Bitcoin is not staring down a near-term quantum apocalypse, but it may have a maintenance problem. Bernstein says advances in quantum computing are making the threat to Bitcoin’s cryptography look more concrete, yet still manageable, with roughly three to five years for the industry to get ready for post-quantum upgrades.
The research firm’s framing is bluntly less dramatic than the headlines. Instead of treating quantum computing as an existential event, Bernstein describes it as a ”manageable upgrade cycle” – which is a polite way of saying the network has time, but not endless time, to stop pretending this is someone else’s issue.
Which Bitcoin wallets face the biggest quantum exposure
The risk is not spread evenly across Bitcoin. Bernstein says older wallets and addresses that reuse public keys are the most exposed, while newer wallet formats and standard hygiene such as avoiding address reuse lower the odds of trouble. Bitcoin mining, by contrast, is not considered meaningfully vulnerable because SHA-256 hashing is not the weak point here.
Bernstein highlights pay-to-public-key (P2PK), pay-to-multisig (P2MS), and pay-to-Taproot (P2TR) as the address types most exposed to quantum risk. The largest concentration is in legacy holdings: roughly 1.7 million Bitcoin sit in early P2PK addresses, including an estimated 1.1 million BTC attributed to Satoshi Nakamoto, where public keys are permanently visible.
Why the Bitcoin quantum timeline is getting shorter
Quantum experts generally still talk about a 10-year horizon for cryptographically relevant quantum computers, or CRQCs, the kind of machines that could break today’s encryption. But recent progress, including Google research showing a significant reduction in the resources needed to break modern encryption, has pulled that horizon closer and made the problem harder to ignore.
That does not mean a breakthrough machine is around the corner. The report says major technical hurdles and high costs still stand between current research and anything capable of threatening Bitcoin directly. In other words, the threat is real enough to plan for, but not real enough to excuse panic trading.
What Bitcoin developers would have to do
If Bitcoin does move to quantum-resistant cryptographic standards, the work would likely fall to its open-source developer community and core contributors, who would need to propose changes and get them through consensus. That process is messy by design, which is also why it tends to protect the network from bad ideas and slow-walk the useful ones.
For now, Bernstein’s message is simple: Bitcoin has a window to upgrade before quantum hardware becomes a practical threat. The smart money is on gradual migration, better wallet habits, and a lot of protocol debate long before anyone is forced into emergency mode.