A 50 page quantum computing crypto risk assessment published Tuesday by Coinbase’s independent advisory board concludes that while today’s blockchains remain secure, a fault-tolerant quantum computer capable of breaking widely used encryption is increasingly plausible and that preparation must begin now, warning that “waiting for it to be urgent is not a good idea.”

Quantum computing crypto risk has its most authoritative industry assessment yet. The Coinbase advisory board, a group of world-class cryptographers and blockchain researchers convened by Coinbase in January 2026, released its first major position paper Tuesday: a 50 page analysis of how future quantum computers could affect blockchain security and what the industry must do before that threat becomes real.

“Waiting for it to be urgent is not a good idea,” the paper states, emphasizing that transitions across blockchains, wallets, and exchanges could take years to execute safely even after all the technical standards are in place.

The board members who authored the paper include Dan Boneh, the director of the Stanford Center for Blockchain Research; Justin Drake of the Ethereum Foundation; Sreeram Kannan, the founder of EigenLayer; Yehuda Lindell, Coinbase’s head of cryptography; and Dahlia Malkhi, an expert in resilient distributed systems. Their institutional breadth gives the paper a credibility that no single-company security assessment would carry.

What the Report Found and What Makes It Credible

The paper’s core conclusion is carefully calibrated: quantum computers today cannot crack the cryptography underpinning Bitcoin, Ethereum, or any major blockchain. Breaking standard encryption would require fault-tolerant quantum machines with vastly more error-corrected qubits than current hardware provides, and achieving that is still considered a major engineering challenge. The report does not predict when that will happen. It argues that the timeline uncertainty itself is the problem.

The threat the paper focuses on most is the harvest now, decrypt later attack: adversaries can collect encrypted blockchain data today and store it, waiting for quantum hardware to mature enough to crack it retroactively. For long-held assets, this is a material risk that begins now rather than when the quantum threat becomes practical. Bitcoin addresses that have already revealed their public keys on-chain are specifically identified as the most immediately exposed category of holdings.

Why the Transition Will Be Harder Than It Sounds

The technical solution to quantum vulnerability already exists: NIST has standardized post-quantum cryptographic algorithms that are mathematically resistant to quantum attacks. The problem is implementation at blockchain scale. Post-quantum digital signatures can be tens to hundreds of times larger than the signatures in use today. One estimate in the Coinbase report suggests that replacing current signatures with quantum-proof alternatives could expand block sizes by up to 38 times.

For a network like Bitcoin, which processes blocks under a strict size limit and where any upgrade requires consensus among a decentralized set of stakeholders with no central authority, a 38-times expansion of signature data is not a parameter adjustment. It is a fundamental architectural change that touches every node, wallet, exchange, and application in the ecosystem. The debate among Bitcoin developers, already underway, reflects exactly this tension between urgency and the cost of change.

What Crypto Networks Are Already Doing

The Coinbase report arrives alongside parallel actions across the ecosystem. Ripple published a four phase XRPL post-quantum roadmap targeting completion by 2028. The Ethereum Foundation has elevated post-quantum security to a top strategic priority with a dedicated research team. Bitcoin developers are actively debating BIP 361, a proposal for a structured migration away from legacy address types that expose public keys.

For the Bitcoin quantum risk assessment specifically, researchers estimate approximately 4.5 million Bitcoin held in early or reused addresses may be exposed to future quantum attacks. The quantum threat debate in Bitcoin has become one of the most contested governance questions in the community, precisely because the solutions require either forcing coin migration or accepting that some portion of the supply may eventually be at risk.

DefiLlama logs 518 crypto hacks and over $17b in losses in 10 years, with attackers shifting from smart contracts to keys, bridges and wallets, as rsETH loses ~$290m.

Crypto’s security bill over the past decade has quietly climbed past $17 billion, according to DefiLlama data cited by Cointelegraph, with at least 518 documented hacks and exploits hitting exchanges, DeFi protocols, bridges and wallets since 2014. That figure captures everything from early exchange blow‑ups to today’s sophisticated cross‑chain attacks, and it comes even as the overall pace of large on‑chain exploits has slowed from peak‑mania years like 2021–2022.

A decade of $17b in crypto losses

Under the surface, however, the composition of those losses is shifting. Where early DeFi hacks often hinged on smart contract bugs and unchecked flash‑loan logic, recent incidents show attackers increasingly targeting the soft tissue around crypto — private keys, signing infrastructure and user devices — with credential theft, social engineering and SIM‑swap‑style attacks. Security firms told Cointelegraph that they expect 2026 to bring more advanced phishing and AI‑assisted scams capable of tricking even technically savvy users into signing malicious transactions or revealing seed phrases.

