The idea that quantum computing could break blockchain networks like Bitcoin and Ethereum used to sound like science fiction. For years, experts told us we had decades before a machine powerful enough to crack digital signatures would exist. That timeline just collapsed. In 2026, major tech giants and blockchain foundations are racing against the clock because new research suggests a cryptographically relevant quantum computer (CRQC) could arrive sooner than expected-possibly by the end of this decade.
If you hold crypto assets or build decentralized applications, this isn't just theoretical noise anymore. It’s an immediate engineering priority. The shift from "someday" to "soon" changes how we protect digital ownership. Let’s look at exactly why the timeline has accelerated, what is actually at risk, and how the industry plans to survive.
Why the Quantum Clock Is Ticking Faster
For a long time, the consensus was that breaking modern encryption required millions of logical qubits. That assumption made quantum threats feel distant. Then came new data that shattered that belief. A joint study by CalTech, its startup Oratomic, and UC researchers revealed that advancements in neutral atom arrays mean a quantum computer capable of breaking classical encryption might need only 10,000 qubits, not millions.
This number change is huge. It shifts the threat window from twenty years out to overlapping with systems being deployed today. Google’s Quantum AI division released similar findings, noting a twenty-fold decrease in the physical qubits needed to break popular 256-bit elliptic curve encryption. This is the exact type of encryption currently protecting most cryptocurrency wallets. As Nathaniel Szerezla of Naoris Protocol put it, we went from planning for a distant threat to one that overlaps with active development cycles.
Google responded by announcing a migration plan to move its authentication and digital signature models to post-quantum cryptography (PQC) by 2029. They aren’t waiting for the hammer to fall; they’re building the shield before the storm hits.
The Two Faces of Quantum Risk
Not all quantum risks are equal. To understand the urgency, you need to separate the threats into two categories: immediate data harvesting and future signature forgery.
| Threat Type | Mechanism | Timeline | Impact on Blockchain |
|---|---|---|---|
| Store-Now-Decrypt-Later | Adversaries steal encrypted data today, store it, and decrypt it once quantum computers are ready. | Happening now | Privacy breaches; exposure of private keys if stored insecurely. |
| Signature Forgery | Quantum algorithms (Shor's Algorithm) reverse-engineer public keys to forge transaction signatures. | Estimated 2029-2035 | Existential risk: draining wallets, invalidating ownership proofs. |
The "store-now-decrypt-later" attack is already happening. Bad actors are hoarding encrypted traffic and private key backups, waiting for the day a CRQC exists. While current quantum computers can’t break the encryption yet, the data is sitting there, vulnerable. For blockchain, the bigger existential threat is signature forgery. Digital signatures prove you own your coins. If a quantum computer can generate a valid signature using your public key, it can authorize transactions from your wallet without your permission. For Bitcoin and Ethereum, this breaks the fundamental trust model of the network.
What Is Vulnerable? Elliptic Curves vs. Hash Functions
Not every part of blockchain technology is equally fragile. The vulnerability lies specifically in cryptographic protocols relying on elliptic curve cryptography (ECC) or RSA encryption. These rely on mathematical problems that are hard for classical computers but easy for quantum computers running Shor’s algorithm.
However, hash functions like SHA256 and SHA3, along with symmetric encryption like AES, are expected to remain secure against quantum attacks. This distinction is critical for developers. It means the core integrity of the blockchain ledger-the chain of blocks itself-is relatively safe. The danger is at the user level: the addresses and keys that control access to funds.
Chaincode Labs estimated that up to 50% of all Bitcoin-roughly $700 billion-is potentially vulnerable. Why only half? Because many early Bitcoin addresses were generated using legacy methods that expose more information about the private key when a transaction is sent. Modern addresses use SegWit or Taproot, which offer slightly better protection, but none are immune to a sufficiently powerful quantum machine.
Ethereum and Bitcoin: The Migration Roadmaps
The industry hasn’t sat idle. Both major ecosystems have recognized the threat and are drafting emergency exit plans.
Ethereum published a four-pronged roadmap targeting completion by 2029. The Ethereum Foundation acknowledges that while they don’t expect immediate threats for another 8 to 12 years, the upgrade process for a decentralized network is slow and complex. They must begin well before the threat arrives. Their strategy involves transitioning away from vulnerable elliptic curves toward quantum-resistant alternatives. They are also evaluating new zero-knowledge proof systems. Current popular ZK systems like Groth16, Halo2, and PlonK rely on elliptic curves and are therefore vulnerable. Ethereum is looking at STARKs and SNARGs, which are quantum-resistant but come with trade-offs like larger proof sizes and longer verification times.
Bitcoin is taking a more conservative approach due to its rigid consensus rules. A proposal known as BIP360 has been introduced to address quantum risks. This likely involves a soft fork that allows users to migrate their funds to quantum-safe addresses proactively. Unlike Ethereum, where upgrades can be more fluid, Bitcoin requires near-unanimous miner support, making any change slower but potentially more robust once implemented.
The Zero-Knowledge Proof Crisis
Zero-knowledge proofs (ZKPs) are essential for scaling blockchains through Layer 2 solutions like Starknet and zkSync. However, most existing ZK systems are built on elliptic curves. If those curves break, the entire scaling infrastructure collapses.
