Quantum computing headlines increasingly suggest that Bitcoin is on the verge of collapse, with claims that future machines could crack its cryptography in minutes or completely overwhelm the network.
But academic research paints a narrower picture. Some widely cited “breakthroughs” rely on simplified problems that do not reflect real-world cryptography. What about quantum attacks on Bitcoin? The energy required is equivalent to that of a small star, according to research papers shared on X by Bitcoin hardware entrepreneur Rodolfo Novak.
Bitcoin’s security relies on two different types of mathematics, and quantum computers threaten them in two different ways.
One of them, known as the Shor algorithm, targets wallet security. In theory, this allows a sufficiently powerful quantum computer to derive a private key from a public key. This would allow an attacker to take control of the funds outright, breaking the ownership guarantees that underpin Bitcoin.
The other, known as Grover’s algorithm, applies to mining. It offers a theoretical speed-up to trial-and-error research performed by miners – but as one of the articles below shows, this benefit largely evaporates once you try to build the machine.
The two threats are often confused in headlines. But they arrive very differently once you factor in real-world constraints.
Two recent articles highlighted in a discussion thread on Together, they suggest, with a thread summarizing research and contrarian views, the current cryptocurrency Twitter panic confuses a genuine long-term concern with a news cycle built on theater.
Mining hits a wall made of physics
The first paper, by Pierre-Luc Dallaire-Demers and the team at BTQ Technologies, published in March 2026, asks whether a quantum computer could actually outperform BTC using Grover’s algorithm, a quantum technique that could allow a computer to guess a problem much faster than any normal machine – in the case of Bitcoin, speeding up the trial-and-error search process that miners use to find valid blocks.
The stakes are higher than they seem. Mining is what protects BTC from a 51% attack, the scenario in which a single actor controls enough hash power to rewrite recent transaction history, double coins, or censor the network. If a quantum miner could dominate block production, consensus itself would be at stake, not just individual wallets.
In theory, Grover offers a path to this domination. In practice, the researchers say, the answer breaks down once you weigh the price of the hardware and its energy requirements. Running Grover against SHA-256 – the mathematical formula that Bitcoin miners attempt to solve to add new blocks to the blockchain and earn rewards – would be physically impossible.
Running the algorithm against Bitcoin would require quantum hardware on a scale that no one knows how to build.
Each step of the research involves hundreds of thousands of delicate operations, each requiring its own dedicated support system of thousands of qubits just to control errors. And because Bitcoin produces a new block every ten minutes, any attacker would only have a narrow window to complete the job, forcing them to run large numbers of these machines side by side.
During the January 2025 Bitcoin difficulty, the authors estimate that a quantum mining fleet would need around 10²³ qubits consuming 10²⁵ watts, which is close to the power output of a star (for reference, that’s still 3% of Earth’s Sun). In comparison, the entire current Bitcoin blockchain consumes around 15 gigawatts.
A quantum 51% attack is not only costly. It is physically inaccessible on any scale that a real civilization could sustain.
Quantum factorization records are mostly theater
The second article, by Peter Gutmann of the University of Auckland and Stephan Neuhaus of the Zürcher Hochschule in Switzerland, tackles another part of the narrative: the constant beat of headlines claiming that quantum computers are already starting to break encryption.
The authors set out to reproduce all the major “breakthroughs” in quantum factorization of the last two decades. They succeed – using a 1981 VIC-20 home computer, an abacus and a dog named Scribble, trained to bark three times.
The joke falls because the substance is serious. Factoring is the mathematical problem at the heart of most modern encryption: take a very large number and find the two prime numbers that multiply together to form it.
For a number with hundreds of digits, this seems effectively impossible on any normal computer. Shor’s algorithm, the quantum technique behind the Bitcoin wallet threat, is why people fear that quantum machines could eventually do it.
But according to Gutmann and Neuhaus, almost all protests so far have cheated. In some cases, researchers chose numbers whose hidden prime factors were only a few digits apart, making them easy to guess with a basic math trick.
In others, they first ran the hardest part of the problem on a regular computer — a step called preprocessing — then handed a stripped-down, trivially simple version to the quantum machine to “solve.” The quantum computer is credited with this breakthrough, but the real work has been done elsewhere.
The authors focus on a recent paper claiming that a Chinese team used a D-Wave machine to make progress toward breaking RSA-2048, the encryption standard that protects most banking, email, and e-commerce traffic on the Internet.
The researchers had published ten sample numbers for proof. Gutmann and Neuhaus ran these numbers through a VIC-20 emulator and retrieved the answers in about 16 seconds each. The prime numbers were chosen just a few digits apart, making them easy to find using an algorithm that mathematician John von Neumann adapted from an abacus technique in 1945.
Why does this keep happening? The authors offer a simple answer: Quantum factorization is a high-profile field with limited real-world results, and the incentive to publish something impressive is strong.
Choosing fudged numbers or doing most of the work the conventional way allows researchers to claim a new “record” without actually advancing the underlying science. The paper proposes new evaluation standards that would require random numbers, no preprocessing and factors kept secret from experimenters. No demonstration to date would pass.
The takeaway is not that quantum computing is harmless. It’s not that every “breakthrough” title represents real progress toward disrupting modern crypto, and traders should be skeptical when the next one arrives.
What still deserves concern
Neither article entirely rejects the quantum threat.
The real vulnerability lies in Bitcoin wallets, not mining. Millions of bitcoins are in older or reused addresses where key information is already exposed on the blockchain, making them the most likely long-term target if quantum machines improve.
Since these documents were published, what has changed is not the threat, but the estimates. A recent paper by Google researchers suggests that the computing power needed for such an attack could drop significantly, with the encryption that secures the Bitcoin blockchain vulnerable in an attack that takes minutes.
This does not mean the attack is close. The authors reveal in the paper that building such a machine is currently physically impossible and requires technical advances that have not yet been achieved: from lasers that control the qubits, to the speed at which they can be read, to the ability to make tens of thousands of atoms work in concert without losing them.
There are also signs that the public’s view may be incomplete. Some recent research has glossed over key technical details, and experts have cautioned that progress in this area is not always shared openly.
Nonetheless, developers are already working on fixes, including ways to reduce key exposure and new types of signatures designed to resist quantum attacks.
Markets reflect the view that this threat remains confined to the classroom. Traders see little chance of Bitcoin replacing its mining algorithm before 2027, but attribute much higher chances, around 40%, to upgrades like BIP-360 aimed at reducing portfolio risk.
The quantum threat to Bitcoin is real, but it is important to remember that the construction of the machines used to attack the blockchain is limited by the limits of physics.
