Around 6.9 million BTC sit in addresses already exposed to a future quantum attack, and researchers keep shortening the timeline. A sober look at the quantum threat to bitcoin and what UK holders can actually do.
Important Risk Warning
This is not financial advice. Cryptocurrency investments are highly volatile. The value of your investment can go down as well as up, and you could lose all the money you invest. Don't invest unless you're prepared to lose all the money you put in.
London — Every few years, "quantum computers will break bitcoin" does a lap of the headlines and dies down again. This year feels different, and not because of marketing. The people sounding the alarm now are cryptographers with publication records, and the numbers they're publishing keep moving in the wrong direction.
So let's treat the question like adults. What's actually at risk, when, and what — if anything — should a UK bitcoin holder do about it?
Bitcoin's ownership model rests on elliptic-curve cryptography: your private key signs transactions, and deriving that key from your public key is computationally impossible for any classical computer. A sufficiently large quantum computer running Shor's algorithm breaks exactly that assumption.
The exposure isn't uniform. Coins are vulnerable where the public key is already visible on-chain — and CoinDesk reported in April that roughly 6.9 million BTC fall into that category, including Satoshi Nakamoto's untouched early holdings and coins in addresses reused or spent from since Taproot's 2021 rollout. At today's prices, that's hundreds of billions of pounds sitting behind a lock that quantum hardware is explicitly designed to pick.
Coins in unused, modern addresses are safer, because their public keys stay hidden until the moment they're spent. Safer — not safe. A fast enough attacker could in theory intercept a transaction in the window between broadcast and confirmation. That's a harder attack, but "harder" is doing a lot of work in that sentence.
Honest answer: nobody knows, and the estimates have been shortening. Industry assessments now put the arrival of a cryptographically relevant quantum computer more likely than not by 2033, with some scenarios as early as 2030. A Google Quantum AI paper from March 2026 estimated that breaking secp256k1 — bitcoin's curve — could need fewer than 500,000 physical qubits under certain hardware assumptions, a fraction of earlier estimates.
The hedge in every sentence matters: these are projections, hardware assumptions change, and quantum research has a long history of overpromising. But risk management doesn't get to wait for certainty. The UK's National Cyber Security Centre has told British organisations to complete their migration to post-quantum cryptography by 2035, with planning underway now. The NCSC doesn't publish timelines like that for hypothetical threats.
The mathematics is solved. NIST finalised post-quantum encryption standards — ML-KEM, ML-DSA and SLH-DSA — back in August 2024, and Apple, Signal, Google and Cloudflare are already deploying them.
Bitcoin's problem is governance, not maths. Project Eleven's chief executive told CoinDesk in May that bitcoin's post-quantum migration will be harder than Taproot — an upgrade that took roughly five years and remained opt-in. A quantum migration can't be opt-in. Every user, wallet, exchange and miner has to move, and coins that don't move stay vulnerable forever. A follow-up report from the same firm put it more bluntly: it might already be too late to do this tidily.
Then there's the question nobody has a good answer for. What happens to the 6.9 million exposed coins — Satoshi's included — that may never move? Freeze them by consensus and you've confiscated property. Leave them and a future quantum attacker inherits roughly a million-coin treasury to dump on the market. Both options are ugly, and the debate over which ugliness to choose has barely started.
Less than the doom-mongers say, more than nothing.
Don't reuse addresses — ever. A fresh address per receipt keeps your public key off-chain until you spend, which removes you from the most exposed category. If you hold through an exchange or a London-listed ETN, key hygiene is the custodian's job, so the relevant question becomes whether your provider has a post-quantum plan; expect that to appear in due-diligence questionnaires within a couple of years. And treat any "quantum-proof bitcoin" token or product with the suspicion it deserves — the migration, when it comes, will happen at the protocol level, not through somebody's presale.
The timeline to watch isn't a price chart. It's the cadence of quantum hardware announcements against the speed of bitcoin's notoriously slow consensus process. The technology threatening the lock is funded like a space race; the committee redesigning the lock meets when it meets. That mismatch, not any single qubit count, is the actual risk.
Journalism
We use cookies to enhance your experience. By clicking "Accept", you agree to our use of cookies for analytics. See our Privacy Policy.
