March 11, 2026 — A groundbreaking analysis reveals that quantum computing threats endanger the entire Bitcoin supply, not just the 25-30% previously considered vulnerable. Research published this week demonstrates that all 21 million Bitcoin face potential compromise from sufficiently advanced quantum computers, fundamentally challenging industry assumptions about cryptocurrency security. The findings emerge as construction begins on Chicago’s million-qubit quantum facility targeting 2027 completion, accelerating timelines for what experts now call an inevitable cryptographic collision.
The Complete Bitcoin Supply Faces Quantum Vulnerability
Industry consensus has long maintained that only Bitcoin held in addresses with exposed public keys faces quantum threats. Project 11’s Bitcoin Risq List currently identifies 6,887,180 Bitcoin worth over $450 billion as “at risk” under this definition. However, new technical analysis reveals a more comprehensive vulnerability. “The difference is between long-exposure and short-exposure attacks,” explains Ethan Heilman, co-author of the BIP-360 proposal for post-quantum Bitcoin addresses. “Coins with public keys exposed for years represent the low-hanging fruit, but every Bitcoin transaction creates a vulnerability window.”
When users spend Bitcoin, their public keys become exposed in the mempool during transaction processing. This typically creates a 10-60 minute window where quantum computers could theoretically execute “just-in-time” attacks. Charles Edwards from Capriole Investment Fund confirms the broader threat: “Every coin, if your time horizon is long enough, every coin will be taken long term. That’s why we have to solve this now.” The revelation comes as PsiQuantum secures $1 billion from BlackRock-affiliated funds, signaling investor confidence in near-term quantum computing breakthroughs.
Two Attack Vectors: Long-Exposure Versus Short-Exposure
Security experts now distinguish between two primary quantum attack methods against Bitcoin, each with different technical requirements and timelines. Long-exposure attacks target Bitcoin that has already revealed public keys, including Satoshi Nakamoto’s estimated 1.1 million Bitcoin and other early holdings. These represent the easiest targets for early quantum computers. Short-exposure attacks target transactions in the mempool, requiring faster computation but potentially compromising any Bitcoin when spent.
- Long-Exposure Attacks: Target approximately 6.9 million Bitcoin with permanently exposed public keys. Estimated to require quantum computers capable of sustained computation over months.
- Short-Exposure Attacks: Threaten all Bitcoin transactions. Require quantum computers fast enough to break encryption within Bitcoin’s 10-minute block confirmation window.
- Lost Coins: Approximately 3-4 million Bitcoin in vulnerable addresses are considered permanently lost and cannot be upgraded to quantum-secure addresses.
Expert Perspectives on the Quantum Timeline
Yoon Auh, CEO of BOLTS, emphasizes the fundamental vulnerability: “If you want to spend your Bitcoin, you have to reveal the public key. You can’t get around that. The problem is that your bad actor will become a big Bitcoin miner and intercept that transaction from ever happening.” His company is developing QFlex technology for the Canton network, enabling hot-swapping of quantum-proof signatures during transactions. Meanwhile, Deloitte partner Marc Verdonk’s research indicates current scientific estimates predict quantum computers could break Bitcoin signatures within 30 minutes, dangerously close to the network’s confirmation window.
Breaking Encryption: From RSA to Bitcoin’s ECC
Recent breakthroughs in quantum computing research have dramatically reduced estimated requirements for breaking modern encryption. A February 2026 preprint paper titled ‘The Pinnacle Architecture’ suggests 2048-bit RSA encryption could be broken in one month with “less than one hundred thousand physical qubits” or in one day with 471,000 qubits. While Bitcoin uses elliptic curve cryptography rather than RSA, quantum computing expert Professor Scott Aaronson notes that “Shor’s algorithm mostly just cares about the key size,” suggesting Bitcoin’s 256-bit keys might be even more vulnerable.
| Encryption Type | Key Size | Estimated Qubits Required | Estimated Break Time |
|---|---|---|---|
| RSA-2048 | 2048-bit | 100,000 physical qubits | 1 month |
| Bitcoin ECC | 256-bit | Unknown (research ongoing) | Potentially faster than RSA |
| Post-Quantum Algorithms | Varies | Millions of qubits (estimated) | Decades (current estimates) |
The BIP-360 Solution and Its Limitations
The Bitcoin community has proposed BIP-360 as a partial solution, creating new Pay To Merkle Root addresses designed to protect against long-exposure attacks. However, the proposal explicitly acknowledges it doesn’t prevent short-exposure attacks. “P2MR outputs are only resistant to ‘long exposure attacks’ on elliptic curve cryptography,” the document states. “Protection against more sophisticated quantum attacks may require the introduction of post-quantum signatures in Bitcoin.” Heilman explains the prioritization: “With short-exposure attacks, the attacker only learns the public key after the output is spent. This means the attacker is in a race to break the public key and double-spend the transaction.”
