Quantum Threat to Cryptocurrency: 2026 News & Developments
The year 2026 marks a decisive inflection point. The $2.5 trillion cryptocurrency market faces an asymmetric threat as quantum computing shifts from NISQ to fault-tolerant systems. Track the three quantum threats, company roadmaps, and the urgent dual-track migration effort. Quantum Resistant Ledger (QRL), operating since 2018, already provides the protection that Bitcoin and Ethereum are racing to implement. Find answers to your questions, and learn about QRL's QRL 2.0 upgrade with EVM-compatible smart contracts on a quantum-secure base layer.
Last updated: February 16, 2026
⚠️ CRITICAL: The Quantum Threat Has Transitioned from Theory to Timeline
The quantum threat is operational, not theoretical. The physics has been proven: four independent teams on three continents have demonstrated that quantum error correction works. Scaling to cryptographically relevant quantum computers is now pure engineering. Nature (February 2026) confirms a "vibe shift" among researchers: usable quantum computers within a decade, not decades. Meanwhile, new QLDPC-based architectures (Iceberg Quantum Pinnacle Architecture, February 2026) have reduced the hardware threshold for breaking RSA-2048 from ~1 million to under 100,000 physical qubits, placing cryptographically relevant quantum computers squarely within near-term hardware roadmaps.
The Key Numbers
The $2.5 trillion cryptocurrency market rests on cryptographic foundations vulnerable to quantum attack. Global quantum investment reached $2 billion in 2024, with cumulative government commitments exceeding $54 billion worldwide. The reduction in physical-to-logical qubit overhead directly pulls the expected "Q-Day" (the moment of cryptographic collapse) closer to the current decade.
Logical Qubits Required for Cryptographic Attacks
Algorithm
Logical Qubits
Physical Qubits (est.)
Threat Level
ECDSA-256 (Bitcoin/Ethereum)
2,330 (minimum) - 6,500 (practical runtime)
~8 million
Approaching
RSA-2048
4,000-6,190
<100,000 (Pinnacle/QLDPC) to 4-8 million (surface code)
~6.9 million BTC in quantum-vulnerable addresses (25-30% of total supply)
Satoshi Nakamoto's estimated ~1 million BTC in P2PK addresses from 2009-2010
ALL P2PK addresses: Public keys directly visible on blockchain — no protection possible
ALL reused addresses: Public key permanently exposed after first spend
Taproot (P2TR): Reveals public key by default on-chain upon first receipt
Breaking News: February 2026 Quantum Computing Breakthroughs
The 2025 Nobel Prize validated quantum computing as established science. In 2026, the industry has shifted from "Quantum Advantage" to "QuOps" (error-free Quantum Operations) as the definitive metric for progress, reflecting a mature understanding that value comes from sustained operations, not raw qubit counts.
NEW
Nature Confirms "Vibe Shift" - Usable Quantum Computers Within a Decade
A major Nature news feature declares a "vibe shift" in quantum computing: researchers now believe useful quantum computers could arrive within 10 years, not decades. The article cites four teams - Google, Quantinuum, Harvard/QuEra, and USTC in China (Zuchongzhi 3.2) - that have demonstrated below-threshold quantum error correction, meaning logical error rates suppress exponentially as more qubits are added.
Key quotes:
- Dorit Aharonov (Hebrew University): "At this point, I am much more certain that quantum computation will be realized, and that the timeline is much shorter than people thought. We've entered a new era."
- Nathalie de Leon (Princeton): Describes the change as a "vibe shift" - "People are now starting to come around."
- Chao-Yang Lu (USTC): Expects a fault-tolerant quantum computer by 2035.
For Crypto: Four independent teams across three continents have now proven the fundamental physics of error correction works. The remaining challenge is engineering and manufacturing - a challenge with predictable scaling curves and massive investment behind it.
Iceberg Quantum Pinnacle Architecture Reduces RSA-2048 Breaking Requirement to Under 100,000 Physical Qubits
Iceberg Quantum (Sydney-based startup, $6M seed round) published the Pinnacle Architecture, a fault-tolerant quantum computing design using quantum LDPC codes instead of surface codes. Under standard hardware assumptions (physical error rate of 10⁻³, code cycle time of 1 µs, reaction time of 10 µs), the architecture factors RSA-2048 with fewer than 100,000 physical qubits - an order of magnitude below the previous best estimate of ~1 million (Gidney 2025).
How it works: The architecture uses three modular components: (1) Processing Units built from bridged QLDPC code blocks (specifically generalized bicycle codes) that encode 14 logical qubits in ~860 physical qubits at distance 16 - compared to 1 logical qubit in ~511 physical qubits for a surface code at the same distance; (2) Magic Engines that simultaneously produce and consume magic states for a continuous pipeline of T gates; and (3) Memory blocks for efficient qubit storage with parallel read access. A novel technique called Clifford frame cleaning enables flexible parallelism across processing units.
Key numbers for RSA-2048 factoring:
- Minimum qubits config: 97,000 physical qubits, ~1 month runtime
- Faster config: 151,000 physical qubits, ~1 week runtime
- Trapped ions: 3.1 million physical qubits, ~1 month runtime
Why This Matters for Crypto: Previous estimates assumed surface codes requiring ~1 million physical qubits for RSA-2048, placing CRQC capabilities beyond near-term hardware roadmaps. QLDPC codes compress this by 10x. Iceberg is already partnering with PsiQuantum (photonics), Diraq (spin qubits), and IonQ (trapped ions), all of which project systems of this scale within 3-5 years. While these results are based on simulations and theoretical resource estimates (not experimental demonstrations), they fundamentally reset the hardware threshold for cryptographically relevant quantum computing.
Important caveat: The paper does not address ECDSA/secp256k1 directly - the RSA result demonstrates the architecture's efficiency. Applying similar QLDPC-based architectures to elliptic curve cryptanalysis could yield comparable overhead reductions, potentially bringing the physical qubit requirement for Bitcoin key-breaking well below current 8 million estimates.
QuTech Achieves First-Ever Readout of Majorana Qubits (Nature)
Researchers at QuTech (Delft) and ICMM-CSIC (Madrid) demonstrated the first single-shot, real-time readout of quantum information stored in Majorana-based topological qubits, published in Nature. Using quantum capacitance as a global probe, the team distinguished even/odd parity states of a minimal Kitaev chain with parity coherence exceeding one millisecond.
