Quantum computing is emerging as a real but highly selective risk for Bitcoin, with exposure depending less on the asset itself than on how specific wallets were used. Galaxy Digital’s research argues that the immediate threat is concentrated in wallets whose public keys are already visible on-chain, rather than in the broader Bitcoin supply.
That distinction matters because most Bitcoin addresses still keep their public keys hidden until funds are spent, giving the network time to adapt before quantum hardware reaches a dangerous threshold. In that sense, Galaxy’s conclusion is not that Bitcoin faces an immediate existential problem, but that certain categories of holdings already sit closer to the front line of the risk.
quantum computing may threaten classical cryptography, including the crypto that powers bitcoin transactions
if there’s even a chance that’s true, the bitcoin community should work to prepare and mitigate
the good news is that bitcoin devs are indeed working on it pic.twitter.com/ZBf369mXOG
— Alex Thorn (@intangiblecoins) March 19, 2026
Where the exposure is concentrated
The core technical issue is straightforward: if quantum machines become powerful enough to run algorithms such as Shor’s against elliptic curve cryptography, they could derive private keys from exposed public keys. That means vulnerability begins only once a public key has been revealed on-chain, not while funds remain behind a hashed address that has never been spent from in a way that exposes that key.
Galaxy’s analysis highlights three main categories of exposure: long-dormant wallets with previously revealed public keys, address reuse across multiple spends, and older custodial or legacy wallet formats that have already emitted public keys. These are the holdings that would face the earliest pressure if quantum capability advanced to the point of practical exploitation.
Project Eleven data cited in the research estimated that roughly 7 million BTC fall into this long-exposure category, making them the most sensitive part of the network under a future quantum scenario. That does not mean those coins are under immediate attack today, but it does define the portion of Bitcoin supply that could become disproportionately vulnerable first.
The response is already underway
Galaxy also stressed that the ecosystem has not been standing still, and that work on mitigation accelerated meaningfully from late 2025 onward. The response has developed along two lines: migrating toward new cryptographic formats and building operational controls for coins whose public keys are already exposed.
On the cryptography side, developers have been exploring new address formats that would incorporate post-quantum primitives and create a path away from ECC-based protection. Alongside that, tooling is being designed to help users and institutions move funds from vulnerable wallet formats into more resilient address structures with less operational friction.
For holdings that cannot simply be treated as untouched, architects have also discussed controlled-spending frameworks intended to narrow the attack surface while preserving recoverability. That approach reflects a more practical posture: not every exposed coin can be made invisible again, so some of the work is focused on managing risk rather than pretending it can be eliminated outright.
The bigger issue is operational discipline
Galaxy’s broader message is that the threat is serious enough to plan for, but not so immediate that it overwhelms the network’s ability to respond. Alex Thorn captured that tone by emphasizing that more technical work is happening behind the scenes than most people realize, particularly among wallet teams, custodians and client developers.
That leaves custodians and wallet providers with a clear set of priorities: eliminate address reuse, audit legacy wallet formats, and build migration paths that reduce unnecessary public-key exposure during fund transfers. For the broader ecosystem, the resilience question now depends less on abstract fear of quantum computing and more on how quickly infrastructure providers can coordinate practical upgrades before the theoretical risk becomes operational.