Divergent Expert Opinions on Urgency
Not all analysts agree on the immediate threat level. CoinShares researcher Christopher Bendiksen recently argued that only about 10,200 Bitcoin could realistically be stolen, claiming most early coins reside in 32,607 individual addresses that would take “millennia to unlock even in the most outlandishly optimistic scenarios.” His report suggests breaking Bitcoin within a day would require 13 million physical qubits. However, Ethereum researcher Justin Drake counters that different quantum computing modalities dramatically affect timelines: “If you have the fast flavor, like Google’s superconducting qubits, then the estimate for cracking a key is on the order of minutes, like roughly ten minutes.”
Economic Implications and Network Response
The economic consequences of quantum vulnerability extend beyond direct theft. Edwards notes that market dynamics would likely render short-exposure attacks economically irrational: “Once the capability got there, then probably no one would even hold Bitcoin or the value would be next to zero, so no one would bother.” This creates a paradoxical security situation where the very existence of quantum breaking capability could destroy Bitcoin’s value before most attacks occur. The network faces a critical upgrade timeline, with BIP-360 co-authors previously estimating Bitcoin may need seven years to implement comprehensive post-quantum security.
Industry Mobilization and Alternative Approaches
Across the cryptocurrency sector, developers are exploring multiple post-quantum strategies. Some propose hybrid systems combining current ECC with quantum-resistant algorithms during a transition period. Others advocate for completely new address types that never expose public keys, even during spending. The Canton network proof-of-concept with BOLTS’ QFlex technology represents one approach, enabling signature algorithm switching during active sessions. Meanwhile, academic institutions and corporate research labs accelerate work on lattice-based cryptography, hash-based signatures, and other post-quantum approaches.
Conclusion
The quantum computing threat to Bitcoin has evolved from a theoretical concern about exposed addresses to a comprehensive vulnerability affecting the entire supply. While long-exposure attacks against approximately 6.9 million Bitcoin represent the most immediate concern, short-exposure attacks threaten all transactions as quantum computers advance. The BIP-360 proposal addresses part of this threat but leaves transactions vulnerable during confirmation windows. With quantum computing facilities targeting million-qubit milestones by 2027 and encryption-breaking estimates dropping rapidly, the Bitcoin community faces unprecedented pressure to implement post-quantum security. The coming 12-24 months will determine whether cryptocurrency’s foundational technology can evolve faster than the quantum computers threatening to break it.
Frequently Asked Questions
Q1: How many Bitcoin are immediately vulnerable to quantum attacks?
Approximately 6.9 million Bitcoin held in addresses with exposed public keys face immediate long-exposure quantum threats. This represents about 33% of the total supply, valued at over $450 billion at current prices.
Q2: What makes short-exposure attacks different from long-exposure attacks?
Short-exposure attacks target Bitcoin transactions during the 10-60 minute confirmation window when public keys temporarily appear in the mempool. These require faster quantum computation but could theoretically compromise any Bitcoin when spent.
Q3: When will quantum computers likely become capable of breaking Bitcoin encryption?
Estimates vary widely. Some experts suggest 5-10 years for long-exposure attacks, while short-exposure attacks requiring faster computation might take longer. Construction has begun on Chicago’s million-qubit facility targeting 2027 completion.
Q4: Can I protect my Bitcoin from quantum attacks?
Currently, moving Bitcoin to new addresses generated with quantum-aware wallets provides some protection. However, complete protection requires network-level upgrades to post-quantum cryptography that don’t yet exist for Bitcoin.
Q5: How does BIP-360 address quantum threats?
BIP-360 proposes new Pay To Merkle Root addresses that protect against long-exposure attacks but explicitly doesn’t prevent short-exposure attacks during transaction confirmation periods.
Q6: What happens to Bitcoin’s value if quantum computers break its encryption?
Most experts believe the market would collapse before widespread theft occurs, as confidence in the network’s security would evaporate. This creates economic disincentives for some attacks but doesn’t eliminate technical vulnerabilities.
