So maybe altogether 2-3 mil. is accurate.
It's closer to 4 million vulnerable coins, according to this study:
https://www2.deloitte.com/nl/nl/pages/innovatie/artikelen/quantum-computers-and-the-bitcoin-blockchain.htmlIt was done around 2 years ago, but you can see from the graph halfway down the page that the number has fluctuated around the 4 million mark for ~8 years, so I suspect it is still around the same. P2PK outputs are essentially constant and unchanging, while reused P2PKH addresses have slowly fallen as reused P2WPKH addresses have slowly increased. And of course we can now add in P2TR outputs as well.
4 million
currently vulnerable but people would migrate.
Not all 4 million from the study are coins with lost private keys.
If it is e.g. 2 million coins being stolen in small chunks for 10 years, the effect on price would not be so significant.
What do you think?