KuCoin
Log In
language_currency
Home
Blog
Crypto Report
Details
img

What Percentage of Bitcoin Is Actually at Risk from Quantum Attacks?

2026/04/22 03:03:01
What Percentage of Bitcoin Is Actually at Risk from Quantum Attacks?

Introduction

A quantum computer with just 500,000 qubits could break Bitcoin’s cryptography and steal billions in assets. That headline sounds like science fiction, but it’s the conclusion of serious research from Google published in March 2026. The question is no longer whether quantum computing poses a threat to Bitcoin - it’s how much Bitcoin is actually at risk, and whether the timeline for disaster is closer than anyone thought.
 
The answer might surprise you. While quantum computers capable of breaking Bitcoin do not yet exist, researchers from Google Quantum AI estimate that approximately 6.5 million to 6.9 million BTC - roughly 30% of all Bitcoin in circulation - could be vulnerable to quantum attacks if sufficiently powerful quantum computers are ever built. This represents over $70 billion in value at current prices, sitting in addresses where public keys have already been exposed through past transactions. Understanding exactly which Bitcoin is at risk, and why, is essential for anyone holding BTC or considering it as an investment.
 
 

Understanding Quantum Computing Threats to Bitcoin

Bitcoin relies on two cryptographic systems to secure its network:
 
  • SHA-256 - Hash function for proof-of-work mining, appears quantum-resistant
  • ECDSA - Elliptic curve signatures protecting addresses, vulnerable to quantum attack
  • Discrete logarithm problem - The mathematical basis ECDSA exploits
 
These two systems face very different futures against quantum computing, and the distinction matters enormously for understanding real risk.
 
SHA-256 appears fundamentally secure against quantum attacks, at least for the foreseeable future. While Grover’s algorithm provides a theoretical speedup for hash functions against quantum computers, the consensus among cryptographers is that SHA-256 would remain secure even with a quantum computer of significant power. Researchers at Google confirmed that Bitcoin’s proof-of-work mining would not be significantly impacted by quantum computing advances, because SHA-256’s security relies on collision resistance rather than the discrete logarithm problem that quantum computers can exploit.
 
However, ECDSA tells a different story. The elliptic curve cryptography protecting Bitcoin’s signatures is vulnerable to Shor’s algorithm, a quantum computing technique that can efficiently derive private keys from public keys. Once an attacker has a private key, they can authorize any transaction from that address - essentially stealing the Bitcoin. Unlike SHA-256, there is no known Post-quantum solution to ECDSA’s vulnerability. This is where the real risk lies, and this is why researchers focus on ECDSA when calculating quantum threat percentages to Bitcoin.
 
 

Long-Range vs Short-Range Quantum Attacks

Not all Bitcoin faces the same quantum vulnerability. Researchers classify quantum attacks into two distinct categories - long-range attacks target addresses with exposed public keys from past transactions, while short-range attacks target unconfirmed transactions in the mempool.
 
Long-range attacks target Bitcoin in addresses where the public key has been exposed. This happens every time a Bitcoin address is used to make a transaction. When you send Bitcoin from an address, the transaction reveals your public key on the blockchain. Once your public key is exposed, a future quantum computer could theoretically derive your private key and steal any remaining funds in that address. Importantly, this vulnerability persists even if the address is “empty” after the transaction - the threat actor could potentially steal Bitcoin that was deposited after the transaction was confirmed if they had access to the historical public key data.
 
Short-range attacks target addresses that have never been used for a transaction. In this case, only the Bitcoin address (a hash of the public key) is visible on the blockchain, not the public key itself. Deriving a private key from a hashed public key is computationally infeasible even for quantum computers - the mathematics simply does not permit it with any known algorithm. Addresses that have never sent a transaction face no meaningful quantum threat under current understanding.
 
This distinction explains why the percentage of at-risk Bitcoin is so high. Bitcoin’s earliest users from 2009 and 2010, many of whom are legendary figures in the community like Satoshi Nakamoto, moved their coins through transactions that revealed their public keys. Those public keys remain exposed on the blockchain forever, meaning their Bitcoin could potentially be stolen if a quantum computer is ever built. The same applies to any Bitcoin that has been sent even once since 2009.
 
