Every few months a paper or news article makes the rounds claiming quantum computers will break Bitcoin and drain every wallet on the chain. The wave of headlines lasts a week, then it goes quiet, and the next round arrives a few months later. People who hold meaningful crypto positions ask the same question every time: how worried should I be? The honest answer takes more than a headline to give. Quantum computing is a real long-term threat to the cryptography Bitcoin uses. It is not a near-term threat. The gap between those two statements matters because it changes what you should be doing about it. This piece walks through what quantum computing threatens, where the technology stands in 2026, and what holders should and shouldn't be doing about it now.
Bitcoin uses a public-key cryptography system called ECDSA on the secp256k1 curve. Every Bitcoin address is derived from a public key, and the public key is derived from a private key. The private key signs transactions. The public key verifies them. The relationship between private and public is one-way: you can derive the public from the private, but a normal computer can't go in reverse. A sufficiently large quantum computer running Shor's algorithm can go in reverse. Given enough qubits (unit of information in quantum computing) and enough time, it's an algorithm that could derive a private key from a public key. If that ever happens at scale, anyone whose public key has been exposed on the blockchain (which includes anyone who has ever sent Bitcoin from an address) becomes vulnerable to having their funds stolen. That's the threat. Now the conditions.
To ground the scale question, IBM has demonstrated a 1,121‑qubit superconducting processor (Condor), and broadly, the largest commercial systems are still in the low thousands of physical qubits. These are physical qubits. This means that they're noisy and they make errors at rates that compound across operations. To break ECDSA on secp256k1 with Shor's algorithm, the threshold is much higher. A recent estimate from Google Quantum AI puts the attack at roughly 1,200–1,450 logical qubits, with error correction pushing the physical-qubit requirement into the hundreds of thousands on optimistic assumptions. No public roadmap from any quantum-computing company points to a million-qubit machine in the next decade. The current generation is several orders of magnitude away from what's required. The progress curve is steep, but the gap is also large.
Expert surveys tend to converge on a broad window, with many placing the arrival of a "cryptographically relevant quantum computer" somewhere between 2030 and 2050 (with very wide uncertainty). The honest read of those surveys is "we don't know." A breakthrough in error correction could compress the timeline by a decade. A wall in qubit scaling could push it out by another decade. Either is plausible. What you can do with that uncertainty is treat the threat as real but not imminent. The window where it stops being a multi-decade horizon is also the window where Bitcoin would have soft-forked to a quantum-resistant signature scheme, which is what most other systems facing this risk are planning to do.
NIST finalized its first post-quantum cryptography standards in 2024 (FIPS 203, 204, and 205, covering ML-KEM, ML-DSA, and SLH-DSA). These standards give the world a concrete set of algorithms to migrate to. Several are stateless and have signature sizes that, while larger than ECDSA, are workable on chain. Bitcoin would need to add support for one of these algorithms via a soft fork. Discussions and proposals have been ongoing for years, and the current state of post-quantum proposals is best tracked in the Bitcoin BIPs repository. See the latest BIPs and discussions here. The migration model people are converging on is opt-in: holders who want to move funds to a quantum-resistant address would do so via a transaction. Holders who don't move would remain on classical addresses. After enough time, classical addresses might be deprecated, but only after most holders had moved voluntarily.
A hardware wallet's role here is to be ready to support new signature schemes when they're standardized and adopted. That means firmware that can be updated to add new algorithms without compromising the security of existing keys. The specific defense against quantum computing isn't something a hardware wallet does today, because the threat isn't here yet and the post-quantum signature schemes Bitcoin will use haven't been written into the protocol. What a hardware wallet does today is keep your private key on a chip that never connects to the internet, which protects against every threat that exists today: malware, phishing, exchange failure, address-substitution, physical extraction. When the quantum threat becomes real and the protocol response is ready, firmware updates layer the new defense on top. Ryder One ships with an EAL6+ certified Infineon SLC38 secure element. The firmware that runs on it is signed and verifiable, with audits by Halborn covering the secure element layer. When post-quantum signature schemes ship in Bitcoin, the path to adopting them is a firmware update, not new hardware.
Three practical things. Hold positions in addresses that haven't sent anything yet. Public keys for never-sent-from addresses are not exposed on chain (only the hash of the public key is). That's a stronger position against a future quantum attacker than a hot address that's been signing transactions for years. Watch for the migration moment. When Bitcoin adopts a post-quantum signature scheme via soft fork, you'll want to migrate your funds. That's a one-time operation: send funds from your old address to a new quantum-resistant address. Hardware wallets that support firmware updates let you do this without buying new hardware. What you shouldn't do is buy a "quantum-resistant" wallet today from a vendor making specific claims. The quantum-resistant signature schemes Bitcoin will use don't exist in the protocol yet. Anyone selling quantum resistance for Bitcoin in 2026 is either selling something that won't be compatible with whatever Bitcoin adopts, or selling marketing.
Quantum computing is a long-term threat that the cryptography community has been preparing for since the 1990s. Bitcoin will need to migrate. Hardware wallets will need to update. The timeline is most likely measured in decades, not years. The panic version of this story ("quantum computers will steal your Bitcoin tomorrow") sells headlines. The honest version matches the technical reality: pay attention to the migration moment when it comes, keep your wallet updatable, don't reuse addresses, and don't buy gadgets sold against a threat the protocol doesn't yet have a defense for.
Hold for the long term, on hardware ready to keep up. Ryder One protects your keys today against every threat that exists, on a secure element built to support firmware updates as new standards arrive. See how it works.
The only crypto wallet you can install on a crowded subway.
Set it up in less than 60 seconds and just tap your phone to send, swap, and recover.
Share: