The Quantum Computing Threat to Crypto: Time to Get Moving

4 September 2025 - 18:52 CEST

If the co-founder of Ethereum is concerned about the threat of quantum computing, maybe we should be too. 

But it’s not the easiest topic to understand in detail, as many eminent scientists and engineers have pointed out over the years.

"I think I can safely say that nobody understands quantum mechanics," said Richard Feynman, who was one of the pioneers of that subject, the forebear of quantum computing. Implicitly, a lay person can only have a conceptual understanding of what quantum computing can do, without knowing the intricacies. 

Minimal awareness

Anyone investing in cryptocurrencies, or considering it, should have at least a minimal awareness of the risks posed by quantum computing, whether or not you think “Q-Day” is imminent. 

If you want to read about Elliptic Curve Digital Signature Algorithms, SHA-256 and P2PKH addresses, there are plenty of places to look. Or instead, this is your primer.

The summary is that blockchain security will be at risk from quantum computing, making cryptocurrencies vulnerable to nefarious people with sufficient computing power. So, you need to secure your crypto holdings.

Some history

The more you peel back the story of quantum computing, the more complex it becomes.

It starts in Nov 1994, when the theoretical computer scientist Peter Shor published his paper on “Algorithms for quantum computation: discrete logarithms and factoring” at the 35th Annual Symposium on Foundations of Computer Science in Santa Fe, New Mexico. That foundational paper launched Shor’s Factoring Algorithm. 

Shor was followed in 1996 by Lov Grover and his quantum search algorithm. It significantly increases the potential of quantum computing in search tasks, which means it can effectively reduce security and hash functions. These would matter a great deal for cryptocurrencies because of their security and because mining uses hashing

Moreover, these algorithms can be used to compute something very much faster than any known classical algorithm, which means they can threaten cryptocurrencies

The threat

Vitalik Buterin, who co-founded the Ethereum blockchain network that went live in 2015, sees about a 20% chance of quantum computing breaking modern cryptography by 2030, according to a recent exchange with a computer science professor in an online meeting.

If instead that sentence read “there is a 20% chance of your bank account being hacked” you would expect the threat to be addressed as a matter of urgency. 

What does that threat look like?

Every crypto transaction uses asymmetric cryptography. There are two keys, one public and one private, to provide integrity and authenticity. In that way, it’s like every other financial transaction. 

There is a mathematical relationship between the public-private pair, though one is widely available and the other is secret. And there is a one-way functionality that means the public key can be easily derived from the private one, thanks to their relationship. Crucially, that does not work in reverse.

Until, that is, you have a sufficiently powerful quantum computer that can work out the private key from the public one, giving you access to other people's cryptocurrencies so you can steal them. That is what the Shor Factoring and the quantum search algorithms do. Or rather, what they could do. 

Qubits

Implementing them is highly complex, with various classical and quantum steps involved. More importantly, even the most advanced quantum computer only has a fraction of the qubits – the quantum equivalent of bits – required to perform the necessary functions. 

There is little common agreement about the numbers of qubits required or about the speed of the development of quantum computing power. What is clear is that today’s quantum technology is nowhere near the levels required to break those private keys. It is also clear the day will come when it can, just we don’t know when that will be. 

And that plays out when we look at the reality. Currently, a Bitcoin transaction takes an average of about 10 minutes, though that depends on network activity, hashrate and transaction fees, according to CoinMarketCap, which means it could take longer. That transaction time is the window a quantum computer has to work out the private key. However, there is some consensus that it would currently take a quantum computer several hours to find the key.

Safe for now

No need to panic – Bitcoin transactions are safe for now, at least, with quantum computing still in its relative infancy. However, the situation should start to concern crypto holders as the technology matures. 

El Salvador, a pioneer in attempting to adopt crypto within national policies, recently declared it would move funds from a single Bitcoin address into multiple new, unused addresses as part of a strategic initiative to enhance the security and long-term custody of its holdings. 

