How does Bitcoin respond to the quantum threat? Galaxy report reveals the potential risk to 70 million BTC

Quantum computing’s rapid transition from theory to engineering breakthroughs is prompting the crypto industry to reevaluate the security of underlying cryptography. As the timeline for “Q-Day” (the day when quantum computers can break current public key cryptography) becomes more predictable, Bitcoin, as the highest market cap crypto asset, is under market scrutiny for its resilience. Recent research from Galaxy Digital provides a clear phased assessment: the risk is real but currently limited.

Why the Threat of Quantum Computing to Bitcoin Is “Real”

Bitcoin’s security relies on two cryptographic mechanisms: the hash functions used for address generation and the elliptic curve digital signature algorithm (ECDSA) used for signing transactions. Quantum computing poses different levels of threat to each. Hash functions’ security under Grover’s algorithm is reduced to the square root, which is manageable; however, ECDSA faces theoretical vulnerability—sufficiently large fault-tolerant quantum computers could derive private keys from public keys exposed on the blockchain.

Alex Thorn, head of research at Galaxy Digital, points out that this threat is not just a distant theoretical scenario. Analysis by security firm Project Eleven indicates that about 70 million Bitcoin (worth approximately $470 billion at current prices) are at potential risk due to “long-term exposure,” meaning their public keys are already on-chain exposed. This implies that once quantum computers can break cryptography, assets in these addresses could be among the first to be at risk of theft.

Why Current Risk Is Considered “Limited”

Although the threat is logically inevitable, Galaxy Digital emphasizes that it is not an imminent existential crisis. Distinguishing between “real” and “urgent” is key to understanding the current industry consensus.

First, quantum computing is still in the NISQ (Noisy Intermediate-Scale Quantum) era, and it will take years before fault-tolerant quantum computers with thousands of logical qubits capable of breaking 256-bit elliptic curves are developed. McKinsey’s 2025 report estimates the Q-Day window to be between 2 and 10 years, reflecting the uncertainty in technological progress.

Second, not all Bitcoin holdings are equally exposed. Only addresses that are reused, use outdated formats (like P2PK), or are stored by custodians via “shortcut” methods leave public key traces on-chain. The vast majority of UTXOs following the “one address, one receive, one spend” principle reveal their public key only when spent, and after spending, the assets are transferred elsewhere. This means the “attack surface” for quantum threats is much smaller than the total Bitcoin supply.

Structural Trade-offs in Post-Quantum Migration

The Bitcoin community has historically been cautious about major changes. This “if it isn’t broken, don’t fix it” culture helps ensure network stability but also presents governance challenges for post-quantum upgrades.

On the technical side, solutions are underway. In February 2026, BIP 360 (Pay-to-Merkle-Root) was officially added to the BIP repository, removing some key paths of Taproot and retaining only script paths, significantly reducing quantum exposure and reserving interfaces for future post-quantum signature schemes. This proposal is a soft fork, not mandatory, and represents a gradual improvement.

However, the bigger challenge lies in governance. If a comprehensive post-quantum migration is initiated, the community must confront a core issue: how to handle dormant Bitcoin with permanently exposed public keys (including about 1 million coins in Satoshi addresses) that may never be actively migrated. Should they be subject to “first-come, first-served” competitive extraction, or should a phased restriction mechanism (like an hourglass) be implemented to limit their spending? The former could lead to large asset releases at unpredictable market times, while the latter involves intervention in asset spendability, potentially conflicting with Bitcoin’s core principle of “uncensorability.”

How Different Ecosystems’ Approaches Affect Industry Dynamics

In responding to quantum risks, different blockchain ecosystems show clear divergence. Ethereum co-founder Vitalik Buterin has outlined a clear anti-quantum roadmap as of February 2026, prioritizing it as a top strategic goal, with a planned post-quantum upgrade around 2029.

