The quantum threat to Bitcoin: Why decentralization becomes the main obstacle to protection
On June 22, the U.S. President signed an executive order mandating an accelerated transition to post-quantum cryptography for federal systems. This is a timely signal, but for Bitcoin, the situation is far more complex. Unlike government networks, a decentralized protocol cannot be updated by a single directive — it requires consensus among thousands of independent participants.
According to leading experts, a cryptographically significant quantum computer could emerge within a timeframe of three to ten years. Stefan Leichenauer, Vice President of Engineering at SandboxAQ, notes that migration to post-quantum cryptography will take years, and organizations are already falling behind schedule. Alex Pruden, CEO of Project Eleven, adds that the probability of such a computer existing by 2030 is 10%, and by 2033, it reaches 50%. Meanwhile, Paul Stimers, Executive Director of the Quantum Industry Coalition, warns that public estimates may not account for classified military and intelligence quantum programs.
Bitcoin's main vulnerability is not mining, but signatures
The key threat to Bitcoin lies not in the possibility of breaking the mining algorithm, but in the vulnerability of digital signatures. If a public key is exposed (which happens with every coin spend), a future quantum computer could recover the private key and sign a transaction on behalf of the owner. This puts millions of addresses with already exposed keys at risk.
The community is already taking steps. In March, the Bitcoin Quantum v0.3.0 testnet was launched, implementing BIP-360, which introduces the Pay-to-Merkle-Root output type, designed to eliminate the quantum-vulnerable key-path spend. However, it is important to understand: publishing a BIP is merely a formal step in the discussion process, not an approved network upgrade. In April, a more radical BIP-361 emerged, proposing the forced locking of coins on vulnerable addresses if owners do not move them to quantum-resistant ones. This proposal sparked heated debate, as many see it as a violation of the principle of sovereign control.
Why migration will take years
According to the Project Eleven report "The Quantum Threat to Blockchains 2026," the baseline scenario for Q-Day is 2033. But for Bitcoin, the problem is not only technical. The transition will require coordination among developers, miners, exchanges, custodians, and millions of users. In a network where major changes have historically caused hard forks and political battles, this is a distinct risk. The migration will affect signature sizes, consensus rules, and the infrastructure of wallets and exchanges. Even with working prototypes, the path from proposal to activation could take years.
Notably, other ecosystems are moving faster. Stellar and Algorand have already published roadmaps, and the Ethereum Foundation has formed a dedicated team and proposed the SPHINCS- account protection concept without the need for a hard fork. This shows that in more centralized or flexible protocols, the adoption of post-quantum solutions is progressing significantly more actively.
My analysis. Bitcoin finds itself in a paradoxical situation: its main advantage — decentralization and a conservative approach to change — becomes its primary bottleneck in the quantum race. While the community debates the legitimacy of forced migration, time is running out. By 2030, we may face a scenario where a technical solution already exists, but the political consensus to activate it has not been reached. This, in my view, is one of the most underestimated risks to Bitcoin's long-term security.