The report sets 2033 as its baseline estimate for "Q-Day," the point at which a fault-tolerant quantum computer could crack the elliptic curve cryptography securing most blockchain wallets. A more optimistic hardware scenario places that date at 2030, while a pessimistic one extends it to 2042. Project Eleven estimates that more than $2.5 trillion in assets across all major blockchains sit vulnerable to a quantum-enabled attack.

---

How the Attack Would Work

Bitcoin's security relies on a mathematical problem called the Elliptic Curve Discrete Logarithm Problem (ECDLP). In plain terms, a wallet's public key can be exposed on the blockchain, but deriving the private key from it is designed to be computationally impossible for classical computers. The degree of exposure depends on address type and spending behavior. In legacy Pay-to-Public-Key (P2PK) addresses, the public key is permanently visible on-chain regardless of any activity. In standard Pay-to-Public-Key-Hash (P2PKH) addresses, the key is only exposed when funds are spent, not merely when a transaction is received. Transactions sitting in the mempool before confirmation create an additional brief exposure window.

Shor's algorithm, running on a sufficiently powerful quantum machine, dissolves that protection. Once a public key is visible on-chain, a quantum attacker could potentially compute the corresponding private key and drain the wallet. A March 31, 2026 paper from Google Quantum AI estimated that such an attack against a 256-bit ECDSA key could be completed in under nine minutes.

The same Google paper revised the physical qubit requirement for such an attack downward by roughly 20 times compared to prior estimates, placing the threshold below 500,000 qubits. A separate paper from Caltech and quantum hardware firm Oratomic put the number as low as 10,000 qubits under a neutral-atom architecture, though that approach differs significantly from the superconducting systems most major labs are building today.

"The resource requirements for this type of attack keep dropping, and the barrier to running it in practice is dropping with them," said Alex Pruden, CEO and co-founder of Project Eleven.

---

On-Chain Exposure

Approximately 6.9 million BTC currently has exposed public keys, according to Project Eleven and reporting from CoinDesk. Around 1.7 million BTC sits in P2PK format addresses, the legacy format that permanently displays the public key on-chain. Separately, roughly 1 million BTC attributed to Satoshi Nakamoto's dormant wallets, untouched since Bitcoin's earliest days, also carries public-key exposure. A further vulnerability was reintroduced by the 2021 Taproot upgrade: its optional key-path spend path creates a quantum-exploitable exposure for wallets using the newer P2TR format, which is part of why reform proposals have focused on Taproot outputs as well.

On April 24, researcher Giancarlo Lelli won Project Eleven's 1 BTC "Q-Day Prize" after breaking a 15-bit elliptic curve key on cloud quantum hardware. That represents a 512-times improvement over the previous public record, a 6-bit key broken by Steve Tippeconnic in September 2025.

A 256-bit key, which secures actual Bitcoin wallets, remains far beyond current quantum reach, but the pace of progress is what Project Eleven's report finds alarming.

---

Bitcoin's Governance Problem

Several proposals for quantum-resistant Bitcoin upgrades are already in circulation. BIP-360, entered into the official Bitcoin Improvement Proposal repository in February 2026 and co-authored by Ethan Heilman and Hunter Beast, would remove the quantum-vulnerable key-path spend from Taproot outputs. The proposal represents a protective first step rather than a complete post-quantum solution. Critically, BIP-360 does not address coins already held in old exposed formats such as P2PK, meaning legacy holdings and wallets like those attributed to Satoshi Nakamoto would remain at risk even if the proposal were adopted.

Hunter Beast described it as "a first step in a larger set of quantum-resistance proposals that will be necessary to quantum-harden Bitcoin."

BIP-361 goes further, proposing to phase out older vulnerable signature schemes and potentially freeze spending from exposed wallets. That last element has drawn sharp criticism.

Blockstream CEO Adam Back has argued for optional upgrades rather than forced restrictions, reflecting broader resistance in Bitcoin's governance culture to top-down mandates.

Researchers have also put forward interim measures. Tadge Dryja, a cryptographer at MIT, has proposed a Commit/Reveal Scheme: a two-phase soft fork designed as a bridge solution that would protect mempool transactions from quantum interception while longer-term changes are debated. A separate mechanism called Hourglass V2, referenced in BIP-361, addresses the same mempool attack vector through a different approach.

Nic Carter of Castle Island Ventures described Bitcoin's quantum preparedness as "worst in class" compared to other major blockchains.

Ethereum, by contrast, has run dedicated post-quantum research programs since 2018, maintains a published roadmap at pq.ethereum.org, and has four dedicated teams working on the problem.

The technical hurdle is significant regardless of governance debates. Replacing current 64-byte ECDSA signatures with post-quantum alternatives like SPHINCS+ (formally designated SLH-DSA under NIST's FIPS 205 standard, finalized in August 2024) would increase signature sizes to over 8,000 bytes, potentially expanding Bitcoin block sizes by up to 38 times.

"Each protocol will have to redesign different parts of their stack to absorb post-quantum signatures," said Conor Deegan, CTO and co-founder of Project Eleven.

---

Regional Stakes

The exposure is not evenly distributed. India ranks first globally on the 2026 Crypto Adoption Index, with WazirX and CoinDCX together serving roughly 60 million users. India also ranks second in the world for quantum-safe blockchain research publications, with 409 papers, trailing only China's 679. That level of academic awareness, however, has not translated into retail migration toward safer address formats, leaving tens of millions of users exposed.

Nigeria ranks second on the adoption index, with Binance Wallet alone reporting 30 million Nigerian users.

Pakistan ranks eighth globally.

Kenya, though outside the top ten, has emerged as a significant exposure point. BitPesa serves 6.5 million Kenyan users primarily for cross-border remittances, and Sub-Saharan Africa as a region has seen stablecoin adoption grow 180 percent year over year, with Nigeria, Kenya, Ethiopia, and Ghana now ranking in the global top 20 for crypto adoption.

In these markets, crypto frequently serves as a savings vehicle rather than an active trading instrument, meaning wallets are funded, left dormant, and rarely cycled to new address formats. That behavior maximizes quantum exposure.

None of the major regulators across these markets have issued post-quantum security guidance for crypto service providers. The gap spans India's SEBI and RBI, Nigeria's SEC and Central Bank of Nigeria (CBN), Pakistan's SBP and Securities and Exchange Commission of Pakistan (SECP), and Kenya's Capital Markets Authority (CMA).

Regional exchanges have not published migration timelines either. Platforms including WazirX and CoinDCX in India, and Quidax in Nigeria, have not announced plans to move users to quantum-resistant address formats.

---

What Comes Next

NIST recommends that classical cryptographic systems complete migration to post-quantum standards by 2035.

A 50-page Coinbase advisory board report published in April, co-authored by Stanford cryptographer Dan Boneh and Ethereum Foundation researcher Justin Drake, urged the industry not to wait. The report stated: "We have high confidence that a large-scale, fault-tolerant quantum computer will eventually be built. The time to begin preparing for it is now." The authors added: "Waiting for it to be urgent is not a good idea."

Project Eleven has announced a follow-up challenge combining AI models and quantum cryptanalysis.

The 2030 scenario remains an edge case in the firm's own modeling, but evidence from Google's March 2026 paper, the Coinbase advisory board report, and Project Eleven's research increasingly points in the same direction: the window for an orderly transition is open now, and it will not stay open indefinitely.