A recent report from Galaxy Digital frames the quantum computing threat to Bitcoin as real but not imminent, highlighting ongoing preparations rather than panic. The core issue is cryptographic: Bitcoin relies on elliptic curve digital signatures that could be broken by a sufficiently advanced quantum machine using Shor's algorithm, allowing an attacker to derive private keys from public ones and spend funds without authorization. The industry calls this hypothetical event "Q-day", with estimates ranging from years to decades – uncertainty that itself is problematic given Bitcoin's slow upgrade cycle.
Which Bitcoins Are Actually at Risk
The report notes that risk is unevenly distributed. Most coins are currently safe because public keys are only revealed when spending; coins stored under hashed addresses remain shielded. Exposure lies in two scenarios: coins whose public keys are already visible on-chain (e.g., from past transactions), and coins in transit during a transaction. Galaxy cites estimates that millions of bitcoins – including those linked to early adopters and Satoshi Nakamoto – fall into the first category. If quantum capability arrives before protective measures, these holdings could become prime targets. A sudden unlocking of dormant supply could destabilize markets and undermine mining incentives, making it a systemic rather than individual risk.
Several defenses are already being built. Bitcoin Improvement Proposal 360 introduces Pay-to-Merkle-Root, a transaction structure that eliminates always-visible public keys, reducing the attack surface. Another proposal named "Hourglass" limits how quickly vulnerable coins can be spent in a worst-case scenario, buying time for market adjustment. On the cryptographic front, hash-based signature schemes like SPHINCS+ are emerging as post-quantum candidates, relying on different mathematical assumptions that some researchers view as more conservative.
Tradeoffs and Governance Challenges
Post-quantum cryptography brings tradeoffs: larger signatures would increase transaction sizes and network load. Developers are also exploring contingency plans – a commit-and-reveal process to protect transactions before new cryptography is deployed, and zero-knowledge proofs to verify ownership without exposing sensitive data. These layered approaches form a toolkit rather than a single fix. However, the report argues the hardest problem is governance. Bitcoin has no central authority; every upgrade requires coordination among developers, miners, exchanges, and users. Past upgrades like SegWit and Taproot took years and sparked intense debates. Quantum preparedness could prove even more divisive, especially proposals that might render coins that fail to migrate permanently unspendable, raising philosophical questions about property rights and social contracts. The report concludes by emphasizing a key difference: quantum risk is an external, shared threat that aligns incentives across the community. Whether the network can coordinate in time will determine the outcome – and, as with much of Bitcoin's history, the solution will emerge through slow consensus rather than abrupt change.

