The quantum threat to Bitcoin is real but the timeline is consistently misunderstood.
The threat model isn't "quantum computer breaks Bitcoin tomorrow." It's: at what point does a sufficiently advanced quantum computer make ECDSA signatures vulnerable? And does that happen before Bitcoin's key rotation mechanisms can respond?
The honest answer: we don't know the exact timeline, but the Bitcoin development community has years of warning before it becomes critical - and post-quantum signature schemes (CRYSTALS-Dilithium, SPHINCS+) are already standardized by NIST.
The migration challenge is the real risk, not the cryptography. Moving everyone to quantum-resistant addresses requires a coordinated soft fork, user action to sweep old UTXOs, and time. The biggest vulnerability is coins in addresses that have exposed their public key (reused addresses, old P2PK outputs from early Satoshi blocks).
The practical takeaway: if you have coins sitting in old P2PK or reused P2PKH addresses, migrate them to Taproot now. Not because quantum computers are here, but because the migration cost today is zero and waiting is a risk that compounds.
The quantum threat to Bitcoin is real but the timeline is consistently misunderstood.
The threat model isn't "quantum computer breaks Bitcoin tomorrow." It's: at what point does a sufficiently advanced quantum computer make ECDSA signatures vulnerable? And does that happen before Bitcoin's key rotation mechanisms can respond?
The honest answer: we don't know the exact timeline, but the Bitcoin development community has years of warning before it becomes critical - and post-quantum signature schemes (CRYSTALS-Dilithium, SPHINCS+) are already standardized by NIST.
The migration challenge is the real risk, not the cryptography. Moving everyone to quantum-resistant addresses requires a coordinated soft fork, user action to sweep old UTXOs, and time. The biggest vulnerability is coins in addresses that have exposed their public key (reused addresses, old P2PK outputs from early Satoshi blocks).
The practical takeaway: if you have coins sitting in old P2PK or reused P2PKH addresses, migrate them to Taproot now. Not because quantum computers are here, but because the migration cost today is zero and waiting is a risk that compounds.