Why This Matters: Topological qubits (Microsoft's primary approach) store information non-locally across Majorana zero modes, making them inherently resistant to local noise - but this same property made reading them a long-standing challenge. This breakthrough solves the readout problem without compromising topological protection, establishing the measurement primitive needed for functional Majorana-based quantum computers.
QuTech QARPET Chip Benchmarks 1,058 Spin Qubits at 2 Million Qubits/mm²
QuTech (TU Delft) published the QARPET platform (Qubit-Array Research Platform for Engineering and Testing) in Nature Electronics - a crossbar-tiled chip architecture that can host up to 1,058 semiconductor spin qubits in a 23×23 grid, requiring only 53 control lines. The chip achieves a potential density of approximately two million qubits per square millimeter.
Why This Matters: Scaling quantum processors requires understanding statistical qubit properties across large arrays. QARPET brings semiconductor qubit testing in line with traditional chip industry practices, enabling hundreds of qubits to be characterized in a single cooldown. This platform accelerates the path to million-qubit semiconductor quantum computers, which leverage existing CMOS fabrication infrastructure.
Reed-Muller Codes Enable Full Clifford Group Without Ancilla Qubits
Researchers from Osaka, Oxford, and Tokyo demonstrated that high-rate quantum Reed-Muller codes can implement the full logical Clifford group using only transversal and fold-transversal gates - no ancilla qubits required. This is the first such construction for a code family where logical qubits grow nearly linearly with block length.
Why This Matters: This provides another pathway (alongside QLDPC codes) to reduce the overhead of fault-tolerant quantum computing. Eliminating ancilla requirements for Clifford gates means fewer physical qubits needed per logical operation, further compressing the hardware threshold for cryptographically relevant computations.
ePrint 2026/106 - Revised ECDSA Attack Estimates (Kim et al.)
New research significantly revises the quantum resource estimates for breaking Bitcoin's secp256k1 curve. Kim et al. present optimized quantum circuits for Shor's algorithm on elliptic curves that achieve up to 40% improvement in the qubit-count × depth product compared to all previous work, including Roetteler et al. (2017) and Häner et al. (2020).
The widely-cited "~2,330 logical qubits" was the qubit-minimized design with impractically long runtime. A practical attack (completing in ~2 hours) requires ~6,500 logical qubits and ~8 million physical qubits. Maximum circuit depth of 2^28 is well below NIST's MAXDEPTH constraint of 2^40.
The bottom line: Current quantum hardware (Quantinuum Helios: 98 physical qubits, 48 logical) is still far from this threshold, but company roadmaps targeting utility-scale quantum by 2029-2033 place this within reach in the next decade.
ETH Zurich Demonstrates First Lattice Surgery on Superconducting Qubits
Researchers at ETH Zurich and the Paul Scherrer Institute demonstrated lattice surgery on a 17-qubit superconducting processor - the first time this critical operation has been performed on superconducting qubits. Published in Nature Physics, the team used a distance-three surface code to split a single logical qubit into two entangled logical qubits while continuously correcting bit-flip errors.
Why This Matters: Lattice surgery is the operation for fault-tolerant quantum computing. As researcher Ilya Besedin explains: "One could say that the lattice surgery operation is the operation, and all the others can be constructed from it." This clears a major hurdle for scaling superconducting quantum computers - the dominant architecture pursued by IBM, Google, and USTC - toward fault-tolerant systems capable of running Shor's algorithm.
Stanford researchers published a breakthrough in Nature: a novel optical cavity array that efficiently captures photons from individual atoms, enabling parallel readout of all qubits simultaneously. The team demonstrated a working 40-cavity array and a 500+ cavity prototype, with a clear path to tens of thousands.
Why This Matters: One of the biggest barriers to million-qubit quantum computers has been qubit readout - atoms emit photons too slowly and in all directions. Stanford's microlens-equipped cavities solve this by efficiently funneling light from each atom into a specific direction, even with fewer light bounces. The researchers envision "quantum data centers" where individual quantum computers are linked through cavity-based network interfaces to form quantum supercomputers.
Alice & Bob "Elevator Codes" Slash Error Rates 10,000x
Alice & Bob, the French cat-qubit quantum computing company (NVIDIA partner), announced "Elevator Codes" - a new error correction technique that achieves a 10,000× lower logical error rate while requiring only ~3× more qubits. The technique works by "moving" logical ancilla qubits up and down during computation to provide additional bit-flip protection.
Why This Matters: Error correction overhead is the single biggest obstacle to building useful quantum computers. Standard approaches require massive numbers of physical qubits per logical qubit. Alice & Bob's cat qubits are naturally protected against one error type (bit-flips); these elevator codes multiply that protection at minimal cost, potentially making useful quantum computers feasible much sooner than expected.
Ultra-Fast Photonic Phase Modulator for Quantum Computing (JMU Würzburg)
German researchers at Julius Maximilian University of Würzburg developed an ultra-fast, ultra-low-loss optical phase modulator by integrating ferroelectric barium titanate crystals into III-V photonic platforms. Backed by €6.6 million in federal funding, the chip controls light signals at extremely high speeds with almost no losses.
Why This Matters: Quantum photonic circuits require components that combine very high speed with extremely low optical losses - even tiny losses collapse quantum states. This modulator could speed up the transition of quantum photonics from laboratory experiments to practical, large-scale technologies.
USTC Zuchongzhi 3.2 Joins Below-Threshold QEC Club
China's University of Science and Technology (USTC) demonstrated fault-tolerant quantum error correction below the surface code threshold using the 107-qubit Zuchongzhi 3.2 processor. Published as an Editors' Suggestion in Physical Review Letters, the team achieved an error suppression factor of Λ = 1.40 using a distance-7 surface code - proving their system operates below the critical error threshold.
The fourth team: This makes USTC the fourth team worldwide (after Google, Quantinuum, and Harvard/QuEra) to achieve below-threshold QEC, and the first outside the United States. Their novel all-microwave leakage suppression architecture suppressed leakage population by a factor of 72× - and crucially, it reduces wiring density inside the dilution refrigerator, offering a scalability advantage.
