But I guess this means that all Bitcoin transactions have half the entropy we think they do?

Well, no, because "we" think it has half the entropy their length implies. This is widely known, and the length was selected with that information in mind.

All security assumptions on bitcoin rely on 128bit entropy (256 bits in a private key divided by 2)

Is that true for all of the future? I suppose it's only a matter of time before Satoshi's and all the lost wallets will be broken?

Even if it's 70 years from now before we have the compute to do that, the wallets will be worth so much by then that whoever does that will end up with a level of money that is high enough to menace and threaten entire countries if they are malicious.

Why doesn't Bitcoin require keys to get longer over time? Require 256 bit now but require 65536 bit in 20 years to make any transaction?

I think you underestimate how big the number of 2^128 ECDSA operations are. It is 20 orders of magnitude bigger than the puzzle that was just solved (that took 2 years). There is no way we scale our compute that much in 70 years unless we start building Dyson spheres.

To answer your question that change in bitcoin can happen at any point in time with a protocol update. It would probably won’t even require a hard fork, a soft fork would suffice.

The bottleneck is energy you can’t scale human energy consumption by 20 orders of magnitude (not in 70 years anyway). There is just not enough of it.

How would you enforce this to cold wallets? The owner would still have to prove their ownership with the old key.

Effectively, yes.

How is most of the let known of it's a puzzle? Why would people make their progress public?

Because this is how the puzzle works. Most of the key bytes are zero. Only the last 66 had to be guessed. And their solution was made public by doing the payment.

mrb describes it better: https://news.ycombinator.com/item?id=41547443