 

How Much Bitcoin Is Actually at Risk

Researchers and analytics firms have conducted extensive analysis to estimate exactly how much Bitcoin faces quantum vulnerability. The numbers are significant and somewhat alarming.
 
According to research from early 2026, approximately 6.26 million to 6.89 million BTC resides in addresses with exposed public keys, representing the Bitcoin potentially vulnerable to long-range quantum attacks. At current market prices, this represents between $65 billion and $75 billion in value - a staggering sum that makes quantum computing one of the most significant existential risks to Bitcoin as an asset class. The wide range in estimates reflects different methodologies for identifying old addresses and classifying wallet types, but the general conclusion is consistent: roughly 30% of all Bitcoin could be stolen if a sufficiently powerful quantum computer exists.
 
To put this in perspective, consider a breakdown of the at-risk Bitcoin. The earliest mined Bitcoin, including portions estimated to belong to Satoshi Nakamoto and other early adopters, represents a substantial portion of this vulnerable supply. Many of these addresses have not moved Bitcoin since 2010 or earlier, yet their public keys are permanently exposed on the blockchain. Any quantum computer capable of breaking ECDSA could derive the private keys to these addresses and transfer the Bitcoin to a wallet controlled by the attacker.
 
Beyond the exposed-address problem, there is also the mempool vulnerability. Any Bitcoin transaction broadcast to the network but not yet confirmed exists in the mempool. A quantum-capable attacker could potentially intercept an unconfirmed transaction, derive the private key from the broadcast public key, and replace the transaction with their own - essentially stealing the Bitcoin during the confirmation window. While this is a short-range attack limited to the transaction broadcast window, it represents an additional attack vector beyond the static vulnerability of addresses with exposed public keys.
 
 

The Timeline: When Could Quantum Computers Break Bitcoin

The question of timeline is critical for understanding practical risk. A quantum computer capable of breaking Bitcoin’s ECDSA signatures does not exist today. However, research suggests the timeline may be approaching faster than previously expected.
 
Google researchers published a significant paper in March 2026 that revised estimates of when quantum computers might achieve the necessary computational power. The paper estimated that a quantum computer with approximately 500,000 logical qubits could break Bitcoin’s elliptic curve cryptography in approximately 10 minutes - fast enough to steal Bitcoin before the network could respond. Previous estimates had suggested this threshold might not be reached until the 2030s or later.
 
The practical reality is more nuanced than headlines suggest. Building a quantum computer with 500,000 qubits is an enormous engineering challenge. Current state-of-the-art quantum computers operate with thousands of physical qubits, but logical qubits required for stable computation are far fewer. The gap between today’s quantum computers and the theoretical machines needed to break Bitcoin is still measured in orders of magnitude.
 
Most estimates suggest quantum break capability remains years away:
 
 

How Bitcoin Is Responding to Quantum Threats

Bitcoin’s community is working on post-quantum solutions:
 
  • Lamport signatures - Hash-based alternative to ECDSA
  • Threshold signatures - Require multiple parties to authorize transactions
  • Soft fork or hard fork - Network upgrade mechanisms
 
The timing of any post-quantum upgrade presents its own challenges. Implementing new cryptography too early risks introducing unnecessary complexity and potential vulnerabilities. Waiting too long risks leaving Bitcoin exposed. The Bitcoin community faces a delicate balancing act between responding to a theoretical future threat and maintaining the network’s current reliability and simplicity.
 
 

Should I Be Worried About Quantum Attacks on My Bitcoin

For most Bitcoin holders, the practical concern about quantum attacks should be minimal, but awareness is valuable. The immediate risk is essentially zero - no quantum computer exists that can break Bitcoin’s cryptography, and such a machine remains years away even in the most aggressive estimates.
 
However, there are practical steps that holders can take to reduce their exposure. The primary vulnerability applies to addresses where the public key has been exposed through past transactions. By moving Bitcoin to fresh addresses that have never been used for a transaction, holders eliminate the long-range attack vulnerability. Modern Bitcoin wallets automatically generate new addresses for each transaction, making this protection relatively easy to implement.
 
