Quantum Computing and Crypto: What You Need to Know

Key Takeaways

• Breaking Bitcoin's encryption now requires an estimated 500,000 qubits, down from 9 million previously
• Around 6.5 million BTC sit in addresses already exposed to a future quantum attack
• The real risk is wallet encryption, not the Bitcoin network itself
• Post-quantum cryptography already exists and is being standardised globally
• Bitcoin's decentralised structure makes upgrading far harder than for a bank or government

What Is Quantum Computing?

Regular computers process everything as ones and zeroes. Every transaction confirmation, every password check, every calculation runs through that same binary logic. Quantum computers work differently. Instead of checking one answer at a time, they can explore enormous numbers of possibilities simultaneously for certain types of mathematical problems.

That distinction matters because the encryption protecting Bitcoin and almost every other cryptocurrency relies on a mathematical problem so complex that a classical computer would need longer than the universe has existed to solve it. A mathematician named Peter Shor published an algorithm in 1994 that can efficiently solve this exact type of problem, but it requires a quantum computer to run. The algorithm is proven. The hardware capable of running it at the required scale does not exist yet.

Quantum computing is also extraordinarily expensive and difficult to access. Building and running quantum hardware at any serious scale requires specialised facilities and hundreds of millions of dollars. This is not consumer technology.

BM Quantum computing lab (source)

The Encryption Risk Is Real, but the Timeline Is Debated

Recent research shifted the goalposts considerably on what it would take to crack Bitcoin's encryption. The latest estimates put the number at around 500,000 qubits, the unit of computing power required, to break it. The previous best estimate was around nine to ten million qubits. That roughly 20-fold reduction came from smarter algorithms rather than better hardware.

Google's quantum chip currently operates at around 105 qubits, so the gap between where hardware sits today and what an attack would require remains enormous. Most analysts put a credible wallet-level threat at three to five years away at the earliest, with some researchers suggesting that 10 to 20 years is more realistic.

Which Wallets Are Actually Exposed

Not all Bitcoin addresses face the same risk. The vulnerability stems from whether a wallet's public key has ever been visible on the blockchain, because quantum attacks reverse-engineer a public key to determine the private key that controls the funds.

When you add up all the Bitcoin in addresses whose public keys are already visible onchain, the estimate reaches roughly 6.5 million BTC. That includes coins from Bitcoin's earliest days and around 1.1 million BTC in addresses linked to Satoshi Nakamoto. A sufficiently powerful quantum computer could target these with no time pressure, working on them at any pace. However, owners of these wallets could also simply move the BTC to a new wallet address where the public key had not been exposed.

Addresses that have only ever received funds and never sent a transaction are generally not vulnerable. The public key has never been exposed, so there is nothing to work backward from. Seed phrases, the twelve or twenty-four word backups used to recover wallets, are also not vulnerable. The mathematics a quantum computer is good at attacking is a completely different type of problem from brute-forcing a seed phrase.

What Is Being Done

The cryptography community has been working on post-quantum defenses for years. Post-quantum cryptography (PQC) refers to encryption methods that rely on entirely different mathematics, problems that no quantum algorithm has been shown to break efficiently. The National Institute of Standards and Technology (NIST) in the United States has accelerated its timeline for full migration to these new standards, now targeting 2029 to 2030, and the US government has mandated that federal systems phase out ECDSA by 2035.

For Bitcoin specifically, there is a proposal called BIP-360 that would introduce a new transaction format, removing the public key exposure problem for new wallets. A working version has already been demonstrated on a Bitcoin test network. The defense is real and buildable, not just theoretical.

The governance challenge is the harder problem. For a regular company, such as a bank, upgrading its encryption requires a single decision from a single leadership team. Bitcoin has no chief technology officer, no board, and no central authority. Changes require broad agreement among developers, node operators, miners, exchanges, and everyday users. Even after a quantum-resistant upgrade ships, every holder with funds in an exposed address would need to move those funds manually to benefit from it. Coins that do not move remain exposed regardless of what the network does.

Opportunities and Risks

The clearest opportunity here is time. The hardware gap between current quantum machines and what an attack would actually require is still large, and the mathematical defenses already exist. Developers are building them, governments are standardising them, and the broader cryptography industry is moving in the right direction.

New wallet solutions are already emerging that incorporate PQC methods. As these become widely available, the practical risk for active users who move funds to updated address types drops considerably.

The risks are real but need to be kept in proportion. The most exposed coins are largely dormant, sitting in early address types with visible public keys. If a sufficiently powerful quantum computer ever appeared, those coins could be targeted. The sudden movement of Satoshi-era wallets, whether from a quantum attack or a forced network migration, would create market uncertainty and require the community to reach consensus on how to respond.

The broader coordination challenge is harder for Bitcoin than for any centralised financial system. That is the nature of decentralised governance, not a flaw unique to Bitcoin. It does mean the preparation needs to start well before the hardware threat becomes credible.

Summary

No cryptocurrency has been broken by a quantum computer. The hardware gap remains large, the post-quantum defenses already exist, and governments are standardising them now. The two things worth remembering from everything above are that not all wallets are equally exposed, and Bitcoin's upgrade process takes considerably longer than a government or bank's would. Active users who follow modern wallet practices and avoid reusing addresses are in a much better position than the headline numbers suggest.