The core financial exposure from a quantum threat is a massive liquidity event, not a network crash. Bernstein estimates that 1.7 million BTC, around $116.6 billion, stored in legacy address formats from Bitcoin's early days expose their public keys on the blockchain. This creates a direct target for a "harvest now, decrypt later" attack, where stolen keys could be used to drain funds years from now.

Bitcoin mining and the SHA-256 algorithm that secures the network remain quantum-resistant, protecting the system's core flow. Experts like Blockstream CEO Adam Back emphasize that current quantum computers are "extremely basic," with the most advanced systems only capable of factoring trivial numbers like 21. The threat is specifically to older wallets, not the mining process itself.

The bottom line is a $116.6 billion flow risk. This represents a pool of capital that could be vulnerable if quantum decryption capabilities advance faster than users migrate to newer, quantum-resistant formats. The network's stability is intact, but the event would be a significant, targeted liquidity drain from a specific subset of the Bitcoin supply.

The Migration Timeline: A Decade of Flow Management

The industry's advocated response is a measured, decade-long migration. Blockstream CEO Adam Back has called for a roughly a decade in which to do that, framing the quantum threat as a long-term challenge that allows for a gradual, coordinated transition away from vulnerable legacy wallets. This timeline provides a practical window for developers and users to adopt new formats before any theoretical hardware breakthrough becomes a reality.

The technical foundation for this migration is already in place. NIST has released a final set of encryption tools and three post-quantum cryptography standards that can be implemented now. These ready-to-use standards, developed through an eight-year process, offer the cryptographic building blocks needed to secure Bitcoin keys against future quantum attacks. The focus is on proactive adoption, not waiting for a crisis.

The hardware reality further stretches this timeline. Practical quantum computers capable of breaking Bitcoin's cryptography would require hundreds of thousands of stable, error-corrected qubits, a scale far beyond today's systems. Current machines operate with roughly a thousand qubits and are described as "extremely basic." This gap between theoretical threat and practical capability supports the feasibility of an orderly, decade-long flow management event rather than a sudden network disruption.

Catalysts and Risks: Flow Signals to Watch

The key catalyst for a smooth migration is the adoption rate of NIST's post-quantum cryptography (PQC) standards by major exchanges and custodians for new wallet deployments. Three NIST standards are ready to be implemented now, providing the technical foundation. Their rapid integration into institutional infrastructure will determine whether the industry can manage the $116.6 billion flow risk through orderly, coordinated upgrades.

The major risk is a delay in this coordinated migration, leaving legacy wallets exposed if quantum hardware advances faster than expected. The highest threat is to the 1.7 million BTC, around $116.6 billion, in legacy wallets that expose public keys. If the industry fails to migrate at the projected pace, a "harvest now, decrypt later" attack could materialize sooner than the decade-long window suggests.

The need to monitor for breakthroughs in quantum hardware that could compress the projected timeline for a practical threat is critical. While current systems are "extremely basic," breaking Bitcoin's cryptography would require hundreds of thousands of stable, error-corrected qubits. However, 2026 is poised to be a pivotal year where quantum computing begins to demonstrate clearer pathways toward commercial viability. Any acceleration in hardware milestones would directly compress the migration timeline and increase the urgency for action.