Bitcoin (CRYPTO: BTC) faces a long-running security debate as researchers map the timeline over which quantum computing could undermine current cryptography. A white paper from Ark Invest, prepared with Unchained Capital’s insights, argues that a substantial portion of the BTC supply is not immediately exposed to such a threat, while a meaningful minority could require attention in the years ahead. The study estimates that roughly 65.4% of the circulating BTC is not vulnerable to a quantum-based breakthrough today, leaving about 34.6% at risk under certain assumptions about address behavior and key exposure. In concrete terms, the assessment breaks down the vulnerable pool into roughly 5 million BTC that could migrate due to address reuse, about 1.7 million BTC (around 8.6% of supply) possibly lost in legacy P2PK (Pay To Public Key) addresses, and roughly 200,000 BTC (about 1%) that could migrate because of newer P2TR (Pay To Taproot) formats. The authors contend that breaking Bitcoin’s elliptic-curve cryptography would require a quantum computer with thousands of qubits and a vast number of quantum gates, meaning a direct attack remains distant, even as prep work accelerates. Even so, their practical feasibility would require quantum systems to reach performance levels that our research suggests will take much time to achieve.

“Even so, their practical feasibility would require quantum systems to reach performance levels that our research suggests will take much time to achieve.”

The Ark Invest analysis sits alongside broader discussions about the pace of quantum development. It contrasts with a February CoinShares assessment, which estimated that only about 10,200 BTC—roughly 0.05% of the supply—present true market-relevant quantum risk, even though older P2PK addresses still carry theoretical exposure. Separately, progress in quantum hardware continues apace: a landmark facility capable of housing one million physical qubits, a scale that dwarfs typical data-crunching rigs, is slated for completion in 2027. Chicago-based PsiQuantum leads the project, backed in part by BlackRock-linked funds, underscoring institutional interest in quantum infrastructure as much as cryptographic risk.

Quantum breakthrough remains “long-term risk” for Bitcoin

The white paper frames quantum risk as a gradual, multi-stage development rather than an instantaneous vulnerability. It outlines five stages of quantum computing progress, with the most consequential impact—breaking ECC at a pace faster than Bitcoin’s block interval—occurring only in the final stage. In practical terms, Bitcoin’s exposure from migrating or reusing addresses would remain limited until stage 3, when a quantum computer could break the 256-bit ECC key. The authors point to a mid-2030s window for the first public-key break, a benchmark derived from assessments by major tech firms such as Google, IBM and Microsoft. The conclusion is not alarmist, but it signals that the network has time to study protections and plan upgrades without rushing a hard fork or governance overreach.

“Those who hold and transact Bitcoin should regard quantum risk as a long-run risk rather than an imminent threat,” the paper notes, framing it as a call to prepare rather than panic. The authors emphasize that awareness and foresight will be essential as the risk migrates through the network over time, potentially shaping how wallets, exchanges and custodians think about security architecture in the coming decade. The discussion also touches on governance frictions: unlike a single-fork upgrade, implementing post-quantum safeguards across Bitcoin’s decentralized consensus model will require broad alignment across nodes, miners and developers.

The Ark Invest report includes a figure on the multi-stage trajectory of quantum advancement but also flags a practical nuance: even at higher stages, the speed of a security breach would depend on the specific cryptographic primitives in use and how quickly the ecosystem migrates to post-quantum alternatives. In the meantime, researchers and builders are exploring how to harden the network with post-quantum cryptography (PQC) while preserving compatibility and performance. The authors also discuss candidate post-quantum schemes, such as ML-DSA (lattice-based) and SLH-DSA (hash-based), which are among the approaches considered for future resilience.

On the governance frontier, the paper notes that a wholesale, rapid shift to PQC would be challenging under Bitcoin’s consensus rules. A proposed path discussed in the literature is BIP-360, which contemplates a Pay-to-Merkle-Root type output designed to mitigate long-exposure quantum risk without immediately reworking the entire signature ecosystem. Yet, the authors caution that BIP-360 is not a cure-all; it does not itself embed post-quantum signatures, which the team regards as essential for durable protection against quantum attacks. Experts such as Chris Tam of BTQ Technologies have underscored this gap, arguing that effective post-quantum defense requires signatures, not just new address formats.

The broader takeaway is that quantum risk, while real, is a long-term concern that invites proactive planning rather than haste. The Ark Invest paper emphasizes that the transition to quantum-safe mechanisms will likely unfold in stages, with ongoing research, testing and governance conversations shaping the path forward. As the spotlight intensifies on quantum hardware, Bitcoin’s security posture will increasingly hinge on how the community negotiates practical upgrades within a decentralized framework that favors gradual, consensus-driven change.

In closing, Ark Invest’s analysis corroborates a cautious but constructive view: the threat remains distant enough to permit careful preparation, yet imminent enough in its trajectory to justify continued investment in quantum-ready cryptography and related upgrades. The dialogue around post-quantum protections—beyond mere address formats—reflects a mature understanding that long-horizon risk requires long-horizon solutions, coordinated across ecosystems from core developers to wallet providers and exchanges.

Why it matters

For individual holders, the report underscores that the security of today’s holdings relies on a combination of on-chain design and user behavior. A sizable portion of BTC may still be at risk only if quantum attackers gain the means to break elliptic-curve cryptography in a time window long enough for the network to implement upgrades. This matters not as a near-term crisis, but as a strategic reason to stay informed about post-quantum advances and to monitor consensus-driven proposals that could alter how keys and addresses are managed in the future.

For builders and wallet providers, the analysis highlights the importance of future-proofing infrastructure. The emergence of PQC standards and the potential need for quantum-safe address formats could influence wallet compatibility, key management, and transaction verification. The discussion around BIP-360 — and the broader push toward signatures resilient to quantum attacks — points to a practical roadmap where security upgrades are evaluated in stages rather than through abrupt protocol changes.

For the market at large, the study underscores that quantum readiness is increasingly a governance and investment narrative as much as a technical one. The prospect of a major quantum milestone, like a million-qubit facility, signals a broader shift toward quantum readiness across technology and finance, which could impact risk appetite, capital allocation and the pace at which institutions engage with crypto security initiatives.

What to watch next

• Progress on BIP-360 and any proposals to introduce post-quantum signatures or other PQC-based protections.
• Updates to Ark Invest’s research or new white papers that refine the share of vulnerable BTC as quantum hardware advances.
• Milestones in quantum hardware deployments, including PsiQuantum’s 1-million-qubit roadmap and related funding developments.
• Adoption timelines for post-quantum cryptography standards and their integration into Bitcoin’s consensus framework.

Sources & verification

• Ark Invest and Unchained’s white paper on Bitcoin and quantum computing, including address migration and exposure breakdown. https://www.ark-invest.com/Thank-You/bitcoin-and-quantum-computing?submissionGuid=0568c5c5-6004-4bb3-9c71-ad9f904c3cf6
• CoinShares analysis referenced in February detailing market-relevant quantum risk estimates. https://cointelegraph.com/news/only-10k-bitcoin-quantum-risk-coinshares
• Announcement of PsiQuantum’s one-million-qubit facility with BlackRock-linked funding. https://cointelegraph.com/news/construction-quantum-facility-1m-qubits-begins
• BIP-360 post-quantum discussion and related commentary, including the critique that it lacks post-quantum signatures. https://cointelegraph.com/news/bitcoin-quantum-resistant-bip-360-post-quantum-signatures-taproot
• Perspective on the potential timeline for post-quantum upgrades, including expert commentary from BTQ Technologies. https://cointelegraph.com/news/whale-9b-bitcoin-sale-not-quantum-concerns-galaxy-digital