Bridge infrastructure has been a particular weak point. DefiLlama’s hacks dashboard shows that bridges account for almost $3 billion of the roughly $11.8 billion it categorises as “total value hacked,” with large single incidents like the Ronin, Wormhole and Multichain exploits setting the tone for cross‑chain risk. The latest addition to that list is Kelp DAO’s rsETH cross‑chain bridge, which was hit on April 18 after an attacker forged a cross‑chain message on a LayerZero‑based link and minted or released 116,500 rsETH to an attacker‑controlled address.

Those tokens — representing “restaked” Ether — were worth about $290–$293 million at the time, or roughly 18% of rsETH’s total supply, and have been called the largest DeFi exploit of 2026 so far by outlets including Bloomberg. The incident forced Kelp DAO to pause the bridge, coordinate emergency responses with exchanges and protocols, and sparked a blame game over LayerZero’s default single‑validator configuration, which critics argue left the system effectively one‑key‑away from catastrophic minting.

Even away from headline‑grabbing exploits, everyday credential compromises continue to rack up damage. DefiLlama data cited by Cointelegraph shows that in the first quarter of 2026 alone, hackers stole about $168.6 million from 34 DeFi protocols, with the largest single hit — a $40 million Step Finance theft — traced back to a private key compromise rather than a pure code bug. That trend suggests DeFi’s smart contract security is slowly hardening, while attackers respond by moving upstream into the tools and human processes that sit between wallets and protocols.

For users and teams, the lesson is brutal but clear: audits and formal verification are necessary, but not sufficient. Hardware keys, multi‑sig schemes, segregated signing devices, strict key‑management policies, and relentless phishing hygiene are now as critical to safeguarding crypto as gas optimisations and bug bounties ever were — because it only takes one compromised credential to turn another line in DefiLlama’s hacks database into a nine‑figure loss.

A senior US military commander has lauded Bitcoin as a “valuable computer science tool,” arguing its usefulness extends beyond monetary applications and can support US national security interests.

“It is a valuable computer science tool, as a power projection,” Admiral Samuel Paparo said at a Senate Armed Services Committee hearing on Tuesday, adding that Bitcoin’s proof-of-work technology “imposes more cost” on attackers attempting to compromise the network:

“Outside of the economic formulation of it, it has got really important computer science applications for cybersecurity.”

The Senate hearing looked into the strategic posture of US forces in Indo-Pacific, including ongoing conflicts in Ukraine and the Middle East, China’s military expansion and coordination with foreign adversaries, and threats from North Korea.

Paparo’s remarks echo similar comments from US Space Force member Jason Lowery in December 2023, who said Bitcoin and other proof-of-work blockchains could protect the US in cyberwarfare.

At the time, he said that while Bitcoin is mostly seen as a “monetary system” to secure funds, few know that Bitcoin can be used to secure “all forms of data, messages or command signals.”

“As a result, this misconception underplays the technology’s broad strategic significance for cybersecurity, and consequently, national security.”

Research into Bitcoin’s use as a cybersecurity tool comes as many adversaries — including state-linked actors — have turned to cyberattacks such as phishing, ransomware and distributed denial-of-service to sabotage infrastructure and secure economic advantages.

North Korea’s notorious Lazarus Group is one of the most notable examples of this, having stolen billions of dollars in crypto over the past decade to support its nuclear program.

Paparo’s comments came in response to a question from US Senator Tommy Tuberville, who asked how the US and Congress can lead on Bitcoin competition, noting that China’s top monetary think tank now also views Bitcoin as a strategic asset.

Paparo didn’t address the question directly but added, “Bitcoin is a reality. It is a peer-to-peer zero-trust transfer of value. Anything that supports all instruments of national power for the United States of America is to the good.”

Senators introduce national security-focused Bitcoin bill

The US holds the largest Bitcoin reserves among nation-states and holds the largest share of Bitcoin hashrate. However, it remains reliant on foreign-manufactured mining equipment, an issue that has raised national security concerns related to supply chain risks.

Related: Quantum threat to Bitcoin still years away, says Borderless Capital partner

Last month, US Senators Bill Cassidy and Cynthia Lummis introduced the Mined in America Act to resolve that issue by bringing more Bitcoin mining manufacturing back to the US. 

It also seeks to codify Trump’s executive order establishing the Strategic Bitcoin Reserve.

Magazine: Adam Back says current demand is ‘almost’ enough to send Bitcoin to $1M