A newly released technical report highlights an impending threat: quantum computers could potentially compromise the cryptographic security of trillions of dollars in digital assets within four to seven years. This poses a significant risk, as the blockchain industry appears largely unprepared for such a transition.
Published by Project Eleven, a firm specializing in quantum security, the report suggests that a ‘cryptographically relevant quantum computer’—capable of breaking elliptic curve digital signatures used by Bitcoin, Ethereum, and other major blockchains—is likely to exist by 2033 or possibly as early as 2030.
The authors emphasize the urgency of migrating to quantum-resistant cryptography. “Migration is no longer optional but imperative for blockchain systems that aim to remain trusted and secure,” they state in the report.
At the heart of this threat lies Shor’s algorithm, a technique developed in 1994 capable of solving complex mathematical problems underpinning most modern public-key cryptography much faster than classical computers. Recent advances have significantly reduced the hardware requirements for executing such an attack.
A study from Google researchers suggests that breaking Bitcoin’s elliptic curve cryptography could be feasible with around 1,200 logical qubits and less than 90 minutes on superconducting hardware. Google predicts ‘Q-Day’, or when quantum computers will be potent enough to break modern cryptography, by 2032. Project Eleven’s findings suggest this timeline might be accelerated by up to two years.
Approximately 6.9 million Bitcoin—about a third of the total possible supply—are in addresses whose public keys are already exposed on-chain, making them vulnerable to quantum attacks. On Ethereum, over 65% of all ETH is similarly at risk.
Blockchains face unique vulnerabilities due to their transparent ledgers and bearer-instrument design, which lack mechanisms for fraud detection or transaction reversal. Once a private key is recovered by a quantum attacker and a wallet drained, the loss is irreversible.
The challenge of migration is intensified by blockchain governance’s typically slow pace. For example, Bitcoin’s SegWit upgrade took over two years from proposal to activation and resulted in a contentious chain split. Ethereum’s shift to proof-of-stake required around six years of development. A quantum-resistant transition would affect the most fundamental cryptographic layer.
Even under optimistic conditions, migrating all Bitcoin UTXOs (unspent transaction outputs) to quantum-resistant addresses—if 100% block space were dedicated—could take about 76 days. Realistically, as migration competes with regular transactions, this period could extend significantly.
Conversely, the broader technology sector is already advancing towards post-quantum encryption. As of December 2025, over half of all human web traffic utilized post-quantum encryption, per Cloudflare data. OpenSSH now defaults to post-quantum key exchange, and Apple has incorporated hybrid post-quantum support in iOS 26. The National Security Agency targets a complete migration by 2030–2033 for government systems.
In contrast, the digital asset industry is just beginning to address these challenges. Bitcoin developers are considering numerous proposals, while Ethereum Foundation has formed a team dedicated to designing and coordinating its post-quantum security strategy. However, executing these plans may still take years once there’s consensus on an approach.
“The internet has already moved,” the report concludes. “The digital asset industry—which arguably faces greater risks as blockchains directly safeguard bearer value using cryptographic methods vulnerable to quantum threats—has barely started.”
To address this looming threat, the authors recommend that blockchain networks begin immediate cryptographic inventories, implement post-quantum key exchange in off-chain infrastructure without delay, and initiate complex governance and design work for on-chain signature upgrades. They caution that waiting until the threat becomes urgent may leave insufficient time to respond.