Bitcoin's quantum scare: real risk or market overreaction?

As fears of a cryptographic doomsday spread, experts say Bitcoin has decades before quantum computers pose a genuine threat. Still, preparations must begin soon.

In recent days, bitcoin’s price has rebounded slightly, now hovering near $92,000. Yet its medium-term recovery remains uncertain, with crypto markets still shaky and underperforming both equities and gold. One reason for this caution may lie in a narrative gaining traction: the supposed emergence of a quantum threat to Bitcoin itself.

As Capriole founder Charles Edwards wrote in an X post, "Bitcoin is now in the Quantum Event Horizon. The implementation timeline to upgrade Bitcoin is now within the front-edge horizon risk of Quantum breaking Bitcoin’s encryption. We must reach the BIP360 consensus in 2026 to save Bitcoin. This is why Bitcoin is getting smoked by gold."

So, what exactly is this “quantum event horizon,” and is it truly an imminent threat?

What is the quantum threat to Bitcoin?

Quantum computing introduces a structural challenge to Bitcoin because it can weaken the cryptographic assumptions that secure ownership and transaction validation. Bitcoin relies on asymmetric cryptography, where users generate a private key and a corresponding public key, which enables them to sign transactions and prove ownership of funds. This relationship is one-way. While deriving a public key from a private key is trivial, reversing the process is computationally unfeasible with classical computers. Quantum machines, however, may eventually change that.

In 1994, Peter Shor demonstrated an algorithm that allows a sufficiently powerful quantum computer to extract a private key from its public counterpart. In principle, this would allow an attacker to forge signatures and move bitcoins without consent. The debate is not whether this is mathematically possible—it is—but when quantum computers will be capable of doing it in practice.

Bitcoin’s vulnerability depends on the types of addresses. Early Bitcoin addresses exposed the public key directly. Roughly two million BTC remain in such pay-to-public-key (p2pk) addresses, including many mined by Satoshi Nakamoto. Any quantum-capable adversary could target these immediately. Later, Bitcoin introduced pay-to-public-key-hash (p2pkh) addresses, which conceal the public key until coins are spent. These are secure only until the first outgoing transaction. Unfortunately, users often reuse these addresses, revealing their public keys. Today, over 4 million bitcoin—about a quarter of the supply—sit in vulnerable address types or reused addresses.

Even if all holders migrated their coins to fresh p2pkh addresses, Bitcoin would face a more subtle vulnerability. Each transaction reveals the public key until the next block is mined, a process that typically takes around 10 minutes. If quantum computers ever reduce the time required to break a Bitcoin private key below this confirmation window, attackers could intercept transactions in-flight and override them by paying a higher fee.

The long-term solution for Bitcoin lies in post-quantum cryptographic schemes resistant to Shor-type attacks.

Is the quantum threat overhyped?

Many specialists believe it’s not yet time to panic. Famous cryptographer and Blockstream CEO Adam Back argues the timeline is measured in decades, estimating that a cryptographically relevant quantum computer is probably not coming for another 20-40 years.

He also points out that the US National Institute of Standards and Technology has already officially approved the SLH-DSA digital signature algorithm as part of its post-quantum cryptography standards, which Bitcoin could adopt long before quantum computers become a threat.

Analysts at a16z echo this view, calling the arrival of a cryptographically relevant quantum computer highly unlikely on a 10-year horizon. Breaking Bitcoin’s elliptic curve signatures would require millions of error-corrected qubits performing deep, fault-tolerant quantum circuits. Current machines are nowhere near this, despite corporate announcements that conflate small experimental results with cryptographically meaningful progress.

Still, the absence of imminent danger does not remove the need for preparation. Bitcoin governance moves slowly, and contentious changes risk splitting the blockchain. Migration to post-quantum signatures also cannot be passive: users must actively move their coins. Coins with exposed public keys—including abandoned wallets—cannot be upgraded, leaving millions of BTC permanently vulnerable once quantum attacks become feasible.

Importantly, a quantum attack would not resemble a sudden protocol-wide collapse. Shor’s algorithm targets individual keys, not the entire network. Early attacks will be costly, slow, and aimed at high-value wallets. The danger will emerge gradually, not overnight. This gives Bitcoin time to adapt—provided the community acts before the window narrows.

For now, a16z analysts believe that the most credible risk is not quantum hardware, but faulty implementation of post-quantum cryptography itself. Bitcoin needs to prepare, but do so deliberately—not fearfully.