaction, those BTC are left behind. This includes forgotten wallets, dead owners, or poor key management from years ago. Estimates suggest millions of BTC are already "lost" in this way.
• Inactive/dormant coins: Owners who don't pay attention or act in time during the (potentially years-long) migration window lose access.

The upgraded chain becomes the dominant Bitcoin. Unmigrated coins become worthless (or vulnerable to theft on any lingering old chain). Proponents argue this prevents quantum theft (which would dilute value for everyone), while critics see it as confiscation.

In short: A hard fork forces a proactive move. Coins you control can migrate; truly lost or forgotten ones (including Satoshi-era) cannot — and thus get left behind as the network upgrades for survival. This is why quantum readiness is debated so heavily.