A new report states that the advancement of quantum computing is outpacing the cryptocurrency industry’s preparedness. Researchers note that while no current machines can directly break Bitcoin’s encryption, the resources required to do so have significantly decreased over the past year, potentially shortening the timeline the industry has to prepare for quantum-resistant migration.
In the past two years, research has advanced expectations forward.
The report notes that several advancements by Google, IBM, and Quantinuum between 2024 and 2026 have shifted external perceptions of the timeline. Notably, a paper released by Google Quantum AI in March 2026 estimated that, under specific hardware assumptions, the number of physical qubits required to break the secp256k1 elliptic curve used by Bitcoin has been reduced to fewer than 500,000.
The researchers stated that three papers on elliptic curve cryptography have reduced the estimated quantum resources required for an attack by nearly an order of magnitude over the past year. The report concludes that this risk is no longer merely a distant hypothetical but an engineering challenge requiring proactive planning.
The blockchain's public ledger increases migration pressure.
The report notes that blockchain differs from traditional internet services. Centralized platforms can gradually replace encryption standards through software updates, but public blockchain addresses and public keys remain exposed on the public ledger indefinitely, and historical data is permanently retained. This means attackers can first collect on-chain information and attempt to break the encryption once quantum computing capabilities become mature.
The report summarizes this scenario as "collect first, crack later." Under this framework, addresses with exposed public keys are at risk earlier, while wallets that cannot be actively migrated receive greater attention.
Lost Bitcoin or growth-stage goals
The report estimates that between 2.3 million and 3.7 million bitcoins may be permanently lost due to holders losing their private keys, including addresses widely believed to belong to Satoshi Nakamoto. Since these wallets cannot be migrated to quantum-resistant addresses, the associated holdings may remain vulnerable to potential future attacks.
Auryn Macmillan, co-founder of Gnosis Guild, stated in a comment included in the report that a more straightforward approach would be to set a clear deadline for account migration, with tokens remaining in vulnerable addresses after the deadline being frozen. However, such a solution also means Bitcoin would need to confront practical challenges in governance coordination and execution.
The industry has begun preparations, but Bitcoin remains divisive.
Reports indicate that the traditional tech industry has begun deploying post-quantum cryptography. The U.S. National Institute of Standards and Technology (NIST) finalized several post-quantum encryption standards in August 2024, and Google, Signal, Apple, and Cloudflare have already initiated protective measures, with some migration goals extending to 2029 and 2030.
In contrast, the cryptocurrency industry has yet to reach a consensus on migration pathways. The report highlights that Bitcoin faces particular challenges, including governance coordination, scaling pressures, and potential new vulnerabilities introduced when replacing the existing signature system.
Previously, Stanford cryptographer and co-author of the Google Quantum AI paper, Dan Boneh, also stated that hastily pushing Bitcoin toward quantum resistance could introduce greater systemic errors. He supports a gradual transition to post-quantum signatures and hybrid encryption systems, rather than replacing the existing architecture all at once.
Hardware wallets also face implementation pressures.
The report also notes that wallet manufacturers are facing hardware limitations when supporting larger post-quantum algorithms. Aaron Chen, Chief Technology Officer at Keystone, stated that algorithms such as ML-DSA-87 place significant pressure on the memory and processing power of hardware wallets, and balancing security with user experience under limited resources remains a practical challenge in development.
The report concludes that if the industry prepares too early, the main costs are increased operational complexity and larger transaction volumes; however, if preparation is delayed too long, future quantum attacks that become feasible could lead to financial losses, institutional panic, and regulatory intervention.