Currently, quantum computers cannot compromise Bitcoin’s cryptography; however, advancements in quantum technology suggest this capability may be closer than anticipated.
Advancements towards fault-tolerant quantum systems heighten the urgency around ‘Q-Day’—the point at which a sufficiently powerful machine could breach older Bitcoin addresses, potentially exposing over $711 billion in vulnerable wallets. Once considered a distant threat, Q-Day gained prominence in March 2026 due to several research papers indicating that quantum computers might break cryptographic systems sooner than expected.
Transitioning Bitcoin to a post-quantum state is anticipated to be a multi-year endeavor, necessitating early action well before the threat materializes. Experts highlight the uncertainty around the timeline for this transition and the challenges in reaching consensus on how to proceed.
This uncertainty has sparked concern that a quantum computer capable of attacking Bitcoin might emerge before the network can defend itself.
A successful quantum attack would likely be subtle. A quantum-equipped thief could scan the blockchain for any address with an exposed public key—such as old wallets, reused addresses, early miner outputs, and many dormant accounts—and use Shor’s algorithm on a quantum computer to factor large numbers and solve the discrete logarithm problem more efficiently than classical computers can. Bitcoin relies on elliptic-curve signatures which depend on these complex problems. With sufficient error-corrected qubits, a quantum machine could utilize Shor’s method to derive the private key associated with an exposed public key.
Justin Thaler, research partner at Andreessen Horowitz and associate professor at Georgetown University, explained to Decrypt that a quantum computer could forge Bitcoin’s digital signatures. “Someone with a quantum computer could authorize transactions from your accounts without your consent,” Thaler noted, highlighting the potential for significant financial loss.
A forged signature would appear legitimate to the Bitcoin network, with nodes accepting it and miners including it in a block. If an attacker targeted numerous exposed addresses simultaneously, billions of dollars might be transferred within minutes before any confirmation of a quantum attack, causing market instability.
In March 2026, research papers from Caltech and Google suggested that future quantum computers could break elliptic curve cryptography with fewer qubits than previously anticipated, sparking concern among crypto experts. Bitcoin security researcher Justin Drake tweeted about the possibility that by 2032, there’s at least a 10% chance of recovering a secp256k1 ECDSA private key from an exposed public key.
Quantum computing began to feel more tangible in 2025 as Bitcoin’s elliptic-curve cryptography, which reveals the public key upon spending from an address, became increasingly vulnerable. Early coins using pay-to-public-key formats have permanently exposed their keys, while later versions kept them hidden until first use. The oldest coins, including roughly 1 million Satoshi-era Bitcoins, are particularly at risk.
Thaler emphasized that protecting these coins requires actively transferring them to post-quantum-secure wallets. The main concern lies with abandoned coins worth about $180 billion, including approximately $100 billion believed to be Satoshi’s, as their owners are no longer active.
Coins tied to lost private keys, many of which have been untouched for over a decade, also present risks as they cannot transition to quantum-resistant wallets.
While direct on-chain freezing is impossible, practical defenses focus on migrating vulnerable funds and adopting post-quantum addresses. Thaler noted that post-quantum encryption schemes are significantly larger and more resource-intensive than current 64-byte signatures, posing challenges for blockchain storage.
Several Bitcoin Improvement Proposals have been suggested to prepare for quantum threats, ranging from light optional protections to comprehensive network migrations. These proposals outline a path towards quantum safety with varying levels of impact and complexity.
A major challenge in implementing quantum resistance is achieving consensus within the Bitcoin community on a unified solution. Thaler pointed out that Bitcoin’s decentralized nature complicates upgrades, as any new signature scheme requires widespread agreement.
“Two primary challenges for Bitcoin are the slow pace of upgrades and the issue of abandoned coins,” Thaler said. “Migration to post-quantum signatures must be active, and owners of old wallets are absent. The community needs to decide whether these coins should be removed from circulation or left vulnerable to quantum-equipped attackers.” This dilemma was highlighted by debates over BIP-361’s mandatory freeze proposal, with notable figures like Adam Back suggesting optional upgrades instead.
Most Bitcoin holders currently need not take immediate action but can mitigate long-term risk by avoiding address reuse and using modern wallet formats. While today’s quantum computers are still far from breaking Bitcoin, varied predictions suggest the threat could emerge within five years or extend into the 2030s, with ongoing investments potentially accelerating this timeline.