tl;dr - don't get your panties in a bundle over quantum threats.
This is a pretty great summary of the current quantum readiness landscape in Bitcoin. They do a nice job of talking about nuance. For instance:
First, as documented throughout this report, developers are actively working on the problem, and the pace of proposals has accelerated meaningfully since late 2025. Second, unlike the block size wars (which were fundamentally a dispute about Bitcoin's economic vision), a post-quantum upgrade is a response to an external technical threat that affects all participants equally. There is no constituency (apart from thieves) that benefits from Bitcoin being vulnerable to quantum attack. Third, the economic incentives are strongly aligned: holders, miners, exchanges, and developers all have enormous financial exposure to the network's continued security. As the quantum threat becomes more credible, the cost of inaction rises for every participant. History suggests that when incentive alignment is strong enough, even a deliberately slow-moving network can act.
The report also has a good grasp of how Bitcoin works:
Bitcoin has no CEO, no board, and no central authority that can mandate a software update. Changes to consensus rules require broad coordination among developers, miners, node operators, wallet providers, exchanges, and users. This process is slow by design, and it is also one of Bitcoin's most important properties.
It's a great report to send to people who are worried about Bitcoin and quantum. I thought about emailing it to Nic Carter but then I decided that I had other things to do.
Sounds like Galaxy Research plans on updating it as time goes by, too:
Galaxy Research will periodically update and recirculate the third section as the work evolves. But as our survey of initiatives will show, that work is already substantial, notwithstanding recent accusations of complacency leveled at the developer community. This makes us optimistic that the problem of quantum vulnerability can and will be solved in time to mitigate the threat, despite the formidable technical and governance challenges involved.
The Galaxy report is good on framing. A few concrete things worth knowing that often get lost in the panic vs. dismissal binary:
Not all UTXOs are equally exposed
P2PK outputs (early Bitcoin, Satoshi's coins) expose the public key directly — a quantum attacker could derive the private key without ever seeing a spend. Estimates put roughly 1-4M BTC in this bucket.
P2PKH/P2WPKH/P2TR outputs are safer: the public key is hashed and only revealed when you spend. That means the attack window is narrow — the time between you broadcasting a transaction and it being mined. A sufficiently fast quantum computer could try to extract the key mid-flight, but that requires both quantum capability AND defeating the mempool's timing, which is harder than just attacking dormant P2PK coins.
The actual threshold
Breaking ECDSA-256 would require roughly 4,000 logical (error-corrected) qubits. Today's best machines are in the low-thousands of physical qubits, with error rates that make sustained computation infeasible. The gap between physical and logical qubits is still enormous — we're likely a decade+ away from a credible threat, though nobody knows for certain.
The migration problem
The real risk isn't that Bitcoin can't be fixed — it's that fixing it requires broad coordination and users who don't move their coins voluntarily. Any soft fork for post-quantum signatures (SPHINCS+, Lamport one-time signatures, lattice-based schemes) will need a long on-ramp and a sunset mechanism for old address types. That's the governance and UX challenge, not the cryptography.