In brief
Today’s quantum computers are far too small and unstable to threaten real-world cryptography.
Early Bitcoin wallets with exposed public keys are most at risk in the long term.
Developers are exploring post-quantum signatures and potential migration paths.
Quantum computers can’t break Bitcoin’s cryptography today, but advances from Google and IBM suggest the gap is closing faster than expected.Their progress toward fault-tolerant quantum systems raises the stakes for “Q-Day,” the moment when a sufficiently powerful machine could crack older Bitcoin addresses and expose more than $452 billion in vulnerable wallets.Long seen as a distant threat on the horizon, Q-Day snapped into sharp focus with the publication of a Google whitepaper in March 2026 that suggested quantum computers could break cryptographic systems sooner than expected.Upgrading Bitcoin to a post-quantum state will take years, which means the work has to begin long before the threat arrives. The challenge, experts say, is that no one knows when that will be, and the community has struggled to agree on how best to move forward with a plan.This uncertainty has led to a lingering dread that a quantum computer that can attack Bitcoin may come online before the network is ready.In this article, we will look at the quantum threat to Bitcoin and what needs to change to make the number one blockchain ready.How a quantum attack would workA successful attack would not look dramatic. A quantum-enabled thief would start by scanning the blockchain for any address that has ever revealed a public key. Old wallets, reused addresses, early miner outputs, and many dormant accounts fall into that category.In what is known as a ‘harvest now, decrypt later attack,’ a public key is copied and run through a quantum computer using Shor’s algorithm. Developed in 1994 by mathematician Peter Shor, the algorithm gives a quantum machine the ability to factor large numbers and solve the discrete logarithm problem far more efficiently than any classical computer. Bitcoin’s elliptic-curve signatures rely on the difficulty of those problems. With enough error-corrected qubits, a quantum computer could use Shor’s method to calculate the private key tied to the exposed public key.As Justin Thaler, research partner at Andreessen Horowitz and associate professor at Georgetown University, told Decrypt, once the private key is recovered, the attacker can move the coins.“What a quantum computer could do, and this is what’s relevant to Bitcoin, is forge the digital signatures Bitcoin uses today,” Thaler said. “Someone with a quantum computer could authorize a transaction taking all the Bitcoin out of your accounts, or however you want to think of it, when you did not authorize it. That’s the worry.”The forged signature would look real to the Bitcoin network. Nodes would accept it, miners would include it in a block, and nothing on-chain would mark the transaction as suspicious. If an attacker hit a large group of exposed addresses at once, then billions of dollars could move within minutes. Markets would start reacting before anyone ever confirmed that a quantum attack was happening.As the concern over ‘Q-Day’ began to grow, in January, cryptocurrency exchange Coinbase launched an independent advisory board focused on quantum computing and blockchain security.In March 2026, research papers by Caltech and Google suggested that future quantum computers could break elliptic curve cryptography using fewer qubits and computational steps than previously expected.The papers sparked consternation among the crypto community, with Bitcoin security researcher Justin Drake tweeting that "there's at least a 10% chance that by 2032 a quantum computer recovers a secp256k1 ECDSA private key from an exposed public key" by that date.








