Last updated: June 2, 2026
Microsoft unveiled Majorana 2, a topological qubit it says is roughly 1,000x more reliable than its predecessor, holding quantum information for about 20 seconds rather than microseconds. On that strength Microsoft now expects a scalable quantum computer by 2029, halving its previous timeline and putting another major lab's target in the same 2029-2030 window as Google.
A new paper from Schrottenloher gives public quantum circuits for attacking secp256k1, the exact curve securing Bitcoin and Ethereum, matching recent work that cut the attack's qubit and gate cost by two to three times. The algorithmic cost of the attack keeps falling alongside the hardware progress.
The DOE issued an RFI for a fault-tolerant system of 150-250 logical qubits by 2028. A national government is now treating an error-corrected machine as something to buy, not a distant research goal.
IonQ opened a 22,000-square-foot R&D lab in Boulder for semiconductor ion-trap chips, with its first system expected by late 2026. Its roadmap projects a cryptographically relevant quantum computer as early as 2028.
Q-CTRL and IBM reported a 3,000x speedup on a 120-qubit Fermi-Hubbard simulation using runtime error suppression. Today's pre-fault-tolerant hardware is already reaching beyond classical computers.
Bitcoin developers published BIP-361, "Post Quantum Migration and Legacy Signature Sunset," in the official repository on April 14, 2026. Its three phases would stop payments to vulnerable addresses (~3 years after activation), invalidate legacy ECDSA/Schnorr signatures (~5 years), and, in a still-research phase, let owners reclaim frozen coins with a zero-knowledge proof of their seed phrase. It exists because BIP-360 protects only new coins, leaving ~34% of all BTC (6.5 to 6.9 million, including ~1.7 million Satoshi-era coins) permanently exposed. That is the freeze-or-steal dilemma: freezing lost coins offends Bitcoin's core promise, but leaving them makes them quantum bounties. And BIP-361 is still a draft with no activation timeline; a co-author estimates full migration at about seven years once consensus forms, which it has not.
Justin Sun said Tron will put NIST post-quantum signatures on mainnet, targeting a Q2 2026 testnet and Q3 2026 mainnet, and billed it as the "first major public blockchain" to do so. As of mid-April it was only an announcement, with no governance proposal or technical spec, and the "world's first" claim overlooks QRL, post-quantum since 2018. Others are moving too: Solana has PQ signatures on testnet, and Coinbase formed a quantum advisory board in January. The race shows both the urgency and the difficulty of retrofitting a live chain with millions of legacy addresses.
An independent Halborn audit of QRL's two NIST post-quantum signature libraries found no cryptographic vulnerabilities; all 13 findings were Informational and have been resolved. It followed the March 31 QRL 2.0 Testnet V2 launch (Hyperion plus the QRVM). Google's March 30 whitepaper had already named QRL as presently post-quantum-secure.
"A fix exists" is not the same as "safe." A chain is safe only when its whole stack, the base protocol, every account, and the contracts, bridges, and value on top, is migrated before Q-Day. Here is what today's fixes actually cover:
| Fix | Protects | Does not protect |
|---|---|---|
| Bitcoin BIP-360 (P2MR) | new addresses, coins at rest | coins on spend (the key still appears in the mempool when you move them); any existing coin |
| Bitcoin BIP-361 | proposes freezing or migrating legacy coins | draft only, no activation date; freezing lost coins is contested |
| Ethereum by 2029 | the base protocol (validator signatures, KZG, ZK proofs) | accounts, smart contracts, bridges, Layer-2s |
| QRL since 2018 | the entire stack, from genesis | nothing left to migrate |
Bitcoin: the migration dwarfs the fix. BIP-360 covers only new addresses, and only at rest; the instant you spend, the public key is exposed in the mempool. Existing coins are worse off: about 34% of all BTC (6.5 to 6.9 million, including ~1.7 million Satoshi-era coins) already have exposed keys that no upgrade can hide. And the scale is brutal: moving Bitcoin's ~190 million UTXOs at the network's ceiling of ~7 transactions per second would take roughly a year of blocks doing nothing but migration, and multi-year in practice. Every migration transaction briefly exposes its own key while it waits to confirm.
Ethereum: the base layer is the easy part. The 2029 target covers the protocol only. The value sits above it: hundreds of millions of ECDSA accounts, the whole smart-contract and DeFi stack, bridges, and Layer-2s, each with its own cryptography and its own upgrade path. Many contracts are immutable and cannot be patched in place; they must be redeployed and their liquidity moved. Because DeFi is composable, one protocol depends on tokens, oracles, bridges, and an L2 that must all migrate together. No one can mandate it: it is voluntary coordination across hundreds of millions of accounts and thousands of independent teams (per-account wallet agility, via EIP-8141, is still only proposed for late 2026). A 2029 base layer is a milestone, not safety.
QRL was post-quantum from its 2018 genesis (XMSS) and carries that into EVM smart contracts with ML-DSA-87, now on an independently audited public testnet. There is nothing to migrate before Q-Day.
The throughline of 2026: the chains with the most at stake face the hardest migrations, while the protection they are racing toward has been live on QRL for years.
Three-phase legacy signature sunset; freezes ~34% of BTC (~6.5-6.9M coins) if unmigrated; draft with no activation timeline
Tron PQC mainnet target Q3 2026
Four quantum-vulnerable areas; core L1 upgrades targeted by 2029; EIP-8141 wallet agility
Dedicated PQ team, $2M prizes, pq.ethereum.org
No vulnerabilities; 13 Informational findings
Hyperion + QRVM; staking and contract deployment live
Current verified logical-qubit record
May 2026 hardware and procurement developments
Definitive reference: <500,000 physical qubits, on-spend/at-rest/on-setup attack taxonomy, Ethereum 5-vector analysis, dormant asset policy
~6,500 logical qubits for practical secp256k1 attack in ~2 hours
Protocol-semantic constraint on Bitcoin's PQC migration
Establishes baseline qubit estimates for ECDSA-256
Physical qubit requirements at different time constraints
Breakdown by address type
1.9M BTC in P2PK, 4M BTC in reused addresses
ECDSA deprecated 2030, prohibited 2035
Official approved algorithms
HNDL attacks confirmed
256 qubits at 99.99% fidelity in 2026, 1,600 logical qubits by 2028
12 logical qubits achieved, 1,000 by 2030
200 logical qubits by 2029, 2,000 by 2033
48 error-corrected logical qubits, 2:1 ratio
Targeting cryptographically relevant neutral-atom FTQC before end of decade