For much of Bitcoin’s history, network security has largely been treated as a fixed assumption underpinning the asset itself. The emergence of quantum computing has started to challenge that assumption, introducing the possibility that certain forms of Bitcoin’s existing cryptographic architecture could eventually become vulnerable under sufficiently advanced computational conditions.
Importantly, Bitcoin is not “broken” today, as no publicly known quantum computer currently possesses the capability required to compromise Bitcoin’s elliptic curve cryptography at scale. The present issue is therefore not an active collapse scenario, but rather a future-oriented migration problem that the ecosystem is already beginning to address through research, proposed upgrades, and evolving custody practices.
Quantum Risk Is Real, But Uneven
The core quantum vulnerability stems from the public-key exposure of the cryptographic key pairs that ultimately control Bitcoin access. Once a public key becomes visible on-chain, a sufficiently advanced quantum computer could theoretically use specialised algorithms designed to break certain forms of encryption (Shor’s algorithms) to derive the corresponding private key and gain access to those funds. This risk is especially relevant for older Pay-to-Public-Key (P2PK) outputs and reused address formats where public keys have already been exposed for extended periods of time.
This does not mean all Bitcoin is equally vulnerable. The risk is concentrated within specific segments of supply, particularly dormant wallets and older address structures. Estimates cited within current industry discussions suggest that a meaningful share of Bitcoin remains held in address formats with exposed public keys, though a large proportion of active holders still retain the ability to migrate funds to safer wallet structures before quantum capabilities become practically viable (Figure 1).
Figure 1: Estimated Bitcoin Supply by Quantum Exposure Status (BTC, millions)
Source: Wicked Smart Bitcoin. Data correct as of May 16, 2026.
The Difference Between Long-Exposure and Short-Exposure Risk
The distinction between active and dormant supply is central to understanding the issue. Quantum attack risk is separated into the following two categories:
- Long-exposure attacks: target older wallets whose public keys have already been visible on the blockchain for many years, particularly dormant early-era Bitcoin addresses. Because these keys are already exposed, a future attacker would theoretically have extended time to attempt to access those funds.
- Short-exposure attacks: target active transactions during the brief period in which public keys become temporarily visible while transfers are being processed. These scenarios are generally viewed as less immediate because the exposure window is significantly smaller.
Current industry discussions generally view long-exposure attacks as the more practical long-term concern, largely because dormant wallets provide a significantly larger time window for potential attacks and often contain large concentrations of BTC holdings (Figure 2)
Figure 2: Long-Exposure vs Short-Exposure Quantum Attack Scenarios
|
Attack Type |
Exposure Window |
Example |
Relative Risk |
|
Long-Exposure |
Public key exposed for years |
Dormant P2PK wallets |
Higher |
|
Short-Exposure |
Temporary mempool exposure |
Active transaction spending |
Lower |
Source: Learnmeabitcoin, BIP discussions, 3iQ
As a result, the biggest long-term challenge may not be active Bitcoin users at all, but inaccessible or abandoned coins that cannot easily migrate to newer address formats. As seen in Figure 1, estimates referenced in current research suggest that more than 1.7 million BTC may sit in vulnerable dormant P2PK outputs alone, with broader estimates of dormant quantum-vulnerable supply rising further when additional script types are included.
Migration, Custody, and Bitcoin’s Adaptation Pathway
At the same time, the Bitcoin ecosystem is not standing still, with both researchers and developers already working on post-quantum security solutions through a series of Bitcoin Improvement Proposals (BIPs). These include BIP-360, which introduces new address structures designed to reduce long-term public-key exposure. While these proposals do not fully solve every quantum-related issue, they demonstrate that the discussion has already moved beyond theoretical speculation and into active protocol research.
For many active holders, migration may ultimately resemble previous transitions in Bitcoin’s history, where wallet standards and address formats evolved gradually over time. In practice, this means users who still maintain access to their wallets may have the opportunity to move funds into safer structures well before quantum attacks become technically feasible.
This also introduces an important operational dimension for institutional investors. As post-quantum standards continue to develop, professional custody providers, regulated fund structures, and ETF issuers are likely to be better positioned to monitor protocol developments, coordinate migrations, and implement evolving security standards at scale. In that sense, the quantum discussion may further reinforce the operational importance of institutional-grade custody infrastructure within digital asset markets.
Figure 3: Relative Quantum Exposure by Bitcoin Address Format
|
Address Type / Script |
Public Key Visibility |
Relative Exposure |
|
P2PK |
Immediately visible |
Highest |
|
P2PKH |
Hidden until spending |
Moderate |
|
P2WPKH |
Hidden until spending |
Moderate |
|
P2TR |
Hidden until spending/key reveal |
Lower |
Source: Learnmeabitcoin, BIP discussions, 3iQ
The Governance Problem of Dormant Coins
Even if migration pathways succeed for active users, a deeper governance challenge remains: what happens to dormant, vulnerable coins that are never migrated?
This is where the quantum debate shifts from a technical problem into a philosophical one. One potential solution is to implement protocol-level changes that freeze or restrict vulnerable, inactive addresses before they can be exploited. However, doing so would directly conflict with Bitcoin’s core principles of immutability, censorship resistance, and absolute property rights.
This dilemma introduces difficult questions with no easy answers: Should lost or inaccessible coins remain permanently spendable, even if they become prime targets for quantum theft? Should the network intervene to protect this dormant supply? If so, who determines which coins are truly abandoned?
Conclusion: A Multi-Year Adaptation
Ultimately, the quantum threat is not a binary event that will suddenly cause Bitcoin to succeed or fail. The more realistic scenario is a gradual, multi-year process of network migration, technical adaptation, and governance coordination. Here, Bitcoin’s long-term resilience will not depend on cryptography alone, but will rest on how effectively the global community balances technical security with operational practicality and social consensus as the technology matures.
Disclaimer
This publication is provided for educational and informational purposes only. Not intended for distribution to any person in any jurisdiction where such distribution would be contrary to law. It does not constitute financial, investment, legal, accounting, tax, or other professional advice, and must not be relied upon as such. Nothing in this publication is intended to recommend or promote any particular product, strategy, portfolio approach, issuer, digital asset, or service offering. Readers should not interpret any discussion of specific cryptocurrencies and other digital assets, markets, or strategies as a solicitation, offer, or endorsement. The views expressed were prepared for the purpose of providing readers with general educational background information about cryptoassets and are not appropriate for other purposes. 3iQ assumes no obligation to update or revise this document to reflect new events or circumstances. For information about any 3iQ products, refer to the applicable offering documents and/or prospectus disclosure.”
The views and examples presented are general in nature and may not be appropriate for any specific investor, client situation, or regulatory context. Readers remain solely responsible for performing their own due diligence and verifying the accuracy of any information used in their decision-making.
Cryptocurrencies and other digital assets are highly volatile, may experience significant price fluctuations, and may not be suitable for all investors. 3iQ makes no representation or warranty as to the accuracy, completeness, or timeliness of any information contained herein. All content is provided on an “as-is” basis without warranty of any kind. 3iQ shall not be liable for any loss, damage, or adverse outcome arising from the use of, or reliance on, this material.
Commissions, trailing commissions, management fees and expenses all may be associated with mutual fund investments. Please read the prospectus before investing. Mutual funds are not guaranteed, their values change frequently, and past performance may not be repeated.