Ubuntu 26.04 LTS Ships with Post-Quantum Cryptography by Default
Ubuntu 26.04 LTS ("Resolute Raccoon," releasing April 23, 2026) will ship with post-quantum cryptography enabled by default in OpenSSH and OpenSSL, using hybrid post-quantum algorithms. This marks the first major Linux distribution to make PQC the default for all encrypted communications.
Why This Matters for Crypto: When the world's most popular server operating system makes PQC the default, it signals that the post-quantum transition is no longer theoretical - it's shipping in production infrastructure. Bitcoin and Ethereum still use quantum-vulnerable ECDSA as their sole signature scheme. The contrast is stark: Linux servers protecting SSH connections with hybrid PQC while billions in crypto remain protected only by secp256k1.
Los Alamos National Laboratory Establishes Center for Quantum Computing
Los Alamos National Laboratory formed a dedicated Center for Quantum Computing, consolidating up to three dozen quantum researchers across national security, algorithms, computer science, and workforce development. The center supports DARPA's Quantum Benchmarking Initiative, the DOE's Quantum Science Center, and NNSA's Beyond Moore's Law project.
PQC Signature Upgrades Alone Cannot Support Coherent Bitcoin Migration
A new preprint by Michael Strike (Quantum Compliance, LLC) formally demonstrates that post-quantum digital signature algorithms alone are insufficient to support a coherent migration of Bitcoin under its existing protocol semantics. Rather than evaluating specific cryptographic constructions or governance mechanisms, the analysis focuses on structural constraints arising from Bitcoin's definitions of ownership, validity, and consensus as originally specified by Nakamoto.
The core finding: By holding Bitcoin's fundamental assumptions fixed - signature-defined ownership, immutable ledger history, and independent node validation - the paper characterizes a protocol-semantic constraint showing that certain migration objectives cannot be simultaneously satisfied without modifying underlying consensus semantics. The analysis is non-temporal (it does not depend on when a CRQC arrives) and does not propose specific migration mechanisms.
Why This Matters: This formalizes what the practical migration analysis already suggests - that Bitcoin's quantum migration challenge is not merely a cryptographic problem (swap ECDSA for Dilithium) but a fundamental protocol-design problem. Even with perfect PQC algorithms, Bitcoin's ownership model creates migration constraints that cannot be resolved without consensus-level changes. This adds formal rigor to the "defensive downgrade" thesis.
QLDPC codes rewrite the playbook: Iceberg Quantum's Pinnacle Architecture shows RSA-2048 can be broken with under 100,000 physical qubits using QLDPC codes - 10x fewer than surface code estimates. Hardware partners PsiQuantum, Diraq, and IonQ project systems of this scale within 3-5 years.
Four teams below threshold: Google, Quantinuum, Harvard/QuEra, and USTC have all independently demonstrated below-threshold QEC. Two years ago, zero had.
Topological qubits take a leap: QuTech demonstrated the first-ever readout of Majorana qubits via quantum capacitance (Nature), solving a decade-old experimental challenge. Microsoft's topological approach gains credibility.
Lattice surgery demonstrated: ETH Zurich performed the first lattice surgery on superconducting qubits - the critical missing operation for fault-tolerant computing.
Error correction economics transforming: Alice & Bob's Elevator Codes (10,000× error reduction for 3× more qubits), IonQ's Beam Search Decoder (17× error reduction), and Reed-Muller codes eliminating ancilla overhead are changing the cost equation from multiple directions simultaneously.
Million-qubit scaling path visible: Stanford's cavity-array microscope demonstrates parallel qubit readout at scale. QuTech's QARPET benchmarks 1,058 spin qubits at 2M/mm² density. Path to 100,000+ qubits now engineering, not physics.
Infrastructure moving: Ubuntu 26.04 ships PQC by default. Los Alamos consolidates quantum center. PsiQuantum appoints AMD/Xilinx veteran as CEO for deployment phase. DARPA Stage B has 11 companies. 2026 is the year quantum moves from labs to deployment.
Japanese startup blueqat displayed the first domestically developed semiconductor quantum computer at SEMICON Japan 2025, using single-electron transistors on silicon at 0.3 Kelvin-significantly warmer than superconducting systems.
Why This Matters: Cost under ¥100M (~$670K USD)-1/30th the price of superconducting systems. Power: 1,600W vs. tens of kilowatts. Compatible with standard CMOS manufacturing. Desktop form factor.
The Threat Acceleration: Silicon quantum computing leverages existing semiconductor fabs, potentially achieving "Moore's Law economics"-costs falling with volume, yields improving with iteration. This could dramatically compress timelines to CRQC capabilities. Target: 100 qubits by 2030.
MIT Achieves Scalable Chip-Based Trapped Ion Cooling
MIT and Lincoln Laboratory demonstrated polarization-gradient cooling on photonic chips-cooling ions 10x below the Doppler limit in 100 microseconds using integrated nanoscale antennas.
Why This Matters: Traditional trapped-ion systems require bulky external optics, limiting scaling to dozens of ions. Chip-based integration enables thousands of ion sites on a single chip with improved stability. This removes a critical barrier to scaling trapped-ion quantum computers-a leading architecture for achieving the qubit fidelities needed for cryptographic attacks.
Equal1 raised $60M for its Bell-1 silicon quantum server-already shipping to ESA's Space HPC Centre. Rack-mounted, datacenter-ready, no dilution refrigerators required. Uses standard semiconductor manufacturing.
Timeline Compression: Leveraging existing fabs enables semiconductor economics (costs fall with volume). Already in production while other architectures remain in lab. This commercialization path could accelerate CRQC timelines.
Year of Quantum Security (YQS2026) - Threat Declared Operational
FBI, CISA, and NIST launched the "Year of Quantum Security 2026" initiative in Washington D.C., declaring the quantum threat has transitioned from theoretical to operational. Federal agencies face mandates to complete cryptographic transitions by 2035-requiring immediate action since infrastructure upgrades take 5-7 years.
The "Harvest Now, Decrypt Later" Crisis: Adversaries are actively intercepting and storing encrypted blockchain transactions today for future quantum decryption. Any data with a shelf life beyond "Q-Day" is effectively compromised now if intercepted.
Critical Math: If Q-Day is 8 years away (2034) and migration takes 5-7 years, organizations starting today are "barely on time." Bitcoin and Ethereum have not begun mandatory migration.
