Advances in quantum computing could eventually threaten Bitcoin’s cryptographic security, but the risk is manageable and unlikely to cause an existential disruption, according to a Bernstein research report by Gautam Chhugani, Mahika Sapra, Sanskar Chindalia and Harsh Misra. The team characterizes the challenge as a “manageable upgrade cycle” rather than an “existential risk.”
Recent research, including work from Google showing reduced resources needed to break modern encryption, has accelerated the timeline for potential threats. Still, building cryptographically relevant quantum computers (CRQCs) capable of compromising Bitcoin remains years away because of major technical and cost hurdles. Bernstein estimates the crypto industry has roughly three to five years to prepare for post-quantum security upgrades, allowing time to transition to quantum-resistant cryptographic standards.
Responsibility for any transition would likely fall to Bitcoin’s open-source developer community and core contributors, who propose and implement protocol upgrades via consensus. Quantum experts more broadly often give a roughly 10-year timeframe for CRQCs, but recent advances justify increased urgency.
The quantum risk is not uniform across the Bitcoin network. Vulnerabilities are concentrated in older wallets and addresses that expose public keys or reuse addresses. Bernstein identifies pay-to-public-key (P2PK), pay-to-multisig (P2MS) and pay-to-Taproot (P2TR) address types as among the most exposed. Legacy wallets are especially at risk: roughly 1.7 million BTC are held in early P2PK addresses, including an estimated 1.1 million BTC attributed to Satoshi Nakamoto, where public keys remain permanently exposed.
By contrast, Bitcoin’s mining process, which relies on SHA-256 hashing, is not considered meaningfully vulnerable to current or near-term quantum attacks. Best practices—such as avoiding address reuse and adopting newer wallet formats—significantly reduce exposure. The pathway forward involves identifying vulnerable address sets, migrating funds to quantum-resistant schemes, and coordinating protocol-level upgrades where needed.
Bernstein’s conclusion: the threat is real but manageable if the industry uses the available multi-year window to plan and implement post-quantum cryptographic upgrades through community-driven processes.