There has been a lot of chatter surrounding Bitcoin’s longevity as a network, as research on quantum computers gains traction, with some claims circulating that a viable device is less than a decade away, which, if true, will have massive implications for not only Bitcoin but the entire web from a privacy and security perspective.
While all communication and data transfer protocols using cryptography are at risk, Bitcoin gets special attention because it is an open, auditable monetary network worth trillions. If it is ever compromised, it won’t take long for the public to realise what’s going on, but what is it that is so worrisome?
Bitcoin uses cryptography—a type of mathematical lock—to protect your coins. Right now, these locks are so strong that even the world’s best supercomputers would take billions of years to break them.
But quantum computers are fundamentally different.
They use quantum physics to solve certain types of problems or run processes exponentially faster. If quantum computers become powerful enough, they could break Bitcoin’s mathematical locks in minutes.
While I won’t touch on how quantum computers work, in theory, a quantum computer could be programmed to run brute-force calculations to determine a user’s private key based on publicly available data from the blockchain.
This means a quantum computer owner could take coins held in old addresses, dormant wallets, and anyone whose public key has been exposed on the blockchain.
This is called “quantum recovery.”
Bitcoin’s Lock: How It Works Today
When you create a Bitcoin wallet, the system generates two keys: a private key and a public key. Think of them like this:
- Private Key = Your secret password. You must never share this with anyone. It’s the mathematical number that lets you spend your Bitcoin.
- Public Key = Like your email address. You can share this with anyone. It’s used to prove that a transaction came from you without revealing your private key.
Bitcoin’s security depends on this being mathematically impossible to reverse: if someone knows your public key, they cannot figure out your private key. Not with today’s computers, anyway. Classical computers would need billions of years to perform this reversal.
It’s like trying to guess the password to a vault by trying every possible combination one at a time.
A quantum computer doesn’t try combinations one by one. Instead, it uses quantum mechanics to explore many possibilities simultaneously, which can dramatically speed up certain calculations. For Bitcoin’s specific type of cryptography—called ECDSA or Elliptic Curve Digital Signature Algorithm—a sufficiently powerful quantum computer could derive your private key from your public key in minutes or hours.
Understanding Quantum Recovery
Quantum recovery means that if someone with a powerful enough quantum computer could target old Bitcoin addresses and dormant wallets, they could theoretically gain access to those coins and move them to their own address.
The coins wouldn’t be “found”—they’d be stolen by someone with the computational power to break the cryptographic locks. But Bitcoin researchers call it “recovery” to distinguish it from traditional theft, since the attacker isn’t hacking a server or stealing a password.
They’re mathematically reversing the cryptography that protects the coins.
Quantum recovery doesn’t affect everyone equally. It only affects Bitcoin that has exposed its public key on the blockchain.
So, when does your public key get exposed?
Primarily in two scenarios:
- When you spend Bitcoin from an address. Once you send coins from a wallet, your public key becomes visible on the blockchain. After that, the address is vulnerable to quantum attacks. This is why Bitcoin experts recommend never reusing an address to receive coins after you’ve spent from it.
- If you use certain old address types (like P2PK). Bitcoin’s earliest addresses displayed the public key directly on the blockchain. Most of Satoshi Nakamoto’s coins—including over 1 million Bitcoin that has never moved—sit in these vulnerable addresses.
Two Types of Quantum Attacks
Bitcoin security researchers distinguish between two types of quantum attacks based on timing:
| Attack Type | How It Works | Time Window |
| Long-Range Attack | Targets old dormant wallets with public keys already visible on the blockchain. The attacker can work slowly, offline, with no time pressure. | Days or weeks—no rush |
| Short-Range Attack | Targets any address when someone is actively sending Bitcoin from it. The public key appears during the transaction broadcast. | 10-60 minutes before confirmation |
Long-range attacks are more likely in the near term because they target coins that have already exposed their public keys. The attacker has days or weeks to compute the private key without any rush or risk of discovery.
Short-range attacks would require quantum computers to crack a key within the 10-60 minute window before a transaction is confirmed—a much harder feat technologically.
