When will Bitcoin be quantum-broken?

"Broken" is gradual. First practical Shor attack on a 256-bit ECDSA key likely 2030-2040. Bitcoin's market response will start before the first attack — when CRQC capability becomes credible (probably 2028-2030), the market repricing of quantum-vulnerable BTC may begin.

Should I sell my Bitcoin because of quantum?

Not financial advice. The market hasn't priced this in heavily as of 2026. Migration to PQ-resistant addresses is the technical answer; market timing is separate question.

Is there a PQ-Bitcoin fork already?

Bitcoin Post-Quantum (BPQ) and similar forks exist but have negligible adoption. The interesting work is the soft-fork upgrade path on the main chain.

Does NFT ownership become unprovable post-quantum?

NFT metadata and image storage (IPFS, Arweave) is unaffected. Ownership transfer requires signing — broken if pre-quantum. Migration follows the underlying chain.

Are blockchain bridges quantum-safe?

Cross-chain bridges (Wormhole, LayerZero) sign messages between chains. Same quantum risk as the underlying chains. Bridge protocols will need PQ migration on each leg.

Quantum-Safe Blockchain — Bitcoin BIP-360, Ethereum PQ Roadmap, and the Custodial Migration Plan

Read as

Bitcoin uses ECDSA. Ethereum uses ECDSA (and BLS12-381 for staking). Both fall to Shor when CRQC arrives. The blockchain industry is debating PQ migration mechanics: Bitcoin proposes BIP-360 (post-quantum signatures) and various opt-in soft-forks; Ethereum has the Verkle-tree + PQ-signature roadmap. Migration is unique in blockchain context — wallets are user-owned, can’t be force-upgraded; “lost-key” coins have public keys revealed; the social-coordination problem dominates the technical one. This module covers the threat model, the proposed migrations, and what custodial / institutional wallet operators should plan for.

Blockchain post-quantum migration is a 10-year governance project, not a technical project. The cryptographic primitives are well-understood; persuading 10 million Bitcoin holders and 200 million Ethereum users to migrate their assets to PQ addresses is the actual problem.

The threat model — what’s actually at risk

Three categories of blockchain assets:

Funds in addresses where the public key has NEVER been revealed (unspent UTXOs in P2PKH or P2WPKH addresses, only the hash of the pubkey is on-chain). Pre-CRQC: derive pubkey from hash requires preimage attack on SHA-256 — infeasible. Post-CRQC: still infeasible (Grover only halves to 2¹²⁸). These funds are safe.
Funds in addresses where the public key HAS been revealed (any address that’s been spent from, P2PK addresses, taproot keypath spends with revealed pubkey). Post-CRQC: Shor recovers the private key from the public key; attacker can spend the funds. These funds are at risk.
Future transactions at any address: in-flight transactions in the mempool are vulnerable to a quantum attacker who can derive the private key faster than the transaction is mined.

Estimates of “Bitcoin at risk to Shor” vary: lower bound ~25% (publicly-keyed addresses + Satoshi’s coins at P2PK), upper bound ~70% (counting any address that has ever been spent from). Either way, hundreds of billions of dollars are at quantum risk.

Want this for your team?

Custom team training + practitioner advisory

Beyond the free academy — we run private workshops, vCISO advisory, and red-team exercises tailored to your stack. For Indian SMBs scaling past their first hire.

Book team training call Replies in 4 working hrs · India-only · Senior consultants

Quantum-Safe Blockchain — Bitcoin BIP-360, Ethereum PQ Roadmap, and the Custodial Migration Plan

The threat model — what’s actually at risk

Custom team training + practitioner advisory

Other modules in this track

What is Quantum Computing — Qubits, Superposition, Entanglement (Beginner)

Why Quantum Matters for Cybersecurity — The Post-Quantum Threat in Plain English

Shor’s Algorithm Explained — Why RSA and ECC Will Break