The Quantum Threat

Bitcoin transactions are secured by ECDSA (Elliptic Curve Digital Signature Algorithm). Every wallet has a private key and a public key. The private key is yours alone. The public key is derived from it and visible to anyone.

When you send Bitcoin, you sign the transaction with your private key. The network verifies your signature using your public key. The security guarantee: knowing the public key should make it computationally impossible to derive the private key.

That guarantee held for 30 years. It no longer holds for quantum computers.

In 1994, mathematician Peter Shor published an algorithm that, running on a sufficiently powerful quantum computer, can factor large numbers exponentially faster than any classical computer. ECDSA's security is based on the hardness of the elliptic curve discrete logarithm problem, a mathematical cousin of factoring. Shor's algorithm breaks both.

The catch: the algorithm requires fault-tolerant logical qubits that did not exist in 1994. They are being built now.

Researchers estimate approximately 4,000 fault-tolerant logical qubits are needed to break a 256-bit elliptic curve key in hours. IBM's publicly stated roadmap targets 100,000 physical qubits by 2030. The error correction ratio is roughly 1000:1, meaning 100,000 physical qubits yields roughly 100 logical qubits today. But that ratio is improving every year.

You do not need to break encryption in real time to exploit this vulnerability. You only need to be patient.

Intelligence agencies (and likely criminal enterprises) are collecting encrypted internet traffic today with the explicit intention of decrypting it once quantum computers are powerful enough. This is called "harvest now, decrypt later."

The data being collected includes financial records, private communications, and blockchain transactions. If the encryption protecting it uses ECDSA or RSA, it will be readable within this decade.

Here is the precise technical vulnerability. When you receive Bitcoin but have never spent from an address, only your public key hash is on-chain, not the public key itself. This provides a layer of protection because breaking a hash is harder than breaking the public key directly.

But the moment you send a transaction, your full public key is published to the blockchain permanently. Researchers have counted approximately 4 million Bitcoin addresses where the public key is already exposed. Those addresses hold roughly 20% of all Bitcoin in circulation. They are targets.

Conservative estimate: quantum computers capable of breaking ECDSA arrive between 2029 and 2033. Optimistic estimate for adversaries with classified hardware: 2027 to 2028. Neither date is far away.

Blockchain transactions are permanent and public. There is no retroactive fix. The window to act is now, not when the hardware arrives.