For long-term holders with Bitcoin in old addresses, the calculation is more complex. Moving Bitcoin to a new address requires a transaction, which reveals the new public key. However, this resets the clock on quantum vulnerability from that point forward - any quantum attacker would need to target the new public key revealed in that transaction rather than historical keys.
 
The more significant consideration is for exchanges and custodians holding large amounts of Bitcoin. These entities represent concentrated targets that could be attractive to quantum attackers. Exchange-grade security should include post-quantum cryptography planning and monitoring of quantum computing developments.
 
 

How to Buy Bitcoin on KuCoin

Step 1: Create Your KuCoin Account

If you are ready to invest in Bitcoin, the first step is creating your KuCoin account. New users can register at KuCoin and Get Up to 11,000 USDT in New User Rewards - a substantial bonus that can boost your initial trading capital. Simply visit the KuCoin website or download the mobile app, complete the registration process with your email or phone number, and verify your identity to unlock these rewards.
kucoin new user rewards up to 11000 usdt
 

Step 2: Execute Your Trade

Once your account is set up, search for Bitcoin trading pairs in KuCoin’s trading interface. KuCoin offers strong liquidity for BTC trading pairs, like BTC/USDT. Consider using limit orders during high volatility periods to manage slippage effectively.
 

Step 3: Position Management

For Bitcoin investment, establish clear profit targets and stop-loss levels before entering a position. Monitor developments around quantum computing and Bitcoin’s post-quantum security roadmap. Adjust your position based on ongoing assessment rather than emotional responses to short-term price movements.
 
 

Conclusion

Quantum computing does pose a genuine long-term threat to Bitcoin’s cryptographic infrastructure, but the sky is not falling. Approximately 6.5 million to 6.9 million BTC, roughly 30% of all Bitcoin, faces potential vulnerability through exposed public keys. This represents tremendous value at risk if quantum computers ever achieve the necessary capability, but the practical timeline remains years away.
 
The key distinction is between SHA-256 and ECDSA. SHA-256 appears fundamentally quantum-resistant, protecting Bitcoin’s mining. ECDSA faces genuine quantum vulnerability. The Bitcoin community is actively working on post-quantum solutions, though implementing them requires navigating complex governance challenges inherent to decentralized systems.
 
For individual holders, moving Bitcoin to fresh addresses periodically represents prudent practice regardless of quantum concerns. Self-custody provides more control than exchange-held Bitcoin.
 
 

FAQs

Q: How much Bitcoin is at risk from quantum attacks?
A: Researchers estimate approximately 6.5 million to 6.9 million BTC, roughly 30% of all Bitcoin in circulation, could be vulnerable to quantum attacks. This Bitcoin sits in addresses where public keys have been exposed through past transactions.
 
Q: Does quantum computing threaten all Bitcoin?
A: No. Only Bitcoin in addresses with exposed public keys faces quantum vulnerability. Bitcoin in addresses that have never sent a transaction is protected by the mathematical difficulty of deriving a public key from a Bitcoin address - a problem quantum computers cannot currently solve.
 
Q: When could quantum computers actually break Bitcoin?
A: No quantum computer exists that can break Bitcoin today. Most estimates suggest such a machine remains years away, with Google’s 2026 research suggesting a threshold of approximately 500,000 logical qubits. Conservative estimates place this capability in the 2030s or later.
 
Q: Is my Bitcoin safe on exchanges?
A: Exchange-held Bitcoin faces the same vulnerabilities as any Bitcoin in addresses with exposed public keys. However, reputable exchanges typically implement sophisticated security measures and may have their own post-quantum cryptography plans. For large holdings, self-custody in fresh addresses remains the most secure option.
 
Q: What is Bitcoin doing about quantum threats?
A: The Bitcoin developer community is actively researching post-quantum cryptography solutions including hash-based signature schemes like Lamport signatures. Implementing these would require a network upgrade through a soft fork or potentially hard fork. No timeline has been set for such an upgrade.