February 18, 2026 — A leading Bitcoin researcher has issued a stark warning that migrating the world’s largest cryptocurrency to full quantum resistance could require a seven-year marathon, a timeline that may intersect dangerously with advances in quantum computing. Ethan Heilman, co-author of the newly updated BIP-360 proposal, provided the detailed forecast to Cointelegraph, emphasizing that the immense technical challenge is matched by the even greater hurdle of achieving community consensus. His analysis, grounded in the blockchain’s current 3-10 transactions per second limit and the need for global wallet upgrades, suggests that if the process started today, activation might take three years, with full user migration stretching several years beyond. This urgent assessment arrives as scientists like Caltech’s Thomas Rosenbaum predict functional, fault-tolerant quantum computers within five to seven years, potentially placing Bitcoin’s cryptographic foundations at risk.
Breaking Down the Seven-Year Post-Quantum Timeline for Bitcoin
Heilman’s seven-year estimate is not arbitrary but a structured projection of the multi-phase process required. “Three years until it activates,” he explains, outlining a sequence beginning with finalizing Bitcoin Improvement Proposals (BIPs), followed by extensive code review and testing—a period he estimates at two and a half years. Assuming unanimous community support, a subsequent six-month activation period would follow. However, the most daunting phase involves every Bitcoin holder migrating funds to new, quantum-safe addresses. Given the blockchain’s throughput limits, this mass migration could itself take “months, or even years.” Furthermore, Heilman notes that wallets, custodians, payment processors, and layer-two solutions like the Lightning Network must all undergo significant upgrades. “If we are lucky, 90% will have updated five years after activation,” he states, clarifying that the entire forecast is an optimistic “spitball” that hinges on coordinated global action.
The updated BIP-360 proposal itself, merged into GitHub for official consideration last week, represents only the initial step. It proposes a new output type called Pay-to-Merkle-Root (P2MR), an upgrade to the existing Taproot (P2TR) system designed to hide public keys and remove a quantum-vulnerable key path. Crucially, BIP-360 is a backward-compatible soft fork, meaning non-upgraded nodes would simply ignore the new transaction type. However, Heilman is clear that this is just a “conservative first step” that primarily guards against long-range attacks, such as those targeting Satoshi Nakamoto’s original coins. A second, more complex phase involving the adoption of larger post-quantum signature algorithms within Bitcoin’s tapscript would be necessary to defend against short-range attacks on everyday transactions.
The Looming Quantum Danger Zone for Cryptocurrency
Heilman’s extended timeline directly collides with accelerating forecasts from the quantum computing frontier, creating a potential “danger zone” for Bitcoin. Professor Scott Aaronson, founding director of the Quantum Information Center at UT Austin, suggested in late 2025 that a fault-tolerant quantum computer capable of running Shor’s algorithm—the very algorithm that threatens Bitcoin’s elliptic curve cryptography—could emerge before the next U.S. presidential election. The threat is rooted in a fundamental asymmetry: while creating a quantum-resistant signature is complex, breaking existing ones with a sufficiently powerful quantum computer is theoretically straightforward. Recent research, including the preprint paper on ‘The Pinnacle Architecture,’ suggests the number of physical qubits needed to break 2048-bit RSA encryption has dropped dramatically, from estimates in the tens of millions five years ago to under 100,000 today.
- Exposed Assets: Analysis from groups like Project 11 indicates approximately 6.9 million Bitcoin (roughly one-third of the total supply) currently has its public key exposed on-chain, making it immediately vulnerable to a quantum attack once Shor’s algorithm is operational on a large-scale quantum computer.
- Consensus Mechanism Risk: Unlike Proof-of-Work blockchains like Bitcoin, chains using Proof-of-Stake or other mechanisms face an additional, more immediate threat to their consensus security from quantum adversaries.
- The Satoshi Dilemma: A uniquely Bitcoin problem involves the roughly 1 million BTC mined by Satoshi Nakamoto. These coins cannot be pre-emptively moved to quantum-safe addresses without the creator’s private keys, forcing the community into a future ethical and economic debate over whether to freeze them permanently or risk a market-dumping theft.
Expert Perspectives on the Cryptographic Race
The technical community is divided on the imminence of the threat but united on the need for preparedness. Antonio Sanso from Ethereum’s dedicated post-quantum team frames the challenge as an engineering problem, not a theoretical one. “There are not a lot of theoretical issues at the moment,” Sanso tells Cointelegraph Magazine. “It’s going to be solved for sure.” He and institutions like the U.S. National Institute of Standards and Technology (NIST) point to a realistic threat window around 2035. Conversely, some Bitcoin proponents, like Blockstream’s Adam Back, maintain that a cryptographically relevant quantum computer remains decades away, viewing the discussion as similar to past “FUD” (Fear, Uncertainty, Doubt) campaigns about Bitcoin’s energy use. This spectrum of expert opinion itself becomes a critical variable, influencing how urgently the diverse Bitcoin community acts.