Google researchers recently warned that a sufficiently powerful quantum computer could break Bitcoin’s ECDSA cryptography in under nine minutes. If that happens, both attack types become viable.
Who Would Be Affected?
Not all Bitcoin holders face equal risk. The vulnerability depends entirely on whether your public key has been exposed on the blockchain.
Highest Risk: Dormant Bitcoin Holders
Bitcoin from the earliest days of the network is extremely vulnerable. This includes Satoshi Nakamoto’s roughly 1 million coins (which have never moved since they were mined in 2009-2010), early mining rewards from the “Satoshi era,” and any address that received coins and then sent them, exposing the public key.
Estimates suggest approximately 1.7-6.8 million Bitcoin (worth $130-520 billion USD) sit in these vulnerable address types. Most of these coins are dormant—the owners have lost their keys, forgotten about them, or passed away without sharing the private key.
If a quantum computer became available, these coins would be easy targets because:
(1) the public key is already visible,
(2) there’s no active owner to move the coins to safety, and
(3) the attacker has unlimited time.
High Risk: People With Reused Addresses
Bitcoin best practice says you should never receive coins twice at the same address. Yet many people do. Anyone who sent Bitcoin from an address and then kept receiving more Bitcoin at that same address has exposed their public key and left a balance vulnerable.
For anyone currently holding Bitcoin in such an address, quantum computers pose a serious threat.
Medium Risk: Modern Wallet Users
Modern wallets use address formats that hide the public key until you spend the Bitcoin. If your coins have never been spent—if you’ve only received them—your public key is hidden, and you’re relatively safe from long-range attacks.
However, the moment you spend those coins, your public key becomes visible, and you enter the vulnerable category. But here’s the key difference: modern Bitcoin transactions using formats like P2WPKH (Pay-to-Witness-Public-Key-Hash) only expose your public key for about 10-60 minutes while the transaction is being confirmed.
This is too short a window for a quantum computer to derive the private key, even with current quantum technology. But if quantum computers become significantly faster (as Google’s warnings suggest), even this window could be threatened.
Lowest Risk: Bitcoin Not Yet Spent
If your Bitcoin has only received transfers and you’ve never sent any out, your public key is still hidden on the blockchain. You’re safe until the moment you try to spend your coins. At that point, you become vulnerable to short-range attacks during the confirmation window.
The Real-World Impact
So what happens if quantum computers actually become this powerful? The impacts would be severe and wide-ranging:
- Wealth Redistribution – Whoever builds or gains access to a quantum computer powerful enough to crack Bitcoin’s cryptography could potentially steal billions of dollars in dormant Bitcoin. Estimates suggest between $130 billion and $520 billion worth of Bitcoin could be at risk. This wealth would go to whoever has the quantum computer—likely a nation state, a mega-corporation like Google or Microsoft, or whoever happens to make the technological breakthrough.
- Bitcoin Price Collapse – If suddenly billions of dollars worth of previously dormant Bitcoin starts moving to exchanges and being sold, the price would likely crash. This would harm all Bitcoin holders, not just those whose coins were stolen. The fear alone—knowing that quantum computers could drain vulnerable wallets at any moment—would cause panic selling.
- Loss of Confidence – Bitcoin’s entire value proposition rests on the idea that cryptography protects your money. If that protection is broken, why hold Bitcoin at all? Users might flee to other assets, or to blockchain projects that have already upgraded to quantum-resistant cryptography.
- Ecosystem Disruption – Every exchange, wallet provider, hardware wallet manufacturer, and Bitcoin service would need to urgently upgrade their systems. Wallets would stop working. Security models would be thrown into chaos. The entire Bitcoin infrastructure would be in crisis mode.
But How Serious Is This, Really?
This is where opinions diverge sharply in the Bitcoin and security communities.
Some key facts to understand:
- Quantum computers powerful enough to threaten Bitcoin don’t exist yet. Google, IBM, Microsoft, and others are developing quantum computers, but they’re nowhere near the capability needed to break Bitcoin’s ECDSA. We’re talking about needing millions of stable qubits or a way more efficient use of the current qubits, since current quantum computers have hundreds.