Quantinuum Files for $20B+ IPO - The "Netscape Moment"
Quantinuum filed confidential IPO registration targeting $20+ billion valuation. Analysts call this quantum's "Netscape moment"-institutional capital now views quantum as commercially viable, not speculative research.
Timeline Acceleration: Public markets provide capital for rapid scaling, talent acquisition, manufacturing. Quantinuum demonstrated 100 reliable logical qubits in 2025 with error rates 800x lower than physical qubits-proof of commercial viability.
NEW
2026 Timeline Compression: All Barriers Falling Simultaneously
Silicon Economics: blueqat ($670K systems), Equal1 (shipping now), Intel/AIST partnerships leverage existing fabs-potential "Moore's Law" scaling for qubits.
Error Correction Solved: 120 QEC papers (2025) vs. 36 (2024). IonQ Beam Search (17x error reduction), Japanese near-theoretical accuracy. Critical bottleneck eliminated.
Commercial Capital: Quantinuum $20B+ IPO, D-Wave $550M acquisition, Equal1 $60M. Research grants → commercial markets = exponential acceleration.
Physics Risk Gone: Google Willow proved below-threshold error correction. Scaling to millions of qubits is now pure engineering.
Expert Consensus Shifting: Conservative "2035+" timelines increasingly questioned. Multiple paths to CRQC validated simultaneously.
D-Wave Acquires Quantum Circuits for $550M, Targets 2026 Gate-Model Launch
D-Wave acquired Quantum Circuits Inc. ($550M: $300M stock, $250M cash), combining annealing and error-corrected gate-model technologies. Dr. Rob Schoelkopf (inventor of transmon and dual-rail qubits, Yale professor) joins to lead gate-model development.
Key Milestone: D-Wave demonstrated "scalable, on-chip cryogenic control" for gate-model qubits-industry-first breakthrough removing a major scaling obstacle. First dual-rail system planned for general availability in 2026.
What This Means: Only company with both annealing (optimization) and gate-model (cryptography-relevant) capabilities. Brings gate-model to market years ahead of previous projections.
International team published comprehensive Nature Photonics review showing quantum structured light has progressed from experimental curiosity to compact chip-based technologies. High-dimensional photons enhance quantum communication security and computing efficiency.
Practical Impact: Holographic quantum microscopes for biological imaging, extremely sensitive quantum sensors now viable. Field reaching turning point for commercial deployment.
IonQ's new Beam Search Decoder achieves 17x reduction in logical error rate and 26x faster runtime, executing in under 1 millisecond on a standard CPU. IonQ estimates three 32-core CPUs could correct 1,000 logical qubits, versus 1,000 FPGA decoders for equivalent superconducting systems.
The QEC Report 2025 identified real-time decoders as the critical remaining bottleneck. IonQ's decoder directly addresses this, de-risking their 2028 roadmap target of 1,600 logical qubits. Their 2030 target of 40,000-80,000 logical qubits would far exceed the ~2,330 threshold.
Japanese Team Achieves Error Correction Near Theoretical Limit
University of Tokyo researchers published a breakthrough in npj Quantum Information demonstrating error correction approaching the "hashing bound", the theoretical maximum. The method maintains accuracy even as system size grows, removing a major obstacle to scaling quantum computers to the sizes needed for cryptographic attacks.
A Nature Physics paper from University of Tokyo proves fault-tolerant quantum computation can achieve constant space overhead and polylogarithmic time overhead simultaneously, meaning qubit requirements don't scale exponentially with problem difficulty. This strengthens the theoretical foundation for practical cryptographic attacks at the scale needed.
D-Wave announced the industry's first scalable, on-chip cryogenic control for gate-model qubits, solving the problem where control-line complexity previously scaled unmanageably with qubit count. D-Wave's stock has risen from under $1 to nearly $31 over two years.
The 2025 Nobel Prize in Physics went to John Clarke (UC Berkeley), Michel Devoret (Yale/Google Quantum AI), and John Martinis (UCSB/Qolab) for demonstrating macroscopic quantum tunneling in superconducting circuits, the foundation of today's quantum processors. Martinis led Google's quantum supremacy demonstration. The Nobel committee explicitly cited "quantum computers" as an application.
Silicon Quantum Computing (Sydney) published an 11-qubit processor in Nature achieving 99.99% single-qubit and 99.90% two-qubit gate fidelities, crossing the threshold for practical error correction. Coherence times reached 660 milliseconds. Silicon qubits can leverage existing semiconductor manufacturing, enabling industrial-scale production.
Scalable Optical Modulator for Trapped-Ion Systems
University of Colorado and Sandia Labs published a CMOS-fabricated optical phase modulator in Nature Communications, 80x more power-efficient than alternatives. This removes a scaling barrier for trapped-ion systems (IonQ, Quantinuum), enabling mass-producible control hardware for their high-fidelity qubits.
Researchers achieved 99.999% success rates for Shor's quantum factoring algorithm across over one million test cases, up from unreliable single-digit percentages in traditional implementations. The paper explicitly notes this is designed for "quantum cryptanalysis." One execution now suffices where thousands were previously needed.
Dutch company QuantWare unveiled the VIO-40K: 10,000 physical qubits via 3D chiplet architecture with NVIDIA integration. Shipments begin 2028 at ~€50 million per chip. They're also building Kilofab, one of the largest quantum fabrication facilities planned.
10,000 physical qubits represents significant scaling progress, though fault-tolerant logical qubit yields depend on achieved error rates and code distance. At current error rates, this might yield tens of logical qubits; with improved fidelity, potentially more.
Photonic Inc. released the first resource estimates for running Shor's algorithm on networked quantum computers, accounting for distributed computation costs. Previous estimates assumed monolithic systems. Attackers can network smaller systems together rather than building one massive machine.
Tsinghua University achieved 78,400 optical tweezer spots using a single metasurface (nearly 10x current limits). Optical tweezers trap atoms in neutral-atom quantum computers (the platform holding the 6,100-qubit record). This shows the path to 100,000+ qubit systems.
Google Quantum AI demonstrated quantum computers that learn from their own errors and continuously self-calibrate. The reinforcement learning system achieved 3.5x improvement in error rate stability and 20% beyond human-expert tuning, managing over 1,000 control parameters. This enables sustained computation over the extended periods required for Shor's algorithm.