Bitcoin’s Upgrade Challenge Versus Other Blockchains
While all major blockchains face the quantum threat, their starting positions and upgrade capacities differ significantly. Technically, Bitcoin’s structure offers an advantage: only spent outputs expose public keys, unlike chains like Solana where every public key is exposed by default. This means a smaller portion of Bitcoin’s supply is immediately at risk. However, Bitcoin’s legendary conservative upgrade process, designed for maximum security and decentralization, may become its biggest liability in a race against time. Ethereum has already formed a post-quantum team with community-backed goals for a 2029 overhaul, and Solana has demonstrated rapid upgrade capability, moving major consensus changes from idea to testnet in under a year.
| Blockchain | Immediate Quantum Risk Profile | Upgrade Mechanism & Pace | Key Challenge |
|---|---|---|---|
| Bitcoin | ~33% of supply (exposed public keys) | Conservative soft-fork process; requires broad consensus | Reaching agreement on hard choices (block size, signature size) |
| Ethereum | Majority of supply at risk | Faster upgrade path via EIPs; dedicated PQ team targeting 2029 | Overhauling entire chain state and smart contracts |
| Solana | ~100% of supply (keys exposed by default) | Proven rapid upgrade capability; already tested PQ signatures | Urgent need due to highest immediate exposure |
The Path Forward: Technical Hurdles and Community Consensus
The most significant obstacle identified by Heilman and other developers is not purely technical but social. Achieving the necessary consensus for a post-quantum Bitcoin will force difficult choices. Post-quantum signature algorithms are currently 10 to 100 times larger than Bitcoin’s existing ECDSA signatures. Integrating them without changes would slow the blockchain to a fraction of its current throughput. Solutions like increasing the block size, implementing a witness discount, or using zero-knowledge proofs to compress signatures all come with trade-offs and ideological baggage that have sparked civil wars within the Bitcoin community in the past, as seen with the prolonged debates over SegWit and Taproot. The question is whether the perceived quantum threat will be compelling enough to forge unprecedented agreement.
Potential for Cross-Chain Collaboration
An intriguing possibility for accelerating progress is increased collaboration between blockchain ecosystems. Ethereum’s post-quantum team has already developed a working prototype using hash-based ZK STARKs to aggregate signatures per block, creating a single, efficient proof. Researcher Justin Drake has expressed hope that Bitcoin would adopt such a standard, noting the solution is “built with Bitcoiner security in mind.” There are already bridges being built, with Ethereum researchers co-authoring academic papers with Bitcoin developers like Blockstream’s Mikhail Komarov. While Bitcoin traditionally values its independence, the scale of the quantum threat may necessitate unprecedented cooperation to establish robust, industry-wide cryptographic standards.
Conclusion
Ethan Heilman’s seven-year warning is less a precise prediction and more a sobering framework for understanding the monumental task of future-proofing Bitcoin. The core takeaway is that the timeline for defense is long, while the timeline for the potential attack is shortening. The community’s ability to navigate technical trade-offs—around signature size, block capacity, and legacy coins—will determine whether this upgrade occurs ahead of the threat or in a frantic reaction to it. While the quantum computer capable of breaking Bitcoin’s encryption may not exist today, the cryptographic and social work to defend against it cannot wait. The activation of BIP-360 for consideration marks the starting pistol in a race that demands both technical ingenuity and a level of consensus that Bitcoin has rarely, if ever, achieved.
Frequently Asked Questions
Q1: What is BIP-360 and how does it relate to quantum security?
BIP-360 is a Bitcoin Improvement Proposal for a new, quantum-resistant transaction output type called Pay-to-Merkle-Root (P2MR). It is a first, backward-compatible step that hides public keys to protect against long-range quantum attacks, but it is not a complete post-quantum solution on its own.
Q2: Why does a Bitcoin post-quantum upgrade take so long compared to other chains?
Bitcoin’s decentralized, conservative governance requires overwhelming community consensus for changes. The process involves years of proposal drafting, peer review, testing, and activation, followed by a global migration of user funds and wallet software—a massive coordination challenge.
Q3: How much Bitcoin is immediately vulnerable if a quantum computer appears tomorrow?
Approximately 6.9 million BTC (about one-third of the total mined supply) is considered “at risk” because its public keys are already exposed on the blockchain from previous transactions, according to analyses like Project 11’s.
Q4: What is the biggest technical hurdle for implementing post-quantum signatures in Bitcoin?
The primary hurdle is size. Current post-quantum signature algorithms are vastly larger than Bitcoin’s existing ones. Integrating them would drastically reduce transaction throughput unless accompanied by other changes, like increasing block size or using advanced compression techniques.
Q5: What happens to Satoshi Nakamoto’s original Bitcoins in a post-quantum upgrade?
This is an unresolved ethical and economic dilemma. Those coins cannot be moved to safety without Satoshi’s private keys. The community may eventually have to choose between permanently freezing them (affecting scarcity) or risking their theft and potential market dump by a quantum attacker.
Q6: Should everyday Bitcoin holders be worried about this right now?
While there is no need for panic, there is a need for awareness. No cryptographically relevant quantum computer exists today. However, the extended upgrade timeline means preparation must start now. Holders should follow developments and be ready to migrate funds to new, quantum-safe addresses when the time comes, which is likely years away.
