The debate on quantum computing and cryptocurrencies has entered a new phase. It is no longer about whether a quantum computer could eventually break elliptic curve cryptography, but rather when and — more importantly — what different networks are doing today to prepare.
A superficial analysis might suggest that Bitcoin and Ethereum face equivalent quantum risk. The technical evidence suggests otherwise. While both rely on ECDSA for transaction signatures and face similar attack vectors, the nature of the risk — and more critically, each network’s capacity to mitigate it — diverges significantly.
The technical threat is real and its timeline has accelerated
Developments in 2026 have considerably shortened previous estimates. In March, Google Quantum AI researchers published findings estimating that breaking 256‑bit elliptic curve cryptography (the type used by both Bitcoin and Ethereum for account signatures) could require approximately 1,200 logical qubits — about 20 times fewer than earlier estimates. Google has set an internal 2029 deadline to migrate its own systems to post‑quantum cryptography.
Beyond the immediate signature horizon, the “harvest now, decrypt later” attack vector creates a wider vulnerability window. Adversaries can record encrypted data today and wait for a quantum machine to decrypt it later. Public Bitcoin transactions are particularly suited for this mode, as the data is openly available and the cost of harvesting is negligible.
The immediate risk to the industry is not a sudden collapse of cryptography, but the cumulative exposure of decades of on‑chain activity that could someday be exploited.
But the decisive difference is not technical — it is governance
The crucial distinction does not lie in which chain has better cryptography, but in which chain can coordinate a large‑scale upgrade before attackers gain operational quantum capability.
Bitcoin governance is notoriously deliberate. Its consensus mechanisms prioritize stability and resistance to change over speed. For a network whose fundamental value is immutability and predictability, this is not a flaw — it is a feature. However, in the context of a cryptographic migration affecting every user, every wallet, and every unspent transaction output, that deliberation introduces a non‑trivial timing risk.
Ethereum, by contrast, has institutionalized quantum readiness. The Ethereum Foundation formed a dedicated Post‑Quantum Security team in January 2026. In February, Vitalik Buterin published a roadmap identifying four distinct areas of Ethereum’s cryptography requiring post‑quantum upgrades.
The “Strawmap” roadmap outlines seven hard forks spanning 2026 to 2029, designed to achieve full quantum resistance. Ethereum currently has the most structured and best‑funded quantum‑preparedness program in the digital asset space.
However, reducing this to “Bitcoin is in trouble, Ethereum is safe” would be technically inaccurate
Both networks face substantial challenges. Ethereum is not immune — its own consensus‑layer signatures, KZG commitments for data availability, and application‑layer account cryptography will require complete reengineering. But its governance model, which has demonstrated the ability to execute complex, large‑scale upgrades (The Merge, the various gas‑limit jumps), is structured in a way that makes a prolonged, planned transition more plausible.
Ethereum’s lighter governance has a downside: it exposes the network to greater implementation variability. Ethereum’s reliance on a relatively small number of centralized decision‑makers introduces a different risk — one of incentive misalignment or engineering errors during migration. No chain has executed a cryptographic transition of this magnitude in a production environment with live assets valued above one trillion dollars.
Quantified exposure remains significant
The data provides a baseline. Research from Coinbase estimates that approximately 6.51 million BTC — roughly 32.7% of the supply — appear vulnerable to long‑range quantum attacks, largely due to address reuse and script types that expose public keys on‑chain.
Other sources place the figure at roughly 7 million BTC quantum‑exposed. Within this, approximately 1.7 million BTC in P2PK addresses, where public keys are fully exposed, represent the most acute vulnerability category.
For Ethereum, quantified exposure is less central to the debate because its externally owned account model means any address that has ever signed a transaction has exposed its public key. In practice, this covers most active Ethereum addresses. Ethereum’s migration timeline is therefore not optional — all active users must eventually migrate — but the existence of a centralized governance framework to orchestrate that migration reduces execution uncertainty.
Bitcoin proposals expose a fundamental governance dilemma
Bitcoin Improvement Proposal 361 (BIP‑361), titled “Post‑Quantum Migration and Legacy Signature Retirement”, presents a three‑phase plan to migrate Bitcoin toward quantum‑resistant alternatives. Proposal A would block new funds from being sent to vulnerable address types approximately three years after activation.
Proposal B would invalidate all legacy signatures at consensus level approximately two years later. A third research phase would allow holders of frozen coins to prove ownership and recover funds. The overall timeline extends roughly five years.
This approach implies — explicitly — that unmigrated bitcoins would become permanently unspendable. This includes approximately 1.7 million BTC held in P2PK addresses, including the coins widely attributed to Satoshi Nakamoto. The proposal has generated debate, with critics arguing that freezing addresses contradicts the principle of full user control.
The alternative proposal, put forward by Adam Back and others, prefers optional upgrades paired with a long migration period, avoiding a mandatory freezing mechanism. The difference between these approaches is not merely technical — it is constitutional. It sets a precedent on whether the network can override the will of inactive holders in the name of a collective security goal.
What this means for the industry
For institutions holding digital assets, the implications are actionable.
First, post‑quantum migration must be treated as a long‑term fiduciary planning obligation, not a short‑term contingency. Coinbase’s quantum advisory board has argued that waiting for quantum attacks to become imminent would leave networks trying to coordinate technical upgrades, wallet migrations, exchange support, and community governance under pressure.
Second, the disparity in preparedness across major chains introduces diversification risks. Institutional investors holding large positions on chains without clear post‑quantum roadmaps are taking uncompensated timing risk.
Third, the challenge of unmigrated coins — particularly for Bitcoin — requires regulatory clarity. The proposal to freeze unclaimed funds, while technically viable, raises property rights questions that courts and regulators will likely address this decade.
Quantum risk to cryptocurrencies is real, manageable, and differential across networks. Bitcoin faces a more acute vulnerability not because its cryptography is weaker, but because its governance model makes rapid, coordinated migration more challenging. Ethereum is better positioned for the transition, but the lack of a proven Ethereum upgrade process for a cryptographic change of this scale should not be underestimated.
The most important timeline to watch is not Google’s or IBM’s hardware progress, but the progress of BIP‑361 through Bitcoin’s development process. The clearest signal that the industry is taking quantum risk seriously will be the activation of binding migration mechanisms on major networks — not roadmaps or position papers. Until then, the difference between preparedness and rhetoric remains the margin of true advantage in this race.