Published in Nature, Caltech created the largest qubit array ever: 6,100 neutral cesium atoms with 13-second coherence times (10x previous records) and 99.98% manipulation accuracy. The researchers stated they're "close to a truly scalable platform." Scaling is now an engineering problem, not physics.
Japan announced a 600km quantum-encrypted fiber network linking Tokyo, Nagoya, Osaka, and Kobe. Operational 2027, full deployment 2030. Purpose: defend financial and diplomatic communications against harvest-now-decrypt-later attacks. Investment: tens of billions of yen. Nation-states are preparing; Bitcoin has no quantum protection.
Tsinghua Demonstrates Quantum Factoring on Hardware
Tsinghua University factored N=35 on a superconducting quantum computer using optimized Regev's algorithm, reducing space complexity to O(n log n) (the theoretical minimum). This is a direct demonstration of quantum cryptographic attacks on real hardware.
IBM and Cisco announced plans to network fault-tolerant quantum computers. Proof-of-concept by early 2030s, "quantum internet" by late 2030s. Networked systems can combine computational power, reducing the single-machine requirements for cryptographic attacks.
Riverlane's 2025 report (25 experts including Nobel laureate John Martinis): 120 QEC papers in 2025 vs 36 in 2024. All major qubit types crossed 99% two-qubit fidelity. Seven error correction codes now have working hardware. Critical bottleneck identified: 1μs real-time decoders. IonQ's January 2026 decoder addresses this.
Published in Nature Communications: first quantum teleportation between photons from distinct semiconductor sources with >70% fidelity. Previously maintained entanglement across 36km of urban fiber. Enables distributed quantum computing across geographic distances.
IonQ acquired Skyloom Global (90 Space Development Agency-qualified optical terminals deployed). IonQ is simultaneously building cryptographically-relevant quantum computers (1,600 logical qubits by 2028, 40,000-80,000 by 2030) and global infrastructure to connect them.
Published in Nature: first complete, scalable fault-tolerant architecture using 448 neutral atoms with 2.14x below-threshold error correction, meaning errors decrease as more qubits are added. Senior author Mikhail Lukin (Harvard): "This big dream...is really in direct sight."
Published in Science: strontium titanate demonstrates 40x stronger electro-optic effects than lithium niobate at cryogenic temperatures. Compatible with semiconductor fabrication for wafer-scale production. Better materials mean better qubit control and lower error rates.
Published in Nature Communications: quantum entanglement sustained over 2,000-4,000 km (200-400x improvement). Distributed quantum systems can combine power across continental distances, reducing single-machine requirements.
Published in Nature: quantum coherence exceeding 1 millisecond (15x industry standard). Compatible with existing Google/IBM processors. Researchers: "By end of decade we will see scientifically relevant quantum computer."
Quantinuum announced Helios: 98 physical qubits with 99.921% two-qubit gate fidelity (the highest in the industry). They demonstrated 48 "logical qubits" using the Iceberg code at a 2:1 encoding ratio, achieving "better than break-even" performance where encoded qubits outperform unencoded ones.
Important context: The Iceberg code is distance-2, meaning it can detect errors but not correct them. Fault-tolerant logical qubits for Shor's algorithm require higher-distance codes with hundreds to thousands of physical qubits each. Helios represents significant progress in fidelity, but the path to cryptographically-relevant quantum computing still requires major scaling.
IBM released Nighthawk (120 qubits) and Loon (112 qubits) processors with all hardware elements for fault-tolerant computing. Roadmap: Starling (2029, 200 logical qubits), Blue Jay (2033, 2,000 logical qubits). The ~2,330 threshold falls between these milestones.
University of Oxford physicists achieved a single-qubit error rate of 0.000015% (99.999985% fidelity), using electronic microwave signals to control trapped calcium ions at room temperature. This is nearly an order of magnitude better than previous records.
Microsoft unveiled a family of four-dimensional geometric codes that achieved a 1,000-fold reduction in error rates while requiring 5x fewer physical qubits per logical unit. This directly compresses the timeline to cryptographically relevant quantum computers by reducing physical qubit overhead.
Seven independent areas of progress are converging faster than anticipated, with each breakthrough compounding the others to accelerate the timeline toward cryptographically-relevant quantum computers.
1. Stability: How Long Qubits Stay Usable
Qubits need to stay "alive" long enough to perform calculations. Recent advances extended this from microseconds to milliseconds, a thousand-fold improvement.
Recent advances:
- Caltech 6,100-Qubit Array (September 2025): 13-second coherence times, nearly 10x longer than previous similar arrays
- SQC 11-Qubit Processor (December 2025): 660ms nuclear spin coherence with Hahn echo refocusing
- Princeton 1ms Coherence (November 2025): 15x industry standard, 1,000x potential system improvement
- Stanford Strontium Titanate (November 2025): 40x stronger electro-optic effects at cryogenic temperatures, enabling better qubit control
Current records: neutral atoms (6,100 Caltech research; 1,600 Infleqtion commercial; 1,180 Atom Computing), superconducting (156 IBM Heron, 105 Google Willow), trapped ions (98 Quantinuum Helios). With hundreds to thousands of physical qubits needed per fault-tolerant logical qubit (surface codes), or under 100,000 via QLDPC codes, significant scaling is advancing rapidly.
Recent advances:
- QuTech QARPET (February 2026): 1,058 spin qubits at 2 million qubits/mm² density in crossbar architecture
- QuantWare VIO-40K (December 2025): 10,000-qubit processor shipping 2028
- Tsinghua Metasurface (December 2025): 78,400 optical tweezers demonstrated
- Caltech 6,100-Qubit Array (September 2025): Current neutral atom record
- Harvard/MIT/QuEra 448-Atom System (November 2025): Complete fault-tolerant architecture
- IBM Nighthawk/Loon (November 2025): 120/112 qubits with fault-tolerant features
4. Reliability: Making Systems More Stable as They Grow
Old problem: Adding more qubits made systems less reliable. New breakthrough: Systems now become more reliable as they scale up. This reverses a 30-year problem and makes large quantum computers actually buildable.
