The quantum computing threat to Bitcoin, how real is it and on what timeline should holders care

[RomoneyWalters]

Q: Can a quantum computer steal my Bitcoin?

A: Not today. Not this year. Probably not this decade, though the timeline has been compressing faster than expected. The threat is specific: Bitcoin private keys are protected by elliptic curve cryptography, which Shor's algorithm running on a sufficiently large quantum computer could break. Google published research in March 2026 showing elliptic curve attacks might be possible with under 500,000 physical qubits. A Caltech and Berkeley paper estimated 26,000 neutral atom qubits could crack a Bitcoin key in a few days.

Q: So what should a holder actually do?

A: Watch for protocol upgrade proposals. Bitcoin developers are aware of the threat and post quantum signature schemes exist. The challenge is that any upgrade requires network consensus which is slow by design. The window to act is not tomorrow but it is not 2050 either. The honest estimate from most researchers is 7 to 15 years before a capable machine exists

[Velvet Connor]

The 26,000 neutral atom qubit figure from the Caltech paper is the number that should be on every Bitcoin holder's radar. That is within the range of what labs are actively building toward

[TheLegendJohn32]

Context matters though. 26,000 high quality fault tolerant qubits is not the same as 26,000 of the noisy qubits that exist today. The gap between physical and logical qubits is enormous

[Dylan]

True but that gap is closing faster than the previous consensus assumed. The ETH Zurich neutral atom work this month is part of a pattern

[Hollow Tiger]

The sleeping wallets are the more immediate concern. Any address that has been used to send Bitcoin has exposed its public key on chain. Old school wallets from 2010 and 2011 are particularly exposed

[Myles]

New wallets that have never signed a transaction have not exposed their public key. The public key is only revealed when you spend. P2PKH addresses that have never sent are safer in the quantum threat model

[Ryan65]

This is the detail most people discussing quantum Bitcoin risk do not know. Address reuse is the vulnerability, not just holding

[WildManSteve40]

Bitcoin developers have been discussing SNARK based post quantum signatures and lattice based schemes for years. The proposal space exists, the political will to fork is the harder question

[Hannah56]

Getting Bitcoin to upgrade its signature scheme would be one of the most contentious governance events in the network's history. The technical path exists. The social path is harder

[TheRizz]

Satoshi's coins are the elephant in the room. Several million BTC in wallets from the earliest days that have never moved and have exposed public keys

[BackRowBob]

Not sure I am fully with you on that one. Good shout.

Ha, fair enough