“Limiting funds in each address reduces exposure to quantum threats because an unused Bitcoin address with hashed public keys remains protected,” the Bitcoin Office of El Salvador said in a post on X. “By splitting funds into smaller amounts, the impact of a potential quantum attack is minimized,” it added.

And that is only the technical threat. Imagine the reputational impact of someone breaking into, say, Satoshi Nakamoto’s wallet. That could significantly dent public confidence in crypto. It’s a particularly potent example because the Nakamoto holding of 1.1 million BTC is probably in wallets dating from 2010, making it more vulnerable to quantum attacks than more modern wallets. One of the reasons is that the public key is exposed in older wallets and not in newer ones, which gives quantum computers the leg-up they need.

Building defences

Still, it’s important to be realistic about the threat quantum computing poses today. Shor and Grover discovered their algorithms in the mid-1990s: the development of quantum computing has proven to be difficult, time-consuming and expensive. 

At the current pace, we may have another 10 years before it could pose an impactful threat, though progress will not necessarily follow the same curve and some people are bracing themselves for change sooner than that. Buterin has given us a five-year time-span, for example.

It is coming

From the musings of Eddard Stark in the very first episode of Game of Thrones, we were continuously warned that “Winter is Coming”. A reminder to build pre-emptive defences against the quantum threat may not be a bad idea and plenty of people are making the point.

A “cryptographically-relevant quantum computer” is a matter of “when”, not “if”, according to a Dec 2024 report by Dr Michele Mosca and Dr Marco Piani of evolutionQ Inc. produced for the Global Risk Institute.

“Those regulating or managing cyber risk should be taking action to address this issue,” they advised.

Craig Gidney, a quantum AI researcher at Google, added a caution in May of this year, suggesting in a blog post that RSA encryption used in Bitcoin could be cracked 20 times faster than expected.

Research terms

AI tools are busy sorting through the topic and spewing out security solutions. Delve into post-quantum cryptography (PQC), quantum key distribution, quantum-resistant consensus, and layered and redundant security to be appraised of the options. Or talk to a human IT professional about what needs to happen. 

Here are some considerations ahead of that conversation.

  1. Not all crypto networks are equal. The newer networks, where you’ll find the likes of the Solana or Sui blockchains, are systemically better placed to withstand quantum threats, while the older networks, that host Bitcoin and Ether for example, are more vulnerable. And, therefore, it’ll take more work to secure them.

    It will also involve a tailored approach for each coin, because each has different characteristics. That’s why simply talking about PQC isn’t very useful. The tools required depend on the specifics of what you’re seeking to defend.

  2. Blockchains need upgrading. Many of them are already on the edge in terms of cost and capacity. Adding new PQC algorithms will put them under further strain. This isn’t insurmountable but it does need addressing as part of the defence-building process.
     
  3. Any solutions will involve a high degree of consensus across the entire crypto community, which might be hard to achieve on this topic. Again, without going into too much detail, everyone has to make the same changes to their addresses. Co-ordination bodies like the Blockchain Governance Initiative Network or the Institute of Electrical and Electronics Engineers have a role to play. But the decentralized nature of crypto lends itself to communal decision-making, not instruction setting by any particular organization or authority figure.

    Aside from the difficulties of finding an agreement, there is no guarantee everyone will take part. The private keys for somewhere between two and a half to four million Bitcoin are presumed lost forever, which is a significant proportion of the total 21 million supply. Their owners will never make the required changes, providing an enticing target for quantum-enabled hackers.

  4. Governments and their regulatory bodies can impose security measures. The UAE’s Cryptography Executive Regulation, for instance, already requires quantum-resistant measures in certain circumstances. However, that also requires consensus, though this time between countries, given the global nature of cryptocurrencies. And since there are multiple competing interests, that might be hard to reach.

Get moving

Building defences is not a trivial task. All the while quantum computing develops, the public and private sectors need to deploy efforts to identify and implement the countermeasures, as well as raising the necessary funding and co-operation to achieve these. That’s why it’s important to learn about it now, to start having the right conversations and to get moving before it’s too late. The known unknown is not whether quantum computing will be able to compromise cryptocurrencies but when. Will the crypto community be ready?