According to the source, headlines about Saudi Arabia’s first quantum computer have raised concerns about whether BTC can be broken, but current devices lack the large-scale, fault-tolerant logical qubits needed to run Shor’s algorithm against Bitcoin’s secp256k1 ECDSA at practical speeds, keeping immediate quantum risk low for traders; source: NIST 2022 PQC selections; IBM Quantum roadmap 2023–2024; National Academies 2019. Breaking a single 256-bit ECDSA key is estimated to require thousands of logical qubits and over 10^9 T-gates, implying millions of physical qubits with surface-code error correction—orders of magnitude beyond today’s hardware; source: Roetteler et al. 2017; Fowler et al. 2012; Gidney and Ekerå 2019. Bitcoin only reveals a public key when coins are spent, so UTXOs in non-reused addresses remain shielded from quantum key-recovery until broadcast, concentrating any near-term vulnerability on exposed or reused keys; source: Antonopoulos, Mastering Bitcoin (2nd ed.); Aggarwal et al. 2017. For positioning, treat quantum as a monitoring catalyst rather than an immediate tail risk, and watch credible milestones such as thousands of stable logical qubits and NIST’s PQC FIPS finalization that would signal migration timing; source: NIST 2024 draft FIPS 203/204; National Academies 2019. If a cryptographically relevant quantum computer emerges, assets tied to exposed public keys and reused addresses would face the earliest risks, reinforcing UTXO hygiene and readiness to upgrade wallets once PQC paths are standardized; source: Aggarwal et al. 2017; Bitcoin developer documentation.

According to the source, IBM says new quantum processors and software advances will accelerate its path toward fault-tolerant quantum computing; IBM’s public roadmap outlines progress toward error-corrected systems through the late 2020s (source: IBM Research, IBM Quantum roadmap 2023: https://research.ibm.com/blog/ibm-quantum-roadmap-2023). For traders, the near-term risk is headline-driven volatility as Q-Day narratives resurface, while the structural risk centers on Bitcoin’s use of ECDSA over secp256k1, which would be vulnerable to sufficiently large error-corrected quantum computers implementing Shor’s algorithm (source: Bitcoin.org Developer Guide: https://developer.bitcoin.org/devguide/transactions.html; NIST Post-Quantum Cryptography project overview: https://csrc.nist.gov/projects/post-quantum-cryptography). Current research indicates that breaking elliptic-curve cryptography at practical speeds requires on the order of millions of physical qubits and long coherent runtimes, exceeding today’s capabilities (source: Roetteler et al., Quantum Resource Estimates for Computing Elliptic Curve Discrete Logarithms, Microsoft Research: https://www.microsoft.com/en-us/research/publication/quantum-resource-estimates-for-computing-elliptic-curve-discrete-logarithms/). Policy timelines also suggest a multi-year migration: NIST has issued the first post-quantum cryptography standards and U.S. cybersecurity guidance urges inventory and transition planning this decade, informing crypto custody risk management and exchange security roadmaps (source: NIST PQC standards update 2024: https://www.nist.gov/news-events/news/2024/08/nist-releases-first-post-quantum-cryptography-standards; CISA Quantum-Readiness Guidance: https://www.cisa.gov/quantum-readiness). Traders should monitor on-chain proposals for post-quantum signatures, custody providers’ PQC rollout plans, and IBM quantum performance milestones, as these can influence BTC risk premia and options skew (source: Bitcoin BIPs index: https://github.com/bitcoin/bips; IBM Research roadmap: https://research.ibm.com/blog/ibm-quantum-roadmap-2023).

According to Charles Edwards (@caprioleio), up to 20–30% of BTC held in legacy P2PK outputs could be taken by a future quantum computer within 2–8 years, and he proposes either allowing theft-related dumping or enforcing a migration window that burns unmigrated coins (source: Charles Edwards on X, Oct 15, 2025). According to Bitcoin Wiki, P2PK outputs reveal public keys on-chain, leaving any unspent P2PK UTXOs inherently exposed if Shor’s algorithm breaks secp256k1 ECDSA (source: Bitcoin Wiki, Pay-to-Pubkey). According to NIST’s Post-Quantum Cryptography program, no cryptographically relevant quantum computer exists today, though ECDSA is not quantum-safe and migration to standardized PQC schemes like CRYSTALS-Dilithium will be required once timelines warrant (source: NIST PQC status reports, 2022–2024). According to Roetteler et al. (Microsoft Research), breaking a single secp256k1 key demands very large fault-tolerant quantum resources beyond current hardware, making the specific 2–8 year horizon uncertain for traders to price (source: Roetteler et al., 2017, Quantum Resource Estimates for ECC).