Recent advances:
- IonQ EQC (October 2025): 99.99% two-qubit gate fidelity (world record "four nines"), error rate 8.4×10⁻⁵ per gate, maintained without ground-state cooling. Basis for planned 256-qubit systems in 2026
- Infleqtion Sqale (September 2025): 12 logical qubits with error detection, first execution of Shor's algorithm with logical qubits, 1,600 physical qubits demonstrated
- Google RL-QEC (November 2025): 3.5x improvement in logical error rate stability using reinforcement learning; 20% beyond human-expert tuning
- SQC 11-Qubit Processor (December 2025): 99.90% two-qubit gate fidelity, 99.99% single-qubit fidelity in silicon
- QEC Report 2025 (November 2025): 120 peer-reviewed QEC papers in 2025 (vs. 36 in 2024); all major qubit types crossed 99% two-qubit gate fidelity
- Harvard/MIT/QuEra (November 2025): First complete fault-tolerant architecture with below-threshold performance
- Quantinuum Helios (November 2025): 99.921% gate fidelity (highest in industry)
7. Rational Design: Engineering Qubits to Specification
Moving from trial-and-error to computational design of quantum systems with predictable properties.
Recent advances:
- Wisconsin-Madison Asymmetric Rydberg Gate (December 2025): Modified π-2π-π protocol enables high-fidelity entangling gates without requiring strong Rydberg blockade, reaching within a factor of 1.68 of the fundamental lifetime limit. Enables long-range entanglement between neutral atoms, relaxing distance constraints for QLDPC code implementations.
- CU Boulder/Sandia Optical Modulator (December 2025): CMOS-fabricated acousto-optic phase modulator enabling scalable laser control for atom-based quantum computers
- Stanford Strontium Titanate (November 2025): Discovery of material optimized for cryogenic quantum operations
While Bitcoin and Ethereum scramble for solutions, centralized systems are already migrating. Banks, enterprises, and cloud providers are actively deploying post-quantum cryptography to meet regulatory deadlines. The technology is ready and the migration is underway.
NIST Finalized Standards (August 2024)
Standard
Algorithm
Basis
Use Case
FIPS 204 (ML-DSA)
CRYSTALS-Dilithium
Module-Lattice
Primary choice for general use
FIPS 205 (SLH-DSA)
SPHINCS+
Stateless Hash
Backup if lattices fail
FN-DSA
FALCON
NTRU-Lattice
Constrained environments
NSA CNSA 2.0 Requirements
New national security systems quantum-safe by January 1, 2027
Full phase-out of non-compliant systems by 2030
Performance trade-off: SLH-DSA (SPHINCS+) signing is 2,200x slower than ECDSA P256 on ARM architectures. This overhead drives Ethereum's planned gas limit increases.
Major Infrastructure Already Migrated
Cloudflare (October 2025): Over 50% of Internet traffic now protected with post-quantum encryption (the largest PQC deployment globally). Cloudflare's infrastructure serves millions of websites, demonstrating PQC works at scale without performance issues.
AWS and Accenture: Launched comprehensive enterprise migration framework serving financial institutions, governments, and Fortune 500 companies. Their multi-year phased approach addresses the reality that complete migration takes 3-5 years, which is why they started now for the 2030 deadline.
The Contrast
Centralized systems: Migrating now through coordinated infrastructure updates. AWS, Cloudflare, Microsoft, Google managing the complexity for their customers.
Bitcoin/Ethereum: Must coordinate millions of independent users, update billions in hardware wallets, achieve network consensus, and hope for 100% participation. A process requiring 5-10 years that hasn't even started.
The infrastructure exists. The migration is happening. Traditional finance is preparing. Cryptocurrency is not.
Bitcoin uses two different cryptographic systems with vastly different quantum vulnerabilities:
SHA-256 (Mining) - Quantum-Resistant: Grover's Algorithm provides only quadratic speedup. Would require hundreds of millions of qubits to meaningfully impact mining. Effectively quantum-proof.
ECDSA secp256k1 (Transaction Signatures) - Vulnerable: Shor's Algorithm provides exponential speedup. Requires ~2,330 logical qubits minimum (Roetteler 2017) or ~6,500 for practical runtime (~2 hours, Kim et al. 2026). Highly vulnerable to quantum computers.
Result: The blockchain ledger remains safe, but individual wallet balances can be stolen because the cryptographic signatures proving ownership are vulnerable.
Bottom Line: Approximately 30% of all Bitcoin (~5.9 million BTC) has permanently exposed cryptographic keys that attackers are already harvesting today for future decryption.
The Two-Stage Quantum Threat
The quantum threat arrives in two waves, with different capabilities and target dates:
Stage 1: CRQC-Dormant (2029-2032) - Break keys over hours to days using "Harvest Now, Decrypt Later". Target: ~5.9 million BTC in dormant/exposed wallets (1.9M BTC in P2PK, 4M BTC in reused addresses, all Taproot addresses). Requirements: ~6,500 logical qubits with extended computation time (~2 hours per key, per Kim et al. 2026).
Stage 2: CRQC-Active (2033-2038) - Break keys within Bitcoin's 10-minute block time. Target: ALL 19+ million BTC during any transaction. Requirements: ~23,700 logical qubits with depth-optimized circuits (~48 minutes per key), completing 126 billion operations in <10 minutes.
Company Targets: IonQ aims for 1,600 logical qubits by 2028. IBM targets 200 logical qubits by 2029 (Starling) and 2,000 by 2033 (Blue Jay). Google aims for error-corrected system by 2029. Quantinuum targets "hundreds" of logical qubits by 2030.
Key Risk: Traditional estimates assumed 1,000-10,000 physical qubits per logical qubit. Quantinuum has achieved 2:1 ratio. With networking capabilities, multiple smaller systems can now work together to achieve the same result.
Bitcoin Wallet Vulnerability Breakdown
Permanently Exposed (Harvest Now, Decrypt Later)
Pay-to-Public-Key (P2PK): 1.9 million BTC - Public key directly recorded in UTXO. No protection possible. Includes Satoshi Nakamoto's ~1 million BTC.
Reused Addresses (All Types): 4 million BTC - Public key revealed after first spend. Any remaining balance permanently at risk.
Pay-to-Taproot (P2TR): Growing amount - Address directly encodes public key upon receiving funds. Immediate exposure upon first receipt.
