thedefiant.io
For years, warnings that quantum computers could “break Bitcoin” appeared in headlines and on social media, but many dismissed them as alarmism. Practical quantum machines capable of such attacks simply didn’t exist and the risks seemed far off.
But recently, the tone has shifted. In mid-January, Christopher Wood, global head of equity strategy at multi-billion investment bank Jefferies reportedly removed a 10% Bitcoin allocation from his widely followed “Greed & Fear” model portfolio — its entire $BTC allocation — citing concerns that long‑term advances in quantum computing could eventually undermine Bitcoin’s security.
Just days after that, U.S. crypto exchange Coinbase formed an advisory board including crypto and quantum experts to assess risks and outline migration paths to post-quantum-secure signatures. But how immediate and real is the quantum computing threat to Bitcoin?
How the Bitcoin Blockchain Works
Bitcoin’s blockchain is fully public, with all transactions visible, though cryptographic signatures and hashes secure ownership and integrity. Quantum computers can’t access hidden data because there isn’t any. But the potential risk still lies in cryptographic proofs, also called signatures, which, for hash-based addresses, authorize the spending of coins once a public key is revealed on-chain.
And here’s why that matters. Most Bitcoin addresses aren’t the public key itself, they’re cryptographic hashes of it. In some cases, the actual public key only shows up on-chain when the coins are spent, which is when they can be exposed to risk. That’s why some coins are potentially exposed once spent, while others — though not all — remain unexposed to signature attacks until their public keys appear on-chain.
‘Probably Not This Decade’
As Cais Manai, CPO and co-founder of TEN Protocol, a Layer 2 designed for privacy-preserving smart contracts, told The Defiant, for most of Bitcoin’s life, its cryptography was treated as effectively untouchable.
But quantum computing is the first real technology to challenge Bitcoin’s thesis as “digital gold,” Manai said, adding though that the risk is still distant:
“Not this cycle. Probably not this decade. But well within the investment horizon of anyone calling Bitcoin ‘digital gold.’”
In theory, a quantum computer could derive a private key from a revealed public key and forge a signature to spend coins. Coins whose keys have never been revealed would remain safe in that scenario.
For some kinds of Bitcoin addresses, once coins are spent even once, the public key associated with that address is permanently revealed. Different address types determine when keys appear on-chain. For older P2PK addresses, public keys are exposed on-chain immediately, while P2PKH and P2WPKH addresses (such as 1BoatS…or bc1q… addresses) reveal them only when coins are spent.
Taproot and multisig variations add further nuance. For Taproot addresses, the public key is embedded directly in the output, without hashing, meaning it’s publicly visible immediately.
Is Bitcoin Quantum Resistant?
Estimates of the risks Bitcoin faces vary. Chaincode Labs, a research and development group for Bitcoin, estimated in its May 2025 research report that “approximately 20-50% of all Bitcoin in circulation (4-10 million $BTC), worth hundreds of billions of dollars, is vulnerable to being stolen by virtue of private keys being derived from public keys.”
Manai told The Defiant that these coins become “low-hanging fruit” once a cryptographically relevant quantum computer exists.
“Mining acceleration via quantum is mostly a sideshow. Private-key theft is the real existential vector,” Manai said.
That means that roughly half of Bitcoin in circulation is safe for now. Wallets that never reused addresses or haven’t revealed keys remain far less vulnerable and users can also move coins to addresses that reveal keys only when spent to protect their funds.
Timing Is Key
But the real challenge lies in timing for governance coordination. Although post-quantum signature schemes already exist, upgrading a network as large as Bitcoin requires coordination around the world. Manai explained:
“No one serious thinks quantum breaks Bitcoin tomorrow. The real risk isn’t timing certainty. It’s timing asymmetry. Bitcoin upgrades take 5-10 years to coordinate globally. Quantum hardware progress is nonlinear. If quantum arrives early, damage happens first, patches come later.”
Are Other Blockchains at Risk?
Other networks are also planning for a post-quantum future. For instance, just this past week, Ethereum Layer 2 protocol Optimism outlined a decade-long roadmap to update users’ wallets so that they could handle quantum-safe signatures.
“The good news: the OP Stack is already architected to swap in new signature schemes via hardforks. Once the right post‑quantum (PQ) scheme is chosen, upgrading is a coordination problem, not a redesign,” the post reads.
Ethereum co-founder Vitalik Buterin, meanwhile, has also recently called out the need for quantum-resistant cryptography for Ethereum mainnet.