Is Quantum Computing a Real Threat to Bitcoin?

Quantum computing poses a credible but manageable threat to Bitcoin, describing it as "a medium to long term system upgrade cycle rather than a risk," Wall Street brokerage Bernstein has told investors. The assessment, led by analyst Gautam Chhugani, comes as recent advances in quantum hardware have compressed timelines that the crypto industry once assumed were safely distant.

The report does not dismiss the concern. It simply argues the industry has enough time to respond, roughly three to five years, before quantum systems reach the capability needed to threaten Bitcoin's cryptographic foundations.

What Makes Quantum Computing a Threat to Bitcoin?

To understand the risk, it helps to know how quantum computers differ from the machines running today's systems.

Classical computers process information in binary bits, either 0 or 1. Quantum computers use qubits, which can exist as 0 and 1 simultaneously through a property called superposition. Combined with entanglement, another quantum property, this allows quantum systems to process vast numbers of possibilities at once and solve certain mathematical problems far faster than any classical machine.

Bitcoin relies on two distinct cryptographic systems:

• Elliptic curve cryptography (ECC): Used to secure wallet transactions and digital signatures
• SHA-256 hashing: Used to power the Bitcoin mining process

Quantum computers running Shor's algorithm could theoretically break ECC by solving the elliptic curve discrete logarithm problem (ECDLP). A March 2026 paper from Google Quantum AI estimated that with just under 500,000 qubits, an attacker could crack ECDLP-256, Bitcoin's signature security foundation, in approximately nine to twelve minutes.

Bitcoin mining, however, is a different matter. Bernstein stated that SHA-256 encryption "is quantum safe for several millions of years even after recent improvements, including Grover's algorithm."

Where Is Bitcoin Most Vulnerable Right Now?

The Bernstein report identified a specific, concentrated area of exposure rather than a network-wide threat.

Approximately 1.7 million BTC, worth around $116.6 billion, sits in legacy wallets from the era when Satoshi Nakamoto was still active. These older address formats expose public keys directly on the blockchain, making them potential targets for what security researchers call a "harvest now, decrypt later" attack. That means an adversary could collect encrypted data today and decrypt it once quantum hardware matures.

Research from Chaincode Labs estimates that between 20% and 50% of all Bitcoin could be vulnerable under a future quantum attack scenario, representing roughly $400 billion to $900 billion at current valuations.

Newer wallet formats and practices significantly reduce this exposure. Bernstein noted that for more recent protocols and crypto-linked real-world assets, the threat is limited to specific unsafe practices that can be mitigated through upgrades.

What Are Bitcoin Developers Doing About It?

The industry is not standing still. Bitcoin contributors are already advancing BIP360, a proposal designed to address signature vulnerabilities before they become exploitable. The Ethereum Foundation has published a four-part roadmap to upgrade its $260 billion network to post-quantum standards by 2029.

Google itself committed to migrating most of its authentication and digital signature systems to post-quantum cryptography by 2029, citing faster-than-expected progress in quantum hardware and error correction.

Blockstream CEO Adam Back, a Bitcoin pioneer recently identified by The New York Times as a likely candidate behind the Satoshi Nakamoto identity, offered a measured view. He told Bloomberg that current quantum systems remain "extremely basic," noting that the largest calculation a quantum computer has performed is factoring the number 21 into seven times three. He said the prudent response is to give Bitcoin users sufficient time to migrate keys to a quantum-ready format, with custodians and exchanges leading the transition.

Bernstein expects wallet standard upgrades, reduced address reuse, and key rotation to form the core of that migration process.

Conclusion

Quantum computing is a real and accelerating technical challenge for Bitcoin, but one the industry has the time and tools to address. The concentrated risk in legacy wallets is measurable and known. Mining remains unaffected. 

Developers are already working on quantum-resistant proposals. The window for an orderly upgrade exists, but it will not stay open indefinitely. The question is whether the industry moves fast enough while it still has the advantage of time.

Resources

1. Report by DL News: Quantum threat to Bitcoin ‘neither existential, nor novel,’ Bernstein says

2. Report by The New York Times: My Quest to Solve Bitcoin’s Great Mystery

3. Adam Back’s interview with Bloomberg: Quantum Risk Not Imminent for Crypto: Adam Back