Total Permanently Exposed: ~5.9 million BTC (28-30% of circulating supply). Pieter Wuille (Bitcoin Core developer) estimated ~37% in 2019.
Temporarily Exposed (10-60 Minute Window)
Fresh P2PKH, P2WPKH, P2SH, P2WSH: Only vulnerable during transaction (10-60 minutes in mempool).
Current safety: Safe until first use.
Attack requirement: Full Shor's algorithm execution in <10 minutes.
Protection: Never reuse addresses (but once exposed, protection is lost forever).
Government Warnings and Mandates
U.S. Federal Quantum Security Mandates
The U.S. government has issued comprehensive directives requiring transition to post-quantum cryptography across all federal systems and regulated industries.
NIST Post-Quantum Standards
August 2024
Published three quantum-resistant algorithms: ML-KEM (Kyber), ML-DSA (Dilithium), SLH-DSA (SPHINCS+).
2030:ECDSA deprecated - discouraged for new systems
2035:ECDSA prohibited - banned from all federal systems
Now - 2030:All agencies must begin migration planning
Impact Analysis: ECDSA, including secp256k1, is the cryptographic foundation of Bitcoin and Ethereum. The U.S. government will officially classify this cryptography as insecure by 2035. These mandates will force governments and regulated institutions worldwide to prohibit holding or transacting these assets unless Bitcoin and Ethereum complete their complex multi-year upgrade process by these deadlines.
CNSA 2.0 mandates immediate planning for National Security Systems with specific algorithm requirements. High-value and long-lifetime assets must be prioritized. Complete transition by 2035.
The Federal Reserve explicitly warned that quantum computers pose an existential threat to cryptocurrency security. Nation-states are actively pursuing "Harvest Now, Decrypt Later" attacks. Current blockchain cryptography will be completely broken. Historical transaction data will be exposed. No major cryptocurrency is currently protected.
Adversaries are already collecting encrypted blockchain data today, planning to decrypt it once quantum computers become available. The Federal Reserve confirmed in October 2025 that these attacks are happening now, not in the future.
Why This Matters
Past transactions can never be secured retroactively - blockchain immutability makes this impossible
Privacy is compromised NOW, not in the future - your transaction history is already harvested
Every transaction made today is potentially vulnerable tomorrow when quantum computers arrive
Approximately 30% of all Bitcoin (~5.9 million BTC) has permanently exposed public keys waiting to be broken
No software update can protect these coins - they are mathematically doomed
Who's at Risk?
Satoshi Nakamoto's ~1 million BTC in Pay-to-Public-Key addresses
Anyone who has ever reused a Bitcoin address (4 million BTC exposed)
All Taproot (P2TR) address holders - keys exposed immediately upon receiving funds
High-value dormant wallets with no way to migrate to quantum-safe addresses
Future: Every Bitcoin and Ethereum user once quantum computers can break keys in 10 minutes
The Urgency Cannot be Overstated
Why 2026 is Critical
NIST mandates beginning migration in 2026 to have any hope of completing before quantum computers arrive. The math is brutal:
Quantum computers: 2029-2032 (converging timeline from IBM, Google, IonQ, Quantinuum)
Bitcoin upgrade process: 4-7 years minimum (SegWit took 2+ years just for consensus)
NIST deadline: 2030 deprecation, 2035 prohibition
Conclusion: Bitcoin needed to start 2-3 years ago
The Window is Closing
Every day without action makes the situation worse:
More transactions become vulnerable to HNDL attacks
The coordination challenge grows across millions of users
The migration window narrows while quantum computers improve exponentially
The risk increases that quantum computers arrive before migration completes
Adversaries continue collecting encrypted data for future decryption
The Migration Challenge
Bitcoin: 76-568 days of block space required for migration. Needs governance consensus (SegWit wars took years). $700+ billion in exposed value. Must begin by 2026 to complete by 2035.
Ethereum: ~65% of all Ether currently exposed to quantum attacks. Quantum-resistant signatures are 37-100x larger (massive gas cost increases). Target: 2027 for Ethereum 3.0 with quantum resistance features.
Technical Challenge: No consensus on which quantum-resistant algorithm to use. Needs coordination of millions of users. Faces signature size complexity (40-70x larger). Racing against accelerating quantum timeline.
The QRL Difference
While Bitcoin and Ethereum face existential quantum threats and scramble for solutions, QRL has been quantum-secure since day one. Launched June 26, 2018 - mainnet operational for 7+ years. Using NIST-approved XMSS signatures (standardized 2020). Multiple external security audits (Red4Sec, X41 D-Sec). Already meets NIST 2030/2035 deadlines. Find out more.
No emergency scrambling. No panic-driven retrofits. No vulnerable past. Planned evolution when ready.
The Three Quantum Threats to Cryptocurrency
Quantum computing threatens cryptocurrency through three distinct attack vectors, each with different timelines and targets.
Bitcoin faces an impossible governance decision regarding the ~1 million BTC in Satoshi Nakamoto's P2PK wallets and other permanently-exposed addresses.
Approximately 5.9 million BTC (~$718 billion) have permanently exposed public keys that cannot be protected by any software update. These include Satoshi's ~1 million BTC, early miner rewards, and all addresses that have ever been reused.
Option 1: Do Nothing
Attackers steal billions in Bitcoin, devastating market confidence and creating the largest theft in history. Early adopters who secured the network lose everything.
Proponents: Those who believe property rights are absolute and the market should handle the fallout
Option 2: Freeze/Burn Exposed Coins
Violates Bitcoin's core principle of immutability. Sets precedent for future confiscation. Potentially illegal seizure of property. Could face legal challenges.
Proponents: Those who prioritize network security over individual property rights
Option 3: Force Migration with Deadline
Coins that don't move to quantum-safe addresses by deadline are frozen. But owners of lost keys, deceased holders, and long-term cold storage cannot comply.
Proponents: Those seeking a middle ground that preserves what can be saved
There is no good answer. Every option violates fundamental principles Bitcoin was built upon. The debate will likely split the community and could result in chain forks with different approaches. A February 2026 preprint by Strike formalizes this further, demonstrating that even with perfect PQC algorithms, Bitcoin's protocol semantics create migration constraints that cannot be resolved without modifying underlying consensus rules. The problem is structural, not merely cryptographic.
