‘Q-Day’ and Bitcoin — why quantum computers worry crypto, and what you can actually do
A growing debate in crypto centers on "Q-Day" — the hypothetical future moment when a powerful quantum computer could cr…
A growing debate in crypto centers on "Q-Day" — the hypothetical future moment when a powerful quantum computer could crack the cryptography that protects Bitcoin wallets. No such machine exists today, and experts stress that current quantum computers are far too small and unstable to threaten Bitcoin. But recent research has made the risk feel less like science fiction, and it is worth understanding what is actually at stake.
Bitcoin secures your coins with a digital signature built on elliptic-curve cryptography. In simple terms, your wallet has a private key that only you know and a public key derived from it. The math is designed so that it is practically impossible to work backward from the public key to the private one. A large, error-corrected quantum computer running an algorithm published by mathematician Peter Shor in 1994 could, in theory, break that one-way relationship and recover a private key from an exposed public key. As a16z research partner Justin Thaler put it to Decrypt, such a machine could "forge the digital signatures Bitcoin uses today" and authorize a transaction draining your coins that you never approved.
The important detail for beginners is that this only threatens addresses whose public key has already been revealed. Every time coins are spent from an address, its public key becomes visible on the blockchain forever. Old wallets, reused addresses, and early mining payouts are the most exposed — including roughly a million coins from Bitcoin's earliest days that are believed to have belonged to its creator, Satoshi Nakamoto. Thaler notes the biggest worry is abandoned coins, perhaps $180 billion worth, because no one is left to move them to safer wallets.
How close is Q-Day? Nobody knows. In March 2026, research papers from Caltech and Google suggested quantum machines might break this cryptography with fewer resources than expected, and researcher Justin Drake estimated "at least a 10% chance" that a quantum computer recovers a Bitcoin private key from an exposed public key by 2032. Governments are moving too: the US committed $2 billion to quantum development, France began refusing to certify technology that isn't quantum-safe, and Coinbase set up an advisory board on the topic. Estimates for when a real threat arrives still range from a few years to the 2030s.
Bitcoin developers have floated several upgrade paths — proposals with names like BIP-360 and BIP-361 — that would add post-quantum signatures or eventually retire the vulnerable ones. None is simple. Post-quantum signatures can be ten to a hundred times larger than today's, which every node would have to store forever, and Bitcoin's decentralization makes any network-wide change slow and contentious.
For now, no ordinary user needs to panic, but two habits genuinely lower your long-term risk: use a modern wallet, and avoid reusing addresses, since a fresh address keeps your public key hidden until the moment you spend. This is information, not a reason to move your coins in a hurry. The honest summary is that Q-Day is a real long-term engineering problem the community has time to solve — as long as it starts early.