Bernstein: The quantum threat to Bitcoin is real but manageable, with a 3–5 year upgrade window—not an end-of-the-world countdown.

A well-known Wall Street broker, Bernstein, released a research report stating that the threat quantum computing poses to Bitcoin is “real but manageable.” Recent breakthroughs from Google Quantum AI have compressed the risk timeline, but Bitcoin has a 3 to 5 year window to upgrade. Risk is concentrated in roughly 1.7 million BTC’s old wallets, and the SHA hashing mechanism that Bitcoin mining relies on remains secure under quantum scenarios.
(Backgrounder: The Bitcoin quantum threat isn’t a technical issue; Grayscale research: community consensus is the real bottleneck)
(Additional context: Not only North Korea—does China also covertly support hacker organizations? A cybersecurity report reveals: intelligence agencies are collaborating with China’s “five-year plan”)

Table of Contents

Toggle

• Why this timeline has been compressed
• Risk map: 1.7 million BTC exposed
• 3 to 5 year upgrade window

Every so often, the narrative that “quantum computers will destroy Bitcoin” resurfaces. On April 8, the Bernstein team led by analyst Gautam Chhugani released a report that characterizes the quantum threat as “a mid-to-long-term system upgrade cycle, not a risk.”

Why this timeline has been compressed

The core takeaway from the Bernstein report is this: the quantum threat is no longer a problem of ten years from now. Google Quantum AI has recently achieved a breakthrough in reducing the number of qubits required, meaning the quantum compute threshold needed to break modern encryption is being lowered.

Elliptic Curve Cryptography (ECC), which is widely used in today’s crypto wallets, can theoretically be broken by machines with sufficient quantum computing power. This is because quantum computers use quantum superposition and quantum entanglement to process certain mathematical problems with exponential efficiency, including deriving private keys for elliptic curves.

However, Bernstein also points out that “scaling up quantum systems to break widely used encryption algorithms” remains a complex, multi-step challenge—it’s not something that will happen tomorrow.

Risk map: 1.7 million BTC in the exposure zone

Bernstein’s report precisely geolocates where the risk is concentrated: in legacy wallets holding about 1.7 million BTC. These wallets use address formats that have been deprecated or are known to have vulnerabilities. Their public keys are publicly exposed on-chain, and once quantum computing power is sufficient, attackers could theoretically derive the private keys from the public keys.

By contrast, wallets that follow modern best practices—including avoiding address reuse and using newer address formats—would see their exposure reduced dramatically.

Another piece of good news comes from the mining side: Bitcoin mining relies on the SHA family of hashing algorithms, not elliptic curve cryptography. Bernstein notes that even in advanced quantum scenarios, the SHA hashing mechanism remains effective and secure. This means the quantum threat’s impact on Bitcoin’s “consensus layer” (the mining network) is extremely limited, with the main risk concentrated at the wallet layer.

A recent academic paper even suggests that if someone wanted to attack the Bitcoin blockchain via quantum mining, the required energy would be equivalent to the output of a star.

3 to 5 year upgrade window

Bernstein estimates that the crypto industry has about 3 to 5 years to complete the transition to Post-Quantum Cryptography (PQC). Related roadmaps have been discussed in the community:

• New wallet standards (supporting post-quantum algorithms)
• Reducing address reuse
• Key rotation mechanisms

The target timelines for some analysts point to 2029. This roughly aligns with the standardization timeline for PQC at NIST (the U.S. National Institute of Standards and Technology). NIST officially released its first batch of post-quantum cryptography standards in 2024.

Upgrades to the Bitcoin protocol have traditionally been slow and require broad consensus, but a 3 to 5 year window is not without precedent—Bitcoin has already undergone major protocol upgrades like SegWit and Taproot.