Is Bitcoin actually vulnerable to quantum computers today?

No. Current quantum hardware is nowhere near the qubit count and error-correction needed to run Shor's algorithm against secp256k1. The concern is lead time: a migration takes years, and the threat could mature faster than consensus.

How much bitcoin is at risk if quantum hardware matures?

On-chain analyses have estimated around 4 million BTC sit in addresses with exposed public keys, including dormant 2009-2010 P2PK outputs. Any address that has previously spent also exposes its public key.

Why does Pruden say it's harder than Taproot?

Taproot upgraded Bitcoin's signature aggregation and added Schnorr alongside ECDSA, but it kept the same elliptic-curve trust model. A post-quantum migration replaces that trust model entirely, requiring new address formats, wallet support, and a coin-migration path.

What should holders do now?

This isn't a trading call. Long-term holders with coins in legacy address formats should track BIP discussions and be ready to migrate to a quantum-resistant address when one is standardized. Coins that have never spent from a SegWit or Taproot address are less exposed than P2PK or address-reuse cases.

Bitcoin's Post-Quantum Migration Will Be Harder Than Taproot, Project Eleven's Pruden Warns

Project Eleven Chief Executive Alex Pruden said Bitcoin's migration to a post-quantum signature scheme will be more complex than the 2021 Taproot upgrade and needs to start moving from research into production, in remarks published by CoinDesk on Wednesday. Pruden framed the call as a question of asymmetry: the cost of acting now is finite, while the cost of waiting for certainty on quantum-hardware timelines is the entire signature security model that protects roughly a quarter of all bitcoin in circulation. The comments land as Bitcoin Core contributors continue to debate competing post-quantum proposals, with no consensus path to activation.

By Clara Hoffmann· L2 & scaling

What happened

Alex Pruden, the chief executive of Project Eleven, told CoinDesk in an interview published Wednesday that Bitcoin's transition to a post-quantum signature scheme will be a heavier engineering lift than Taproot, and that Core developers should stop treating it as a research problem. Pruden's framing was direct: the asymmetry between acting on a post-quantum signature scheme today and waiting for certainty about quantum-computing hardware means the bias should be toward shipping.

Project Eleven runs research on quantum-resistant cryptography for blockchains, so Pruden has a horse in this race, and he didn't pretend otherwise. The comments land in a debate that has been simmering inside the Core developer community for years without a clear path to a Bitcoin Improvement Proposal that could actually activate.

Why it matters

Bitcoin's signature security rests on the elliptic-curve discrete logarithm problem, which a sufficiently large fault-tolerant quantum computer running Shor's algorithm could break. Estimates of how many qubits that takes vary wildly, and that's the point Pruden is exploiting. If you wait until the threat is provable, you've already lost the coins in any address whose public key has been exposed on-chain, including early Satoshi-era pay-to-public-key outputs and any address that has ever spent.

On-chain analyses have long pegged the at-risk float at around 4 million BTC, a figure that includes the dormant 2009-2010 mining rewards. A migration also can't be rushed at the moment of crisis. Taproot, a far smaller change to the signature model, took roughly four years from BIP draft in 2018 to mainnet activation in November 2021, and it didn't replace ECDSA.

Bitcoin's Post-Quantum Migration Will Be Harder Than Taproot, Project Eleven's Pruden Warns

What happened

Why it matters

Market impact

What to watch

Disclaimer

Key takeaways

Frequently asked

Sources