The quantum computing threat to Bitcoin has been cycling through the same debate loop for years: urgent alarm from researchers, calm dismissal from developers, repeat. But two new research papers — one from Google, another from Caltech-affiliated startup Oratomic — have injected fresh urgency into the conversation, suggesting that the resources required to break Bitcoin's encryption may be lower than previously assumed.
The good news, according to at least one researcher, is that Bitcoin may not need a contentious protocol upgrade to get quantum-safe. The bad news is that the clock is running, and the Bitcoin community's historically slow consensus process is not built for speed.
What the Threat Actually Is
Bitcoin's security relies on elliptic curve cryptography (ECC), which protects private keys from being reverse-engineered from public keys. A sufficiently powerful quantum computer running Shor's algorithm could theoretically crack ECC — exposing wallets where the public key has already been revealed on-chain.
That last part matters: not every Bitcoin address is equally vulnerable. Wallets that have never broadcast a transaction still have unexposed public keys and are harder targets. The more immediate risk sits with older address formats — particularly pay-to-public-key (P2PK) addresses used in Bitcoin's early years, some of which are believed to belong to Satoshi Nakamoto — where the public key is already visible on the blockchain.
Quantum computers cannot do this today. But the Decrypt reporting on the two new research papers notes that progress is accelerating, and the real challenge experts flag is timing: upgrading Bitcoin's cryptographic foundation takes years of coordination, so the community needs to start now rather than when a quantum machine capable of breaking ECC actually exists.
The No-Fork Workaround
Here's where it gets interesting for infrastructure watchers. A researcher cited by CoinTelegraph argues that Bitcoin can be made quantum-resistant without touching the core protocol — essentially through a softer migration path that doesn't require a network-wide hard fork.
The proposed approach centers on moving funds into quantum-safe address formats before the threat materializes. If users and custodians migrate holdings to addresses built on post-quantum cryptographic schemes — without waiting for a mandatory protocol-level change — the exposure shrinks dramatically, even if the underlying Bitcoin script layer hasn't been formally upgraded.
Think of it like moving valuables out of a building before it floods, rather than waiting for the city to approve a flood wall.
This matters operationally because the alternative — a full protocol upgrade — requires near-universal consensus among Bitcoin nodes, miners, and developers. Bitcoin's governance model has no central authority to push changes through. The block size wars of 2017 showed how badly these fights can go. A quantum-safety debate that forces a similar schism would be far more dangerous than the underlying cryptographic risk, at least in the near term.
Why This Is an Infrastructure Story
Most quantum computing coverage treats this as an abstract future problem. But for the entities actually running Bitcoin infrastructure — custodians, exchanges, mining pools, and institutional holders — the operational implications are concrete and near-term.
Custodians holding large BTC balances in older address formats have the most exposure. Any custodian still sitting on P2PK outputs is running a risk that grows as quantum computing capability improves. The question of whether to migrate those holdings — and how to communicate that to clients — is a live compliance and operations question, not a theoretical one.
Exchanges face similar exposure on their hot and warm wallets. Most modern exchange infrastructure already uses more modern address types (SegWit, Taproot), which offer marginally better quantum posture, but none are post-quantum secure by any rigorous standard.
Miners are somewhat less directly exposed — the quantum threat targets key cryptography, not proof-of-work's SHA-256 hashing. Grover's algorithm could theoretically speed up hash-finding, but the speedup is quadratic rather than exponential, meaning it would require roughly doubling the difficulty target to compensate. That's manageable compared to the ECC problem.
Node operators and developers are the ones who would ultimately have to coordinate any protocol-level response. The longer that starts, the more rushed — and risky — any eventual upgrade becomes.
The Coordination Problem
Even if the no-fork migration approach works in theory, it requires a kind of voluntary, industry-wide action that crypto has historically struggled to pull off without a crisis forcing the issue.
The Bitcoin community would need custodians, exchanges, and individual holders to proactively move funds to quantum-safe addresses — ideally before a standardized post-quantum address format is even finalized. That's a sequencing problem: you can't migrate to a format that doesn't exist yet, and finalizing a format requires exactly the kind of slow-moving technical debate that Bitcoin is known for.
What the research does clarify is that waiting for quantum computers to actually threaten the network before beginning upgrades is not a viable plan. The upgrade path — whether it's a soft migration, a new address type, or eventually a protocol change — takes time measured in years, not months.
The Broader Security Context
This isn't happening in isolation. The US National Institute of Standards and Technology (NIST) finalized its first set of post-quantum cryptographic standards in 2024, and federal agencies are under mandate to begin migrating sensitive systems. That regulatory backdrop means institutional players operating in both traditional finance and crypto are increasingly being asked about their quantum preparedness by auditors and compliance teams.
For US-based crypto custodians and exchanges operating under existing or forthcoming regulatory frameworks, quantum risk is quietly becoming a due diligence question — not yet a legal requirement, but the kind of thing that ends up in security audits.
The Takeaway
The quantum threat to Bitcoin is real but not imminent. What is imminent is the window in which a relatively low-friction migration path remains possible. If the industry waits until quantum capability forces emergency action, the options narrow to a chaotic, rushed protocol upgrade or accepting that a meaningful portion of Bitcoin's supply — particularly old, high-value wallets — is at risk.
The no-fork approach offers a credible off-ramp, but it requires custodians, exchanges, and serious holders to start paying attention now, not when headlines get alarming. Infrastructure decisions made in the next two to three years will largely determine how painful — or painless — the eventual transition turns out to be.