The quantum computing threat to Bitcoin just got a lot more urgent.
Research firm Project Eleven published its Quantum Threat to Blockchains 2026 report this week, warning that the same cryptographic foundations securing Bitcoin and Ethereum could be broken by quantum computers as early as 2030 — years ahead of most industry estimates. And the firm’s CEO is pushing Bitcoin developers to stop treating this as a future problem and start building post-quantum defenses right now.
What Project Eleven Actually Found
Project Eleven’s report zeroes in on ECDSA — the Elliptic Curve Digital Signature Algorithm that Bitcoin uses to authorize transactions and protect wallet addresses. For years, the consensus was that breaking RSA-2048 encryption would require roughly 20 million physical qubits, putting any real threat comfortably into the 2040s or later.
That calculus has shifted dramatically.
Resource estimates from Google and Oratomic have reduced the qubit count required to break elliptic-curve signatures by “multiple orders of magnitude,” according to the report. Project Eleven’s baseline Q-Day scenario now sits at 2033, with a realistic early scenario in 2030 if quantum hardware development accelerates along current trajectories.
At current Bitcoin prices, more than $700 billion in crypto assets could be exposed if a sufficiently powerful quantum computer became operational before Bitcoin implements post-quantum cryptography.
“The asymmetry between acting today and waiting for certainty is massive,” Project Eleven CEO Alex Pruden told CoinDesk at the Consensus Miami 2026 conference. “If you wait until there’s a quantum computer that can break ECDSA, you’ve already lost.”
Why Bitcoin’s Migration Is Harder Than It Looks
The challenge isn’t just technical — it’s political.
Bitcoin developers would need to reach consensus on a new signature scheme, implement a soft fork or hard fork, and then convince every wallet holder and exchange to migrate their funds to quantum-resistant addresses. Pruden compared the scale of the migration to Taproot, the 2021 upgrade that took years of debate and still hasn’t been adopted by most Bitcoin users.
“Post-quantum migration will be harder than Taproot,” Pruden said, “and Taproot needed to start now too.”
NIST finalized its first post-quantum cryptography standards in 2024, including CRYSTALS-Dilithium for digital signatures. However, integrating these into Bitcoin’s base layer would require changes across consensus rules, transaction formats, and wallet software — a coordination problem that has historically taken years to resolve in Bitcoin’s governance structure.
The window to act, if Q-Day arrives in 2030, is roughly four years. Given Bitcoin’s development pace, that’s tight.
Which Addresses Are Most at Risk?
Not all Bitcoin addresses face equal exposure. Pay-to-public-key (P2PK) addresses — which directly expose the public key on-chain — are the most vulnerable. These include the original Satoshi-era wallets, which hold an estimated 1 million BTC.
Modern Pay-to-Public-Key-Hash (P2PKH) addresses only expose the public key when the wallet sends a transaction. That means addresses that have never spent funds retain an additional layer of security, since a quantum attacker would need to intercept a transaction in flight rather than mining a pre-exposed key.
However, reused addresses — common among retail users — expose public keys indefinitely, making them targets even before Q-Day.
Project Eleven estimates that roughly 4 million BTC sits in addresses with exposed public keys today.
The Broader Blockchain Picture
Bitcoin isn’t alone in this vulnerability. Ethereum’s ECDSA-based signature scheme faces identical risks. So does Solana, Cardano, and virtually every major proof-of-stake network. Layer-2 networks that inherit security from Ethereum’s base layer would also be exposed.
Some newer blockchain projects have already begun integrating quantum-resistant cryptography. The Ethereum Foundation has discussed post-quantum migration as part of its long-term roadmap, though no concrete timeline has been announced.
Project Eleven’s report notes that the risk is asymmetric in a dangerous way: quantum hardware development could accelerate rapidly due to heavy government investment from the United States, China, and the European Union, making it difficult to predict when a “cryptographically relevant quantum computer” actually arrives.
“The threat could emerge all at once,” the report warns, “not gradually.”
What’s the Industry Doing About It?
The response from the crypto industry has been measured but growing. NIST’s post-quantum standards have given developers a concrete target to build toward. Several hardware wallet manufacturers are already testing post-quantum signature libraries in their firmware.
Bitcoin Core contributors have discussed post-quantum cryptography in developer forums, but no formal Bitcoin Improvement Proposal (BIP) targeting a migration path has been finalized.
Pruden’s call at Consensus 2026 was explicit: Bitcoin developers need to move from research to production mode. That means proposing a concrete upgrade path, even if the technical details require further refinement.
“Starting now doesn’t mean deploying now,” he said. “It means getting the BIPs written, getting the code reviewed, getting the community aligned — so that when we need it, it’s ready.”
The report’s full findings are available on the Project Eleven blog.
FAQ
Q: Can quantum computers break Bitcoin today?
No. Current quantum computers, including Google’s most advanced systems, have nowhere near the qubit count or error-correction capability needed to break ECDSA. Project Eleven’s Q-Day baseline scenario is 2033, with an early-risk scenario around 2030 if hardware development accelerates.
Q: What would a post-quantum Bitcoin upgrade look like?
A post-quantum Bitcoin upgrade would likely involve adopting one of NIST’s approved signature schemes, such as CRYSTALS-Dilithium, alongside a migration mechanism allowing holders to move funds from legacy addresses to quantum-resistant addresses. The process would require a network-wide soft or hard fork and broad community consensus — a process that historically takes several years in Bitcoin’s governance model.
Q: How much Bitcoin could be at risk?
Project Eleven estimates that roughly 4 million BTC sits in addresses with exposed public keys, making them theoretically vulnerable to a sufficiently powerful quantum computer. At current prices, that exposure represents hundreds of billions of dollars.
Sources: Project Eleven “Quantum Threat to Blockchains 2026” report; CoinDesk Consensus Miami 2026 coverage; NIST Post-Quantum Cryptography Standards documentation.
