For years, warnings that quantum computer systems may “break Bitcoin” appeared in headlines and on social media, however many dismissed them as alarmism. Sensible quantum machines able to such assaults merely didn’t exist and the dangers appeared far off.
However not too long ago, the tone has shifted. In mid-January, Christopher Wooden, international head of fairness technique at multi-billion funding financial institution Jefferies reportedly eliminated a ten% Bitcoin allocation from his broadly adopted “Greed & Worry” mannequin portfolio — its complete $BTC allocation — citing considerations that lengthy‑time period advances in quantum computing may finally undermine Bitcoin’s safety.
Simply days after that, U.S. crypto trade Coinbase shaped an advisory board together with crypto and quantum consultants to evaluate dangers and description migration paths to post-quantum-secure signatures. However how quick and actual is the quantum computing risk to Bitcoin?
How the Bitcoin Blockchain Works
Bitcoin’s blockchain is absolutely public, with all transactions seen, although cryptographic signatures and hashes safe possession and integrity. Quantum computer systems can’t entry hidden knowledge as a result of there isn’t any. However the potential threat nonetheless lies in cryptographic proofs, additionally referred to as signatures, which, for hash-based addresses, authorize the spending of cash as soon as a public secret’s revealed on-chain.
And right here’s why that issues. Most Bitcoin addresses aren’t the general public key itself, they’re cryptographic hashes of it. In some circumstances, the precise public key solely reveals up on-chain when the cash are spent, which is when they are often uncovered to threat. That’s why some cash are doubtlessly uncovered as soon as spent, whereas others — although not all — stay unexposed to signature assaults till their public keys seem on-chain.
‘In all probability Not This Decade’
As Cais Manai, CPO and co-founder of TEN Protocol, a Layer 2 designed for privacy-preserving good contracts, informed The Defiant, for many of Bitcoin’s life, its cryptography was handled as successfully untouchable.
However quantum computing is the primary actual know-how to problem Bitcoin’s thesis as “digital gold,” Manai mentioned, including although that the danger continues to be distant:
“Not this cycle. In all probability not this decade. However properly inside the funding horizon of anybody calling Bitcoin ‘digital gold.’”
In idea, a quantum pc may derive a non-public key from a revealed public key and forge a signature to spend cash. Cash whose keys have by no means been revealed would stay protected in that situation.
For some sorts of Bitcoin addresses, as soon as cash are spent even as soon as, the general public key related to that tackle is completely revealed. Totally different tackle sorts decide when keys seem on-chain. For older P2PK addresses, public keys are uncovered on-chain instantly, whereas P2PKH and P2WPKH addresses (akin to 1BoatS…or bc1q… addresses) reveal them solely when cash are spent.
Taproot and multisig variations add additional nuance. For Taproot addresses, the general public secret’s embedded straight within the output, with out hashing, which means it’s publicly seen instantly.
Is Bitcoin Quantum Resistant?
Estimates of the dangers Bitcoin faces fluctuate. Chaincode Labs, a analysis and growth group for Bitcoin, estimated in its Might 2025 analysis report that “roughly 20-50% of all Bitcoin in circulation (4-10 million $BTC), value lots of of billions of {dollars}, is susceptible to being stolen by advantage of personal keys being derived from public keys.”
Manai informed The Defiant that these cash turn out to be “low-hanging fruit” as soon as a cryptographically related quantum pc exists.
“Mining acceleration through quantum is usually a sideshow. Personal-key theft is the true existential vector,” Manai mentioned.
That implies that roughly half of Bitcoin in circulation is protected for now. Wallets that by no means reused addresses or haven’t revealed keys stay far much less susceptible and customers may also transfer cash to addresses that reveal keys solely when spent to guard their funds.
Timing Is Key
However the true problem lies in timing for governance coordination. Though post-quantum signature schemes exist already, upgrading a community as giant as Bitcoin requires coordination around the globe. Manai defined:
“Nobody severe thinks quantum breaks Bitcoin tomorrow. The actual threat isn’t timing certainty. It’s timing asymmetry. Bitcoin upgrades take 5-10 years to coordinate globally. Quantum {hardware} progress is nonlinear. If quantum arrives early, injury occurs first, patches come later.”
Are Different Blockchains at Threat?
Different networks are additionally planning for a post-quantum future. For example, simply this previous week, Ethereum Layer 2 protocol Optimism outlined a decade-long roadmap to replace customers’ wallets in order that they might deal with quantum-safe signatures.
“The excellent news: the OP Stack is already architected to swap in new signature schemes through hardforks. As soon as the fitting put up‑quantum (PQ) scheme is chosen, upgrading is a coordination downside, not a redesign,” the put up reads.
Ethereum co-founder Vitalik Buterin, in the meantime, has additionally not too long ago referred to as out the necessity for quantum-resistant cryptography for Ethereum mainnet.
