Every few years, the “quantum computers will kill Bitcoin” headlines come back. So let’s put actual numbers on it.

Bitcoin’s wallets are secured by ECDSA (Elliptic Curve Digital Signature Algorithm). To crack it, you’d need to run Shor’s algorithm on a quantum computer powerful enough to reverse-engineer a private key from a public key. That would require approximately 1.9 billion stable logical qubits.

Here’s the problem: Today’s best quantum processors, including IBM’s latest, run on a few thousand noisy physical qubits. For the “noisy” matters, each logical qubit needs 100 to 1,000 physical qubits just for error correction. So we’re roughly 10,000x to 100,000x short of what’s needed. Most cryptography researchers don’t expect a “cryptographically relevant quantum computer” until the 2030s at the earliest, and many think even that timeline is optimistic.

So the panic is overblown. But that doesn’t mean there’s zero risk worth thinking about.

The more realistic near-term threat is called “harvest now, decrypt later”. Adversaries collecting encrypted data today with the plan to decrypt it once quantum hardware catches up. It’s not a Bitcoin-specific attack, it affects all digital encryption, but it’s worth knowing about.

The other thing worth understanding is that not all Bitcoin is equally exposed. Modern Bitcoin addresses only reveal a hash of the public key, not the key itself. But early Bitcoin transactions (pay-to-public-key) embedded the full public key directly on-chain. That includes an estimated 7 million BTC with exposed keys, or roughly $440 billion at current prices, including about 1 million BTC attributed to Satoshi.

Bitcoin’s developer community is already working on post-quantum cryptographic upgrades, and they likely have over a decade of runway to implement them. The threat is real but distant, and it’s an engineering problem, not an existential crisis.

Full breakdown here: https://www.coingecko.com/learn/quantum-computing-bitcoin