The Reckoning: How Quantum Computing Could Expose Trillions in Digital Assets

A new report lays out the hidden risks quantum computers pose to the cryptographic locks protecting Bitcoin, Ethereum, and other digital assets, and why the time to act is now

Picture a locked box that anyone can see but only you can open with a special key you keep hidden. That simple idea powers the security of nearly every cryptocurrency wallet, bank transfer, and secure online login today. A new 110-page analysis from Project Eleven warns that this everyday protection could crumble within four to seven years under the weight of an entirely different kind of machine: the quantum computer. The report, titled The Quantum Threat to Blockchains – 2026 Report, maps out how more than three trillion dollars in digital assets, and much of the world’s broader digital infrastructure, sits on the edge of a vulnerability no one saw coming when these systems were first built.

To understand why this matters, it helps to step back and look at how cryptocurrencies and digital assets actually work. At their core, these systems rely on a technology called asymmetric cryptography. Think of it like a padlock that comes with two keys; one you can hand out freely (the public key, which becomes your wallet address that everyone can see) and one you guard closely (the private key). When you want to send bitcoin or ether, you use your private key to sign a message proving ownership. Anyone with the public key can verify the signature is genuine, but they cannot reverse-engineer the private key to forge new ones, at least, not with today’s computers. This same mathematical magic secures not only crypto but also the banking wires that move your paycheck, the cloud servers that store medical records, and the encrypted channels used by militaries and governments. Without it, digital trust would collapse.

The trouble begins when a sufficiently advanced quantum computer enters the picture. Classical computers solve problems step by step, like a person methodically testing one lock combination after another. Quantum machines, by contrast, exploit rules of physics called superposition, where a particle can exist in multiple states at once, and entanglement, where distant particles stay mysteriously linked. A quantum algorithm known as Shor’s algorithm turns the hard math behind asymmetric cryptography (such as the “discrete logarithm problem”) into something solvable in a relatively short time. Instead of needing billions of years to crack a 256-bit elliptic curve key, a quantum computer could do it in minutes or hours once it reaches a certain size and reliability. The result? An attacker could look at any public key on the blockchain, derive the matching private key, and quietly drain wallets that have sat untouched for years. The same threat extends beyond cryptocurrencies to the elliptic-curve systems that protect bank accounts, cloud logins, and secure military communications.

The financial stakes are enormous. Project Eleven’s report estimates that the digital-asset sector alone holds over three trillion dollars secured by these vulnerable signatures. Within that figure lie roughly 5.6 million to 6.9 million bitcoin tokens, currently worth up to half a trillion dollars, whose public keys have been exposed long enough to become easy targets once quantum power arrives. But the danger does not stop with cryptocurrencies. Every system using the same class of public-key cryptography suddenly becomes a potential victim, including payment networks, identity databases, even the underlying infrastructure that keeps the internet running. A single successful quantum attack could cascade through markets, erode confidence, and trigger economic shock waves far beyond any one wallet.

Project Eleven’s researchers reached these conclusions through a careful, multi-layered examination of both quantum-hardware trends and blockchain realities. They tracked how the number of physical qubits needed to run Shor’s algorithm on a 256-bit elliptic curve has dropped dramatically in recent years, thanks to better error-correction techniques and algorithmic shortcuts. They cross-checked hardware road maps from leading labs against historical rates of improvement in qubit count, coherence time, and gate fidelity. Layering in projections for when a machine would achieve the roughly 1,200 logical qubits and nine-minute runtime required for a full attack, they concluded that a “Q-Day,” the moment a cryptographically relevant quantum computer appears, is more likely than not by 2033 and could arrive as soon as 2030. Their calculation was not a wild guess but a synthesis of published experimental data, peer-reviewed resource estimates, and conservative assumptions about continued exponential progress.

What the researchers found paints a clear but uncomfortable picture. Blockchains are especially exposed because their public keys often remain static for years or decades, unlike the rotating keys used in many centralized systems. Once Q-Day hits, there is no easy “undo” button; stolen funds are gone. The report also highlights that migration to safer, post-quantum cryptography is not primarily a technical hurdle. The real gap is coordination, urgency, and willingness to bear the cost. While with effective leadership it can be done more rapidly, the inertia inherent to large organizations may result in a need for five to ten years for such organizations to overhaul their cryptography. Decentralized networks face an even steeper climb. Every user, exchange, custodian, wallet provider, and miner must move in rough lockstep, or the system risks fracturing. For Bitcoin in particular, the challenge is magnified by its history of slow, politically charged upgrades. A relatively modest change like SegWit took more than two years and nearly split the chain; a full post-quantum shift would be orders of magnitude more complex and would require consensus across a global, permissionless community.

The researchers recommend starting the transition immediately through hybrid schemes that layer post-quantum signatures alongside existing ones, allowing gradual rollout without breaking backward compatibility. They stress the need for clear upgrade paths, soft forks where possible, and coordinated testing across the ecosystem. On the specific question of those long-exposed bitcoin tokens, the report acknowledges a painful trade-off: one option is “recycling” them back into the circulating supply rather than leaving them as sitting ducks for a future quantum thief. That choice, however, collides directly with Bitcoin’s fixed-supply principle and its deep cultural commitment to property rights, creating tension that the community will ultimately have to resolve.

Project Eleven itself works at the frontier of these solutions. The firm develops practical, non-standardized versions of post-quantum algorithms such as ML-DSA-B (a lattice-based signature scheme) and THINCS (a threshold hash-based construction). While these have not undergone the full multi-year standardization process that NIST algorithms have, and are therefore considered by many to be less trustworthy, they benefit from close collaboration with respected cryptographers including JP Aumasson and Zooko Wilcox-O’Hearn, who help refine designs and security proofs. This hands-on focus gives the report extra credibility when it discusses what viable post-quantum cryptocurrencies could look like; faster, more efficient signatures that maintain the same user experience while resisting quantum attacks.

The real-world impacts of the report stretch beyond any single balance sheet. If industry delays, the first quantum-capable actor, whether a nation-state or a well-funded criminal group, could quietly amass private keys today and strike the moment hardware arrives, eroding trust in digital assets overnight. Banks and governments using the same cryptography would face parallel risks, potentially forcing emergency patches that disrupt everyday services. On the positive side, the urgency could accelerate innovation. Developers might build entirely new post-quantum blockchains from the ground up, or existing networks could evolve into hybrid systems that gracefully retire vulnerable keys. Either path would strengthen the entire digital economy against tomorrow’s threats.

The report provides a clear call to action. The window is narrowing, but it has not closed. Coordinated industry groups, standards bodies, and open-source contributors can begin drafting and testing migration blueprints now. Exchanges and custodians can start inventorying exposed keys and planning safe rotation mechanisms. Bitcoin developers can explore soft-fork paths that introduce post-quantum address types without forcing immediate change on every user. Governments and regulators, meanwhile, can support research into quantum-resistant infrastructure so that banking and critical systems move in parallel. The researchers emphasize that the gap is not technical; it is one of collective will. By treating the threat as an engineering problem rather than an inevitability, the digital-asset community, and the wider world that depends on the same cryptography, can turn a looming vulnerability into an opportunity for stronger, more future-proof systems.

In the end, the quantum era does not have to mean the end of trust in digital money. It simply demands that we upgrade the locks before the new kind of key arrives. The report shows both the scale of the risk and the practical path forward, reminding everyone that the security we take for granted today was never meant to last forever, but with foresight and cooperation, it can be made ready for whatever comes next.