---

Analysts at Bernstein published an investor note on April 8, 2026, arguing that quantum computing presents a real but containable challenge to Bitcoin's security, one they describe as a medium-to-long-term upgrade cycle rather than a risk. The note, led by analyst Gautam Chhugani, frames the threat as an infrastructure transition, not a reason to abandon the asset class.

The report noted that timelines have shortened. Google Quantum AI researchers published findings in March 2026 suggesting that a sufficiently advanced quantum computer could theoretically compromise Bitcoin's cryptographic security in under nine minutes. Bernstein acknowledged that the challenge is "no longer a decade away as thought earlier," citing Google's work reducing qubit requirements by roughly 20 times. The firm estimates the crypto industry has three to five years to complete a transition to post-quantum security.

What Is Actually at Risk

Bitcoin's current security depends on a cryptographic system called ECDSA (Elliptic Curve Digital Signature Algorithm). A powerful enough quantum computer could use a mathematical technique called Shor's Algorithm to reverse-engineer a private key from a public key. The most vulnerable wallets include legacy P2PK wallets and Taproot (P2TR) addresses, where public keys are permanently visible on the blockchain. Taproot is a relatively recent protocol upgrade, not a legacy format, yet its permanently on-chain public keys place it in the same high-exposure category as older wallet types. Bernstein puts approximately 1.7 million BTC in this high-exposure category. Broader estimates from CoinDesk put the figure closer to 6.5 million BTC, which includes coins in wallets linked to Bitcoin's pseudonymous creator Satoshi Nakamoto. Chaincode Labs research places the value of potentially exposed coins somewhere between $400 billion and $900 billion.

Bitcoin's mining process, which uses SHA-based hashing, is considered effectively safe even in advanced quantum scenarios, according to Bernstein. The concern is concentrated in wallet-level key security, not the network's consensus mechanism.

Blockstream CEO Adam Back offered a measured read. "Quantum computers do not yet pose a practical threat to Bitcoin," he told CoinDesk, noting that current hardware lacks the error correction needed to execute real attacks. But he added that preparation should begin regardless of where one lands on the timeline question. "We don't have to agree about the timeline for quantum computers to become powerful enough to be a threat," he said. "The goal is to prepare Bitcoin and give people the option to migrate their keys to a quantum-ready format."

The Technical Path Forward

U.S. standards body NIST finalized three post-quantum cryptography standards in August 2024, providing the algorithmic foundation for a migration. A fourth standard, HQC (a key encapsulation mechanism), was selected in March 2025, completing the current NIST post-quantum framework. The tools exist. What remains is governance, coordination, and deployment across a decentralized network with no central authority to mandate upgrades.

Several proposals are under active development on Bitcoin, including BIP360, which would remove on-chain public keys for new transactions going forward, and a two-phase transaction scheme proposed by researcher Tadge Dryja to reduce mempool exposure. A fourth proposal, Hourglass V2, put forward by Hunter Beast, has drawn community opposition, a signal that the developer community is not yet aligned on upgrade paths. None are activated on mainnet. A signature scheme called SPHINCS+, now a NIST standard, is one candidate for post-quantum Bitcoin transactions, but it comes with a cost: transaction sizes would balloon from roughly 64 bytes to more than 8 kilobytes, increasing fees and chain congestion.

Other networks are moving faster. Ethereum established a dedicated quantum research team in 2025 and published a four-part upgrade roadmap targeting 2029. Solana launched optional Winternitz Vault smart contracts, which use opt-in hash-based one-time signatures, in December 2025. Coinbase has assembled an independent quantum advisory board of cryptographers.

Blockstream is also using its Liquid network as a live testing ground, with a 20-person research team actively publishing and implementing quantum-resistant approaches, adding practical weight to the broader upgrade narrative.

Why This Matters Outside the US

Bernstein's note flags BlackRock, Fidelity, and Strategy as institutions expected to play a "constructive role" in Bitcoin's security transition. BlackRock has already added quantum computing as a named risk in its iShares Bitcoin Trust ETF filing, the first such disclosure from a major institutional issuer. The ETF holds approximately 3.8% of circulating Bitcoin supply.

The institutional framing, however, leaves a large gap. India leads the world in crypto adoption by user count, with approximately 150 million users as of 2025 according to Chainalysis. Mobile-first, peer-to-peer usage is dominant, and address reuse, a practice that increases quantum exposure by keeping public keys on-chain indefinitely, is common among retail users. Nigeria, one of the world's most active crypto markets by P2P volume, has 30 million users on Binance Wallet alone, many of whom rely on informal custody practices that carry similar risks.

Pakistan presents a similarly urgent picture. Binance P2P data shows 18.7% growth in P2P remittance crypto volume, alongside 29% year-on-year national remittance growth recorded by the World Bank. Pakistan's newly passed Virtual Assets Act 2026, signed into law on March 5, 2026, opens the country more formally to crypto rails at precisely the moment when the underlying cryptographic security of those rails is under scrutiny. The quantum risk therefore carries direct implications for a remittance-dependent economy that is only beginning to build out regulated crypto infrastructure. In East Africa, Kenya is another market where the exposure is substantial. BitPesa and AZA Finance together serve 6.5 million people, and stablecoin-based transactions across Sub-Saharan Africa grew over 180% year-on-year according to TRM Labs 2025 data. Bangladesh and Sri Lanka are also identified as growing P2P corridor markets where wallet education remains nascent and migration tooling is largely absent.

For these users, a key migration cycle is not a straightforward compliance task. It requires technical awareness, accessible tooling, and local exchange support that does not yet exist at scale. Michael Heinrich, CEO of 0G Labs, summed up the timing problem plainly: "Users' assets are safe today," but the industry risks being unprepared by 2035.

Looking Ahead

The Global Risk Institute puts the probability of a cryptographically relevant quantum computer at 17 to 34 percent by 2034, rising to roughly 79 percent by 2044. Google has committed to migrating its own authentication systems to post-quantum cryptography by 2029, a deadline the broader industry is watching as a reference point.

Rodolfo Novak, CEO of hardware wallet firm Coinkite, put the coordination challenge plainly: "The threat isn't imminent, but the Bitcoin community should prepare anyway since upgrade processes take years." For the millions of retail users in emerging markets who have the most to lose and the least institutional support, that preparation will require local developers, exchanges, and community educators to be part of the migration from the start.