Bitcoin’s pace is more cautious. Although BIP 360 marks the first formal step toward quantum resistance, a full migration plan is still under discussion. Nic Carter, founding partner at Castle Island Ventures, recently noted that this delay could become a relative advantage for other chains, and markets may start to reflect this prioritization gap. It’s important to recognize that Bitcoin developers’ caution does not mean ignoring the issue—BIP 360 has received the highest number of comments in history, indicating active engagement in evaluating this long-term challenge.

Possible Future Scenarios

Based on current technological progress and community dynamics, the next 5–10 years could see several scenarios:

Scenario 1: Ordered Migration (High Probability). Quantum progress aligns with expectations; within 5–7 years, the community reaches governance consensus to implement phased migration: first, prohibiting new funds from flowing into old address formats; second, gradually transferring active funds to post-quantum secure addresses; finally, applying phased restrictions to long-dormant exposed addresses. Under this path, market confidence remains stable, and upgrades are seen as enhancing network resilience.

Scenario 2: Competitive Extraction (Lower Probability but High Impact). If Q-Day approaches suddenly and governance is deadlocked, entities with quantum capabilities could preemptively extract funds from exposed addresses. This could cause chaos over asset ownership and undermine Bitcoin’s narrative of finality.

Scenario 3: Hybrid Defense Mechanisms (Moderate Probability). Using soft forks to introduce “sentinel” mechanisms that add extra validation layers or time locks to exposed addresses’ transactions, balancing ownership rights with a buffer period for migration.

Progress and Limitations of Existing Solutions

Efforts to address quantum risks are advancing on multiple fronts. In 2024, NIST finalized the first post-quantum cryptography standards, including CRYSTALS-Kyber and CRYSTALS-Dilithium, providing reference cryptographic primitives for blockchain projects. Bitcoin developers are working on standardizing new address types to enable users to proactively migrate funds away from vulnerable formats.

However, two inherent limitations remain: compatibility and voluntariness. Bitcoin’s backward compatibility principle requires new schemes not to invalidate old wallets; and migration cannot be forced on all holders, meaning long-term exposed dormant addresses will persist. Alex Thorn notes, “Much more work is underway than people realize,” but the community must remain patient with the long-term nature of this challenge.

Summary

The threat of quantum computing to Bitcoin fundamentally reflects a race between cryptographic infrastructure replacement and decentralized governance pace. Galaxy Digital’s assessment offers a balanced perspective: the risk is real, with about 7 million Bitcoin in “exposed” status; but the timeline is ample, technical pathways are emerging, and community governance is moving from divergence toward consensus. For market participants, incorporating quantum risk into long-term monitoring is necessary, but mistaking it for an immediate existential threat could misjudge the industry’s fundamentals.

FAQ

Q1: When will quantum computing truly threaten Bitcoin security?

Current estimates place Q-Day between 5 and 10 years from now, depending on breakthroughs in quantum hardware error correction and algorithm optimization. Presently, quantum computers cannot pose an actual threat to ECDSA.

Q2: If the quantum threat materializes, will I lose my Bitcoin?

If your Bitcoin is stored in wallets following security best practices (no address reuse, using new addresses for each receipt), public keys are only briefly exposed during transaction broadcast, and assets are transferred immediately afterward, the risk is manageable. The main risk is associated with address reuse, old formats, or custodial mishandling.

Q3: What measures are currently in place in the Bitcoin community?

BIP 360 was incorporated in February 2026, reducing quantum exposure by restructuring Taproot scripts and reserving space for future post-quantum signatures. A comprehensive migration plan is still under discussion.

Q4: Should I sell my Bitcoin because of quantum risks?

Galaxy Digital’s Alex Thorn suggests that quantum risk should be monitored but does not justify avoiding Bitcoin exposure. Long-term technical challenges should not be mistaken for immediate threats.

Q5: Are other chains like Ethereum moving faster?

Ethereum has explicitly prioritized anti-quantum upgrades and has a clearer roadmap. Different governance cultures and technical iteration speeds across ecosystems may influence their long-term narratives and market positioning.