The solution lies in shifting to quantum-resistant ZK systems. Starknet is already transitioning to FRI (Fast Reed-Solomon Interactive Oracle Proofs). Ethereum is evaluating FRI, STIR, and WHIR protocols. These new systems don’t rely on discrete logarithm problems that quantum computers can solve easily. Instead, they use different mathematical structures that remain hard even for quantum machines. The catch? Performance. These new proofs are often larger and take longer to verify. Developers will need to optimize hardware and software to handle the increased computational load.
Regulatory Pressure and Industry Deadlines
You don’t have to wait for a hack to force action. Governments are setting hard deadlines. The US and EU have mandated that critical infrastructure and national security systems switch to post-quantum algorithms by 2030. This regulatory push aligns closely with the industry’s self-imposed timelines.
The National Institute of Standards and Technology (NIST) has been leading the charge in standardizing PQC algorithms. However, the path hasn’t been smooth. Several initially evaluated NIST algorithms were found to contain vulnerabilities exploitable by classical computers, forcing restarts in the selection process. This highlights the difficulty of finding math that is both efficient and truly secure. Despite these setbacks, the direction is clear: legacy cryptography is being phased out.
Skepticism vs. Preparation
Despite the urgency, not everyone believes the threat is imminent. Some security researchers bet heavily against a relevant quantum computer arriving by 2029 or even 2035. They argue that error correction and hardware stability remain massive unsolved hurdles. One prominent researcher admitted he wasn’t convinced quantum hacks would happen in his lifetime, though he acknowledged that prediction might haunt him later.
This skepticism doesn’t negate the need for preparation. Cryptographic agility-the ability to swap out algorithms quickly-is the best defense. By migrating to PQC now, institutions ensure they aren’t caught off guard if the skeptics are wrong. It’s cheaper to upgrade voluntarily than to respond to a crisis.
What You Can Do Today
If you are a holder or developer, here is your checklist:
- Avoid Reusing Addresses: Every time you send a transaction, use a new address. This limits the amount of data exposed to potential quantum analysis.
- Monitor Wallet Software Updates: Look for wallets that support post-quantum signature schemes or allow easy migration to quantum-resistant addresses.
- Understand Your Stack: If you build dApps, audit your smart contracts for reliance on ECC-based libraries. Plan for integration with STARKs or other quantum-resistant ZKPs.
- Stay Informed on Standards: Follow NIST announcements regarding finalized PQC standards. These will become the de facto benchmarks for security.
The convergence of faster hardware progress, reduced qubit requirements, and regulatory deadlines has created a narrow window for action. Between 2029 and 2035, the landscape of digital security will fundamentally reshape. Those who prepare now will retain control of their assets. Those who wait may find their keys broken before they realize the game has changed.
When will quantum computers be able to break blockchain encryption?
Estimates vary, but recent research suggests a Cryptographically Relevant Quantum Computer (CRQC) could emerge between 2029 and 2035. This timeline is based on new findings that fewer qubits (around 10,000) may be needed than previously thought, accelerating the threat window significantly compared to earlier predictions of decades away.
Is Bitcoin vulnerable to quantum attacks?
Yes, Bitcoin is vulnerable because it uses elliptic curve cryptography for digital signatures. Chaincode Labs estimates up to 50% of Bitcoin supply could be at risk if quantum computers can derive private keys from public keys. However, the blockchain's hash function (SHA256) remains secure, meaning the ledger itself won't collapse, but individual wallet ownership could be compromised.
What is Post-Quantum Cryptography (PQC)?
Post-Quantum Cryptography refers to cryptographic algorithms designed to be secure against attacks from both classical and quantum computers. Unlike traditional methods like RSA or ECC, PQC relies on mathematical problems that are difficult for quantum algorithms like Shor's algorithm to solve. NIST is currently standardizing these algorithms for widespread adoption.
How is Ethereum preparing for the quantum threat?
The Ethereum Foundation has a roadmap targeting completion by 2029. This includes transitioning to quantum-resistant signature schemes and upgrading zero-knowledge proof systems from vulnerable elliptic-curve-based models (like Groth16) to quantum-resistant ones like STARKs and SNARGs. They are also evaluating new protocols such as FRI, STIR, and WHIR.
Are hash functions like SHA256 safe from quantum computers?
Yes, hash functions like SHA256 and SHA3 are considered largely secure against quantum attacks. Quantum computers do not provide a significant speedup for brute-forcing hashes, unlike their ability to break elliptic curve or RSA encryption. This means the structural integrity of the blockchain ledger remains protected, even if user keys are compromised.
What is a "store-now-decrypt-later" attack?
This is an attack where adversaries intercept and store encrypted data today, knowing they cannot decrypt it yet. They wait until a powerful quantum computer becomes available to decrypt the stored data. This makes current encryption vulnerable immediately, as sensitive information like private keys or personal data could be exposed years after it was originally captured.
Will I lose my crypto if a quantum computer breaks my wallet?
If a quantum computer derives your private key from your public key, yes, an attacker could forge signatures and drain your wallet. However, this only affects funds associated with that specific key. Upgrading to quantum-resistant wallets or moving funds to new addresses before such a breakthrough occurs can mitigate this risk. Networks like Bitcoin and Ethereum are working on migration paths to help users transition safely.