Beyond direct theft, quantum computing creates systemic risks that threaten cryptocurrency adoption and legitimacy.
Institutional Perception Risk
Even before quantum computers can break crypto, institutions may divest based on perceived future risk. Insurance companies, pension funds, and regulated entities face fiduciary duties that may prohibit holding assets with known future vulnerabilities.
Impact: Price collapse from institutional selling could occur years before actual quantum attacks.
Timeline: Could begin any time as awareness grows; accelerates as NIST 2030 deadline approaches
Quantum Archaeology
All historical blockchain data is public and immutable. When quantum computers arrive, every transaction ever made can be analyzed. Transaction graph deanonymization becomes trivial.
Impact: Complete privacy collapse for all historical Bitcoin/Ethereum activity. Every wallet, every transaction, every flow of funds exposed.
Timeline: Inevitable once Shor's algorithm is practical; cannot be prevented retroactively
Geopolitical Competition
Nation-states are racing to achieve quantum supremacy. China, US, EU investing billions in quantum computing. First nation to achieve cryptographically-relevant quantum computing gains massive strategic advantage.
Impact: Quantum capability could be used for economic warfare, targeting adversary financial systems including cryptocurrency.
Timeline: Multiple nations expected to achieve CRQC by 2030-2035
The Bitcoin community is actively debating how to implement quantum resistance, with BIP-360 as the leading proposal.
BIP-360: Pay to Quantum Resistant Hash (P2QRH)
Author: Hunter Beast
Status: Draft - Under active discussion
Introduces new address types using NIST-approved post-quantum signatures (ML-DSA, SLH-DSA, FALCON)
P2QRH (Pay to Quantum Resistant Hash): New address type for quantum-resistant transactions
P2TSH (Pay to Taproot Script Hash): Taproot-compatible quantum-resistant scripts
Backward compatible soft fork approach
Phased migration timeline
Challenges
Signature size: PQC signatures are 40-100x larger than ECDSA (gas cost explosion)
Block space: Migration of all UTXOs requires 76-568 days of block space
Consensus: No agreement on which algorithm to use (ML-DSA vs FALCON vs SLH-DSA)
Timeline: Process requires 4-7 years but quantum computers may arrive in 3-6 years
Exposed coins: No solution for permanently-exposed P2PK and reused addresses
Expert Opinions
Charles Edwards (Capriole)
Advocates for 2026 deployment; suggests coins that don't migrate to BIP-360 could be "burned" by 2028. Warns of 20-30% of Bitcoin being vulnerable to quantum attackers.
Adam Back (Blockstream)
Argues the quantum threat is "decades away" and pushes back against urgency, noting Bitcoin doesn't use encryption in the way many understand.
Jameson Lopp (Casa)
Agrees quantum isn't an immediate threat but estimates a full transition to quantum-resistant signatures would take 5-10 years to implement.
Willy Woo
Notes Taproot usage has fallen from 42% of transactions in 2024 to 20%, stating he's "NEVER seen the latest format losing adoption before."
Ethereum is pursuing quantum resistance through planned protocol upgrades, with key milestones in 2026.
Glamsterdam (H1 2026)
Gas limit increase from 60 million to potentially 200+ million to accommodate larger post-quantum signatures. Parallel transaction processing for improved scalability. ZK proof validation: validators move from re-running transactions to verifying ZK proofs.
Quantum Relevance: Gas limit expansion directly enables post-quantum signature deployment; ZK proof validation is a foundational step toward quantum-resistant execution
Status: Targeting H1 2026
Hegota (H2 2026)
Enshrined Proposer-Builder Separation (ePBS): decentralizes block production to defend against quantum-equipped actors dominating the proposer market. 128-bit provable security as foundation for institutional-grade financial applications.
Quantum Relevance: ePBS prevents quantum-advantage actors from monopolizing block production; 128-bit security provides quantum-resistant foundation
Status: Planned for H2 2026
ZK-STARKs for Quantum Resistance
Ethereum is prioritizing ZK-STARKs (based on hash functions) over ZK-SNARKs (based on elliptic curves) because STARKs are quantum-resistant. As Ethereum Foundation researcher George Kadianakis noted: "A soundness issue in ZK-EVMs is catastrophic: if an attacker can forge a proof, they can mint tokens from nothing."
Quantum Relevance: ZK-STARKs provide quantum-resistant zero-knowledge proofs, eliminating elliptic-curve assumptions from the proving system
Status: Active development
Advantages
Gas limit increases accommodate larger PQC signatures without breaking the fee market
The transition to quantum-resistant cryptography is inevitable. The question is not if but when, and whether migration can complete before attacks begin. Projects built quantum-safe from the start (QRL) avoid this risk entirely. Those facing migration (Bitcoin, Ethereum) are in a race against time with uncertain outcomes.
Expert Timeline Predictions
Nature Feature (Feb 2026)
"Vibe shift" - usable quantum computers within a decade. Four teams now below QEC threshold.
Dorit Aharonov (Hebrew University)
"We've entered a new era...the timeline is much shorter than people thought" (Feb 2026)
Fred Chong (U Chicago, ACM Fellow)
"We're very comfortably in era of escape velocity. Building a big useful quantum computer is no longer a physics problem but an engineering problem."
Scott Aaronson (UT Austin)
2025 "met or exceeded" expectations. Compares PQC migration urgency to Frisch-Peierls memo of 1940.
Charles Edwards (Capriole)
"Quantum Event Horizon" is 2-9 years away
Adam Back (Blockstream)
Meaningful threat 20-40 years away
Michele Mosca (Waterloo)
1-in-7 probability public-key cryptography broken by 2026
Chainalysis
5-15 years before quantum computers could break current standards
Alice & Bob CEO (Nvidia partner)
Quantum computers powerful enough to crack Bitcoin "a few years after 2030"
Chao-Yang Lu (USTC)
Expects fault-tolerant quantum computer by 2035
Infleqtion (September 2025)
First execution of Shor's algorithm on logical qubits; targeting 1,000 logical qubits by 2030. Going public on NYSE as INFQ.
IonQ Roadmap
99.99% two-qubit gate fidelity in lab; 256-qubit system planned 2026; 1,600 logical qubits by 2028; targeting 2 million physical qubits by 2030