Quantum computers make for scary headlines.
But the first commercial machines are nowhere near breaking Bitcoin.
To threaten Bitcoin’s signatures, an attacker would need a fault-tolerant quantum computer with thousands of reliable, error-corrected qubits and long, stable circuits. Today’s devices manage only dozens of logical qubits in carefully controlled labs. They are good for small experiments, not for tearing apart 256-bit cryptography on demand.
Even if such a powerful machine appears, an attack has to win a race. Most coins only reveal a public key when you spend them. From that moment, an attacker has roughly one block interval, about ten minutes, to run Shor’s algorithm, extract your key, and get a forged transaction confirmed first. Current and near-term machines are nowhere close to that kind of speed and reliability.
Hashing is even safer. Grover’s algorithm can, in theory, speed up brute forcing SHA-256, but it still leaves an effective security level around 128 bits. That is a huge search space, even for a future quantum computer.
Finally, Bitcoin is not stuck with its current cryptography. Developers can add quantum-safe signatures and new address types, and give users years to move coins to stronger protection. For quantum to “break Bitcoin” outright, we would need both a surprisingly fast leap in hardware and a long period of human neglect.
The threat is real over decades if nobody prepares.
From the first generations of commercial quantum computers, it is extremely unlikely.
But the first commercial machines are nowhere near breaking Bitcoin.
To threaten Bitcoin’s signatures, an attacker would need a fault-tolerant quantum computer with thousands of reliable, error-corrected qubits and long, stable circuits. Today’s devices manage only dozens of logical qubits in carefully controlled labs. They are good for small experiments, not for tearing apart 256-bit cryptography on demand.
Even if such a powerful machine appears, an attack has to win a race. Most coins only reveal a public key when you spend them. From that moment, an attacker has roughly one block interval, about ten minutes, to run Shor’s algorithm, extract your key, and get a forged transaction confirmed first. Current and near-term machines are nowhere close to that kind of speed and reliability.
Hashing is even safer. Grover’s algorithm can, in theory, speed up brute forcing SHA-256, but it still leaves an effective security level around 128 bits. That is a huge search space, even for a future quantum computer.
Finally, Bitcoin is not stuck with its current cryptography. Developers can add quantum-safe signatures and new address types, and give users years to move coins to stronger protection. For quantum to “break Bitcoin” outright, we would need both a surprisingly fast leap in hardware and a long period of human neglect.
The threat is real over decades if nobody prepares.
From the first generations of commercial quantum computers, it is extremely unlikely.