Quantum computing threat to Bitcoin may come sooner than expected: report
A new quantum computer report has warned that the cryptocurrency industry may run out of time to prepare for cryptographic attacks that could end up threatening more than $2 trillion of digital assets.
Summary
- Quantus warned that the progress of quantum computing is much faster than most of the post-quantum planning of the crypto industry.
- The report said that millions of lost Bitcoins could be uncovered because inaccessible wallets cannot move to quantum-proof addresses.
- The researchers behind the report say that recent advances from Google and other quantum companies have reduced the limited resources needed to break Bitcoin’s cryptography.
According to the “State of Quantum” from Quantus, shared with crypto.news, recent breakthroughs in quantum hardware and bug fixes have dampened expectations of when cryptographically quantum computers might emerge.
The report argued that the threat is no longer theoretical because the mathematical method for breaking elliptic curve cryptography, the system that secures Bitcoin and most blockchains, has been understood for decades.
The researchers behind this report point to a series of developments from Google, IBM, and Quantinuum between 2024 and 2026 that they say will change the way experts view the timeline.
Among the most important was the March 2026 Google Quantum AI paper, which estimated that Shor’s algorithm could break the secp256k1 elliptic curve used by Bitcoin with less than 500,000 physical qubits under certain hardware assumptions.
While the report acknowledged that there is no existing machine that can currently break Bitcoin’s encryption, it asserted that the estimated resource requirements have decreased significantly in the short term.
Quantus said three research papers released over the course of a year reduce the amount of resources needed to attack elliptic curve cryptography by almost an order of magnitude.
Quantum timelines and crypto exposure are colliding
At the same time, the report asserted that cryptocurrencies face a problem that traditional internet companies do not. Unlike centralized utilities that can silently update encryption standards through software patches, blockchains permanently expose public keys to public ledgers, leaving millions of addresses visible to future attacks.
The report described this as a “harvest now, hack later” risk, where attackers can collect blockchain data today and wait for quantum systems powerful enough to emerge later.
Another issue highlighted in the report involves missing Bitcoin wallets. Quantus estimates that between 2.3 and 3.7 million Bitcoins are probably inaccessible because owners have lost their keys, including coins believed to belong to Bitcoin creator Satoshi Nakamoto.
Since those wallets can’t move to addresses that can’t withstand large amounts, the report warned that they could become permanent targets if a quantum attack becomes effective.
“The only viable solution is to set a hard deadline for account holders to move their tokens to quantum safe accounts, after which all tokens stored in vulnerable accounts will be frozen forever,” said Auryn Macmillan, founder of the Gnosis Guild, in comments included in the report.
Elsewhere, the report said much of the tech industry has begun preparing for post-quantum cryptography. NIST has finalized post-quantum encryption standards, including ML-DSA, ML-KEM, and SLH-DSA in August 2024, while companies such as Google, Signal, Apple, and Cloudflare have already begun shipping post-quantum defenses aimed at migration beyond 2029 and 2030.
The Bitcoin migration debate is gaining urgency
Meanwhile, the report said the crypto industry remains divided on how to handle migration. Bitcoin’s transition was described as extremely difficult due to communication with governance, raising concerns, and the challenge of changing existing signature systems without introducing new risks.
As previously reported by crypto.news, Dan Boneh, a Stanford cryptographer and author of the March 2026 Google Quantum AI paper, recently warned that Bitcoin’s rush to post-quantum migration could pose greater risks than the current threat itself.
In a May interview highlighted by Isabel Foxen Duke, Boneh warned that “the rapid evolution of quantum transmission[…]it is more likely to cause a catastrophic bug than to be attacked by a quantum computer.”
Boneh however argued that preparation cannot be ignored. According to the interview, he supported a gradual move to post-quantum signatures and hybrid cryptographic systems instead of a sudden change to Bitcoin’s elliptic curve architecture.
Hardware limitations also remain a concern for wallet providers trying to support large-scale post-quantum cryptographic schemes. Aaron Chen, Keystone’s CTO, said in a report that algorithms like ML-DSA-87 put a lot of strain on hardware wallets due to memory and computing issues.
“In a hardware wallet, the device is usually MCU-based, which means its hardware resources are inherently limited,” Chen said in the report, adding that preserving user information while supporting post-quantum standards presents “additional challenges for hardware wallet development.”
Elsewhere in the report, Matt Swayne, chief content officer at Resonance, said the crypto industry may be underestimating how fast technology is advancing.
“We often hear about quantum hype, but we also have to be aware that the quantum industry is underdeveloped,” Swayne said.
Quantus concluded that the delay in migration could carry financial and political consequences once quantum energy becomes operational.
According to the report, early preparation creates the most operational disruptions and large transaction sizes, while preparing for late risk fund losses, institutional panic, and regulatory intervention after a quantum attack.
