At the Bitcoin 2025 Conference in Las Vegas, a dark story was quietly spreading. The evolution of quantum computers is progressing unexpectedly fast, posing a fundamental threat to Bitcoin’s security foundation. Approximately $42 billion worth of Bitcoin assets could be at risk, and a “liquidation event” that affects the entire market could even occur. This is not an exaggeration. Google’s latest research pointed out that the quantum resources needed to break RSA encryption are only one-twentieth of previous estimates.

The elliptic curve digital signature algorithm (ECDSA) used by Bitcoin is also under the same threat. Those who understand the relationship between private keys and public keys should grasp the seriousness of this crisis. It has been considered mathematically impossible to reverse-engineer a private key from a public key. However, Peter Shor’s 1994 proposed Shor’s algorithm can efficiently factor large numbers using a quantum computer. Once a sufficiently powerful quantum computer is operational, it will be able to quickly compute the private key from the known public key.

Which Bitcoin will be at risk first? The early P2PK addresses. These addresses used in the early days of Bitcoin directly expose the public key. Including the Genesis Bitcoin believed to be owned by Satoshi Nakamoto, there are still millions of Bitcoin sitting dormant. Moreover, even in more common P2PKH addresses, once a transaction is made, the public key is leaked, and if the address is reused, it remains vulnerable. According to analyses by Deloitte and others, hundreds of thousands of Bitcoin have exposed public keys, totaling between 4 million and 6 million BTC at high risk. At current Bitcoin prices (around $81,000), this asset value reaches hundreds of billions of dollars.

The threat of quantum computers also manifests as “near-term attacks.” During Bitcoin transactions, the public key is broadcast to the network, and if a quantum computer can decrypt the private key within the 10 to 60 minutes waiting for miner confirmation, it could send Bitcoin to itself with higher fees before the original transaction is confirmed.

The hardware development race is intensifying. IBM’s “Osprey” has achieved 433 physical qubits, and “Condor” has reached 1,121 physical qubits. In 2025, Google’s “Willow” chip will be announced, and Quontinum plans to commercialize the “Helios” system in the second half of 2025, supporting at least 50 high-fidelity logical qubits. However, predictions vary among experts regarding how long it will take for practical quantum computers to threaten Bitcoin. Some are optimistic, estimating 3 to 5 years, while others believe it could take more than a decade. The key point is that the threat from quantum computers is not an “on/off” switch but a gradual increase in probability.

The Bitcoin community is not powerless. Research into post-quantum cryptography (PQC) is advancing, with algorithms like SPHINCS+ standardized by the U.S. National Institute of Standards and Technology (NIST) as candidates. However, integrating PQC into Bitcoin is extremely challenging. Hash-based signatures tend to have large signature sizes and require more time for key generation and verification, which burdens transaction efficiency and blockchain capacity.

An even bigger challenge is the migration mechanism. Transitioning from ECDSA to PQC standards involves a fundamental upgrade of the Bitcoin protocol, not just a simple code change. Should it be a soft fork or a hard fork? How to safely transfer Bitcoin from old addresses to new quantum-resistant addresses? Jameson Lopp, co-founder of Casa, suggests setting a deadline and considering protocol “destruction” of untransferred Bitcoin. Another developer, Agustin Cruiz, proposed a specific hard fork plan called QRAMP (Quantum Resistant Address Migration Protocol). These proposals highlight the difficulty of reaching consensus within a decentralized governance model.

Currently, major Bitcoin exchanges, wallet providers, and mining pools lack clear public information about PQC migration plans. This indicates that Bitcoin’s quantum resistance is still in the theoretical research and early discussion stage, not yet in implementation. Bitcoin faces a dilemma of being “too big to fail but too slow to evolve.”

If quantum attacks become feasible, the market will face a “liquidation event.” Trust will be shaken, panic selling could cause Bitcoin prices to plummet, and the shockwaves might ripple through the entire cryptocurrency market and even traditional finance. Bitcoin’s reputation as “digital gold” largely depends on its unbreakable cryptographic security. If that foundation is easily broken by quantum computers, all the value narratives built upon it will face severe tests.

Looking at the history of cryptography, major transitions—such as from DES to AES or the deprecation of SHA-1—took years or decades under centralized authorities. Bitcoin’s decentralized governance offers resilience and censorship resistance, but in situations requiring rapid and unified responses to global technological shifts, it could become dysfunctional.

Quantum computers are the sword of Damocles hanging over Bitcoin. When it might strike is unknown, but the chill is already beginning to be felt. This presents the most profound and long-term challenge to cryptographic technology. The Bitcoin community is facing an unprecedented test: how to upgrade the cryptographic systems essential for its survival while maintaining its core principles of decentralization and anti-censorship. The future path is uncertain. Will technological innovation catalyze a safer post-quantum era, or will the difficulties of consensus and migration lead to decline? The answer lies in the decisions, code proposals, and intense debates of the Bitcoin community in the coming years.