Executive Summary
Google’s Quantum AI team released research in March 2026 showing that a quantum computer with fewer than 500,000 physical qubits could potentially break Bitcoin’s elliptic‑curve encryption. The finding shortens earlier estimates that required tens of millions of qubits. In response, Bitcoin developers have advanced BIP‑360 and BIP‑361, while institutional players such as Jefferies and Michael Saylor’s firm are publicly acknowledging the quantum risk.
What Happened
Google’s paper, published in March, details a theoretical architecture that could compromise the cryptographic signatures protecting Bitcoin transactions. The study notes that the required qubit count is far below the previously cited 10 million‑qubit threshold. Google has set an internal target to be post‑quantum ready by 2029.
Simultaneously, the Bitcoin development community moved two key proposals forward. BIP‑360, authored by developer Hunter Beast, introduces a Pay‑to‑Merkle‑Root (P2MR) output that eliminates public‑key exposure on‑chain. BIP‑361, written by Jameson Lopp, outlines a three‑phase migration away from vulnerable signature schemes, including a potential freeze for wallets that fail to upgrade within five years.
Beyond the technical work, institutional actors are adjusting strategies. Jefferies removed its entire 10 % Bitcoin allocation from its pension model portfolio in January 2026, citing long‑term quantum risk. Michael Saylor announced a Bitcoin Security Program aimed at coordinating with the broader security community on quantum preparedness. Citi’s cybersecurity team has assigned a multi‑trillion‑dollar price tag to the quantum threat across the crypto sector.
Background / Context
Bitcoin’s security relies on elliptic‑curve cryptography, which could be rendered obsolete by a sufficiently powerful quantum computer—referred to as a cryptographically relevant quantum computer (CRQC). While no such machine exists today, estimates of the required qubit count have varied widely. The new Google research suggests the barrier may be lower than previously thought.
Approximately 1.7 million BTC sit in legacy Pay‑to‑Public‑Key (P2PK) addresses where the public key is permanently visible on‑chain, making them the most exposed to a quantum attack. An additional 1.1 million BTC linked to Satoshi Nakamoto’s holdings reside in addresses that cannot easily transition to quantum‑resistant formats.
The Bitcoin community faces a governance challenge as well as a technical one. Implementing mitigation measures requires broad consensus among developers, miners, users, and large institutional holders such as BlackRock. Without coordinated action, a future CRQC could exploit the vulnerable coins before a soft fork is activated.
Reactions
Developers welcomed the research as a catalyst for urgent action. Hunter Beast emphasized that BIP‑360’s design removes the public‑key exposure that quantum computers target. Jameson Lopp highlighted Phase B of BIP‑361 as a safeguard that could freeze non‑migrating wallets after a five‑year window.
Institutional voices expressed growing concern. Jefferies’ decision to withdraw its Bitcoin allocation underscores the shift from speculative risk to a perceived existential threat. Michael Saylor framed the issue as an engineering challenge, launching a security program to bring together experts across the ecosystem. Citi’s valuation of the quantum threat in multi‑trillion‑dollar terms signals that traditional finance is now factoring quantum risk into its crypto risk models.
What It Means
The lowered qubit threshold compresses the timeline for a potential quantum attack, prompting the Bitcoin community to accelerate protocol upgrades. If BIP‑360 and BIP‑361 gain sufficient support, they could dramatically reduce the attack surface by eliminating on‑chain public‑key exposure and enforcing migration deadlines.
However, the success of these proposals hinges on social consensus. Miners, large holders, and exchanges must adopt the new output types and enforce migration policies. Failure to achieve broad agreement could open a pathway for sovereign or institutional actors to push for alternative governance mechanisms outside Bitcoin’s existing consensus model.
What Happens Next
Developers will continue to refine BIP‑360 and BIP‑361, with a soft‑fork activation expected to be discussed at upcoming Bitcoin Core meetings. The “Hourglass” proposal, which would limit quantum‑theft to one BTC per block and direct fees to miners, is also under community review as a complementary mitigation.
Institutional players are likely to monitor the progress of these upgrades closely. Jefferies’ recent move may prompt other asset managers to reassess exposure, while Michael Saylor’s security program could foster collaborative research to harden Bitcoin against quantum threats.
Google’s internal target for post‑quantum readiness by 2029 adds a concrete deadline that may shape the urgency of Bitcoin’s governance discussions. As the quantum landscape evolves, the intersection of technical solutions and stakeholder consensus will determine whether Bitcoin can safeguard its largest deposits before a CRQC becomes operational.