- The timeline is uncertain. Experts disagree on when this threat might materialise. Some say 2029. Others say decades away. Some say it might never happen. Quantum computing progress has been slow and steady, with periodic setbacks.
- Complexity of the task: A quantum computer’s ability to run a program is primarily limited by the fragile nature of its quantum bits (qubits) and its high sensitivity to environmental noise, which leads to errors. Even if the qubits required are available, it doesn’t mean every application will run smoothly.
- Bitcoin has time to prepare. Scientists have already designed quantum-resistant signature schemes (SPHINCS+, lattice-based cryptography, and others). If quantum computers do become a threat, Bitcoin can be upgraded with new cryptographic protections. It’s not a sudden surprise—it’s a known problem with known solutions waiting in the wings.
- The real question is governance. Can the Bitcoin community actually agree to upgrade the protocol if quantum computers become a real threat? Bitcoin’s upgrade process is deliberately slow and decentralised. Getting consensus might take years. This is where the real danger lies: not the quantum computers themselves, but Bitcoin’s ability to collectively respond in time.
What Should You Do Today?
If you hold Bitcoin, here are practical steps you can take right now to reduce your quantum risk:
- Never reuse addresses. Most modern wallets do this automatically, but if you’re using older software or paper wallets, make sure you only receive coins at fresh addresses. Once you spend from an address, don’t use it again.
- Use modern wallet formats. Native SegWit (Bech32 addresses starting with ‘bc1’) and Pay-to-Public-Key-Hash (P2PKH) addresses are far more secure than the old P2PK format. If you’re still holding Bitcoin in very old addresses, consider moving it to a modern wallet.
- Keep your hardware wallet updated. When quantum-resistant wallet software becomes available, update your devices immediately. This is a firmware update, not a hardware replacement.
- Stay informed. Follow Bitcoin developers, read about ongoing proposals like BIP-360 (which aims to protect Taproot addresses), and pay attention to any announcements about quantum-resistant upgrades. The cryptocurrency community is actively working on this problem.
The Philosophical Debate: Burn or Let Slip?
Bitcoin developers are debating one crucial question: if quantum computers do become a threat, should Bitcoin be upgraded to permanently lock quantum-vulnerable coins—making them unspendable even by future quantum computers—or should they remain vulnerable and let whoever has the quantum computer take them?
Jameson Lopp, argues for “burning” vulnerable coins (making them permanently unspendable).
His reasoning: allowing quantum thieves to take Satoshi’s million coins and other dormant wallets doesn’t actually help those coin owners (who already lost their keys). But it would destroy Bitcoin’s value for everyone else as the price collapses from a massive supply shock.
Others argue that preventing quantum-driven spending violates Bitcoin’s core principle that anyone with the keys can spend their coins. This isn’t a settled debate, and when (if) the time comes, Bitcoin’s community will need to make this decision collectively.
Questions around Quantum will continue
Quantum recovery of Bitcoin is a real long-term threat, but not an immediate emergency. Quantum computers powerful enough to crack ECDSA don’t exist yet.
The Bitcoin community has time to research and deploy solutions.
The biggest risk is that Bitcoin’s governance—its ability to reach consensus and upgrade the protocol—might move too slowly if quantum computers do become a credible threat. For most modern Bitcoin users following best practices, the risk is currently minimal. But anyone holding Bitcoin in very old addresses, or who has reused addresses, should consider moving their coins to a modern wallet with hidden public keys.
The timeline is uncertain, but better safe than sorry.
Quantum computing is coming—whether it threatens Bitcoin is still an open question.
Do your own research.
If you want to learn more about the Quantum Recovery of Bitcoin, use this article as a starting point. Don’t trust what we say as the final word. Take the time to research other sources, and you can start by checking out the resources below.
- Jameson Lopp: Against Allowing Quantum Recovery of Bitcoin
- CoinDesk: Bitcoin’s $1.3 Trillion Security Race
- River: Will Quantum Computing Break Bitcoin?
- Chaincode: Bitcoin and Quantum Computing
- Human Rights Foundation: The Quantum Threat to Bitcoin
- Deloitte: Quantum Computers and the Bitcoin Blockchain
