March 11, 2026 — New analysis reveals a critical vulnerability affecting the entire Bitcoin supply, not just the quarter previously identified as at risk. Research published this week demonstrates that all 21 million Bitcoin face potential compromise from sufficiently advanced quantum computers, fundamentally challenging existing security assumptions. The findings emerge as construction begins on Chicago’s million-qubit quantum facility targeting 2027 completion, accelerating timelines for what experts now call an inevitable cryptographic transition.
Beyond the 25%: Complete Supply Vulnerability Exposed
Project 11’s Bitcoin Risq List currently identifies 6,887,180 Bitcoin worth over $450 billion as “at risk” due to exposed public keys. However, researchers now confirm this represents only the most immediately vulnerable portion. “The one in four Bitcoin held in old address types are the easiest to attack and will be stolen first,” explains Yoon Auh, CEO of BOLTS, whose company runs quantum-proof signature proof-of-concept work. “But the remainder of the Bitcoin supply will still be vulnerable to more sophisticated attackers.”
This vulnerability stems from a fundamental blockchain characteristic: public key exposure during transaction processing. When users spend Bitcoin, their public keys become visible in the mempool for 10 to 60 minutes while awaiting confirmation. This brief window creates what experts term “short exposure attacks” — quantum computers fast enough to derive private keys within that confirmation period could theoretically compromise any Bitcoin being spent.
The Short-Exposure Attack Window: Minutes That Could Break Everything
Quantum computing’s progression toward “just in time” attacks represents the most significant threat to cryptocurrency’s long-term viability. Charles Edwards from Capriole Investment Fund, who has advocated for post-quantum upgrades, explains the technical challenge. “The difference is the technical capability required. You have to be able to move and solve and decrypt very quickly to steal coins in the mempool, effectively hacking every single Bitcoin.”
- Immediate Risk: 6.9 million Bitcoin with long-exposed public keys
- Secondary Risk: All remaining Bitcoin during spending transactions
- Lost Coins: 3-4 million Bitcoin considered permanently vulnerable
- Time Window: 10-60 minute mempool exposure per transaction
Expert Consensus: The Clock Is Ticking
Ethan Heilman, BIP-360 co-author, provides crucial context about attack prioritization. “With short-exposure attacks, the attacker only learns the public key after the output is spent. This means the attacker is in a race to break the public key and double-spend the transaction before the honest transaction is confirmed.” Heilman notes that early quantum computers will likely target the “giant pile of coins” with already-exposed keys first, buying time for broader protocol upgrades.
Meanwhile, Deloitte partner Marc Verdonk’s research offers specific timelines. “Current scientific estimations predict that a quantum computer will take about 8 hours to break an RSA key, and some specific calculations predict that a Bitcoin signature could be hacked within 30 minutes.” Verdonk cautions that field advancement remains unpredictable, noting that approaching the 10-minute mark would fundamentally break Bitcoin’s security model.
Quantum Computing Timeline: From Theory to Imminent Threat
The threat timeline has accelerated dramatically in recent months. Construction began last week on Chicago’s quantum computer facility targeting 1 million physical qubits by 2027. PsiQuantum’s recent $1 billion funding round from BlackRock-affiliated funds signals serious institutional belief in near-term quantum advancement. These developments follow February’s “Pinnacle Architecture” preprint suggesting 2048-bit RSA encryption could be broken in one month with under 100,000 physical qubits.
| Quantum Milestone | Timeline | Bitcoin Impact |
|---|---|---|
| 1M qubit facility construction | Started March 2026 | Accelerates threat timeline |
| RSA break estimate | 100k qubits / 1 month | Comparable to ECC difficulty |
| Bitcoin-specific research | 2022 paper outdated | New estimates needed |
| BIP-360 implementation | 7-year estimate | Race against quantum development |
Protocol Response: BIP-360 and Its Limitations
The Bitcoin community’s primary response, BIP-360, proposes Pay To Merkle Root (P2MR) addresses to protect against long-exposure attacks. However, the proposal explicitly acknowledges its limitations regarding short-exposure vulnerabilities. “P2MR outputs are only resistant to ‘long exposure attacks’ on elliptic curve cryptography,” the document states, noting that “protection against more sophisticated quantum attacks may require the introduction of post-quantum signatures in Bitcoin.”
This distinction creates a multi-phase upgrade challenge. First, vulnerable coins must move to quantum-resilient addresses. Subsequently, the protocol itself requires fundamental changes to transaction signing mechanisms. Ethereum researcher Justin Drake emphasizes the importance of quantum computer types in this timeline. “If you have the fast flavor, like Google’s superconducting qubits, then the estimate for cracking a key is on the order of minutes, roughly ten minutes.”
Economic Realities: Would Attackers Even Bother?
Charles Edwards raises a crucial economic consideration. “Obviously, that wouldn’t happen in reality because once the capability got there, then probably no one would even hold Bitcoin or the value would be next to zero, so no one would bother.” This creates a paradoxical security dynamic where the mere existence of quantum attack capability could destroy Bitcoin’s value before most attacks occur.
CoinShares researcher Christopher Bendiksen offers a more optimistic assessment, suggesting only about 10,200 Bitcoin could realistically be stolen. His analysis argues that breaking most OG miner coins would require “millennia even in the most outlandishly optimistic scenarios.” However, this research dates from 2022, and recent quantum advancements suggest these estimates may already be outdated.
Conclusion: An Inevitable Cryptographic Transition
The quantum computing threat to Bitcoin represents not a question of “if” but “when.” While immediate risk concentrates on coins with long-exposed public keys, the entire supply faces eventual vulnerability. The community’s response through BIP-360 addresses only part of the problem, leaving short-exposure attacks for future protocol upgrades. As quantum computing facilities expand globally and investment pours into the field, Bitcoin’s cryptographic foundations face their most significant challenge since inception. The coming years will determine whether the network can transition to post-quantum security before quantum computers transition from theoretical threat to practical attack vector.
Frequently Asked Questions
Q1: What percentage of Bitcoin is immediately vulnerable to quantum attacks?
Approximately 25-30% of Bitcoin, about 6.9 million coins, have exposed public keys making them immediately vulnerable to quantum computers capable of breaking elliptic curve cryptography.
Q2: How does spending Bitcoin make it vulnerable to quantum attacks?
When you spend Bitcoin, the public key becomes visible in the mempool for 10-60 minutes during transaction confirmation. A sufficiently fast quantum computer could theoretically derive the private key during this window.
Q3: What is the difference between long-exposure and short-exposure attacks?
Long-exposure attacks target Bitcoin with public keys exposed for extended periods (like Satoshi’s coins). Short-exposure attacks target Bitcoin during the brief window when public keys are visible during spending transactions.
Q4: When will quantum computers be capable of attacking Bitcoin?
Estimates vary widely. Some experts believe capability could emerge within this decade as million-qubit facilities complete construction, while others believe practical attacks remain decades away.
Q5: What is BIP-360 and how does it address quantum threats?
BIP-360 proposes Pay To Merkle Root addresses to protect against long-exposure attacks. However, it explicitly states that short-exposure attacks will require additional post-quantum signature implementations.
Q6: Should Bitcoin holders take immediate action regarding quantum threats?
Most experts recommend monitoring protocol development rather than taking individual action. The community must implement network-level solutions; individual address changes won’t protect against short-exposure attacks during spending.
