Quantum “Q-Day” could crack Bitcoin’s security fast

Q-Day quantum – A new wave of research is sharpening the timeline for when quantum computers could break encryption used in Bitcoin, triggering a potential “Q-Day” moment. But the fallout isn’t only about crypto markets—shares tied to Bitcoin can sit inside retirement funds,

On a regular morning in Queens, New York, the math felt like a countdown. A 57-page paper from researchers at Google, the Ethereum Foundation, and multiple universities had just landed for the people who read such things for a living—and for the first time, its message didn’t feel abstract.

By the time I reached New Scientist’s Manhattan office about an hour and a half later. it had already overtaken the rest of my day. The researchers were warning that quantum computers represent a direct threat to the safety of cryptocurrencies. and they weren’t talking in vague terms. They pointed to a concrete measure: how many qubits would be needed to break a widely used form of encryption.

That same sense of urgency accelerated when a second paper appeared online from researchers at Oratomic, a quantum computing start-up. The threat was the same. The timeline felt even more aggressive.

Google’s team put the figure at 500,000 qubits. The Oratomic researchers argued for 10,000. Both teams used the same key concept: qubits are the building blocks of a quantum computer, and that number is what it would take to crack one commonly used encryption scheme.

The chilling part is how close those numbers can feel to reality. The source reports that the largest qubit array that already exists counts 6100 qubits.

This is where the term “Q-Day” enters the picture—an idea that quantum computers. once powerful enough. would render most codes currently safeguarding digital communications and transactions ineffective. Google, the paper’s authors say, has urged a move to post-quantum cryptography (PQC) to prevent Q-Day by 2029.

Whether that date holds depends on how quickly the hardware and the theory meet. But the core fear has been long understood: a sufficiently powerful quantum computer can break the encryption behind Bitcoin.

Bitcoin’s security rests on what’s called the elliptic curve discrete logarithm problem (ECDLP). In simple terms, the problem is extraordinarily hard for conventional computers. That’s why ECDLP-based encryption is widely used. including in protecting internet communications like bank transactions and in securing nearly every major cryptocurrency.

For almost three decades. researchers have known that a powerful enough quantum computer could break it—by using Shor’s algorithm. The obstacle isn’t the mathematics. It’s the machines. A large. error-proof quantum computer didn’t exist in the 1990s. or the 2000s. or the 2010s. and the researchers note that it still doesn’t exist in the 2020s.

Even so, the estimates for the scale of quantum computers needed to break ECDLP-based encryption with Shor’s algorithm have been moving in the wrong direction. In 2019, researchers were debating tens of millions of qubits. Now, the Oratomic paper points to 10,000.

There’s also a more immediate warning embedded in Google’s team’s thinking. The researchers say that one sign quantum computers have lived up to their promise as decryption machines could show up on the blockchain itself. Specifically. they identified a way a quantum computer could carry out an “on-spend” attack—stealing currency being transferred during the roughly 10-minute window it takes to make a Bitcoin transaction.

That detail matters because Bitcoin is built around decentralized governance. Any change to its protocol requires consensus among users. And consensus, as people in the crypto world know from experience, is not the same thing as speed.

Eli Ben-Sasson, a cryptocurrency pioneer at StarkWare, told me a few weeks later: “I’m very worried, and I very much agree with what Google is saying.” He also said he was “very disappointed by the ossification of Bitcoin development.”

JP Aumasson. a cryptographer who worked on one of the signature post-quantum cryptography algorithms. echoed the urgency but didn’t pretend the timeline was guaranteed. “I’m really not impressed by what they [the Bitcoin community] have been doing in terms of post-quantum transition. ” he said. He also admitted reservations about whether cryptographically relevant quantum computers will arrive as soon as many experts predict.

For the wider world of information security, though, the message is already landing. The source reports that technology. finance. and others concerned with information security are considering shifting to quantum-safe algorithms and protocols by the end of the decade. Aumasson predicts the window is longer than Google’s 2029: he says there may be until 2036.

But in his view, Bitcoin users should be an exception. “When I see the decision-making process of the Bitcoin community and how fast, or maybe how slow, they move, I think they better hurry up,” he said.

Even if the cryptography doesn’t break tomorrow, the damage could arrive through perception. “It might be sufficient to just spread the rumour [that Bitcoin is vulnerable]… then the market will panic,” Aumasson said. “The financial losses would be enormous.”

For Bitcoin itself, software changes are part of the solution set. Several proposals for making Bitcoin quantum-safe through a software update already exist. But actually deploying them would require the disparate and wide Bitcoin community to reach consensus on whether, how, and when to do it.

Ben-Sasson described a climate that makes that consensus harder. It’s been roughly half a decade since Bitcoin’s last effort at infrastructure-level change. and he said controversy and conflict have followed such issues. “We’re in this very sad state where everyone. I think. understands what is needed and knows that it’s not a big deal. but everyone’s sort of afraid of even talking about it. because who knows when anonymous. crazy crypto mobs are going to attack you. ” he said.

There’s also a different option: a method Avihu Levy. one of Ben-Sasson’s colleagues at StarkWare. developed to make Bitcoin quantum-safe without a software update. But the reported tradeoff is steep. The computational power required for every new. safe transaction would be so high that it would increase the cost of doing business more than 200 times.

So the threat isn’t only about quantum hardware. It’s about decision-making under uncertainty—what people choose to do, when, and how difficult it is for a decentralized network to coordinate.

That’s the part that stopped being “just crypto” for me.

I’d spent nearly a decade tuning out most of the noise around Bitcoin. So I asked myself what many people in the real world ask: could avoiding blockchain entirely protect me from its collision with quantum technology?

It didn’t. The source points to one reason that’s both ordinary and deeply unsettling: I, like many workers in the US, have a retirement account.

In June of 2025, New York Times finance columnist Jeff Sommer reported uncovering unexpected Bitcoin in his own retirement account. It happened because his account was connected to an index fund that included stock from a company known as Strategy, whose primary asset is Bitcoin.

The source adds that as I write this in May 2026, Bitcoin Treasuries—a website tracking digital assets—shows Strategy firmly at number one among public companies that own Bitcoin.

Sommer’s reporting, in the source, says investment funds run by prominent firms—Fidelity, Vanguard, BlackRock, and Morgan Stanley—include shares of Strategy.

My retirement account is run by Fidelity. So the logic that follows from the source is straightforward. even if it’s uncomfortable: if Bitcoin’s price were to fluctuate wildly—such as during what Aumasson describes as a “market panic” driven by the rumour of vulnerability—there could be ripple effects from Bitcoin to Strategy to Fidelity. and then to my ability to retire.

It doesn’t stop with one investor or one broker. The source reports that several US states—including California, North Carolina, Texas, and Louisiana—hold shares of Strategy in retirement funds set up for state employees and public school teachers.

At the same time. the source says the administration of President Donald Trump indicated it wanted to make it easier to fold cryptocurrency directly into retirement accounts. including by rescinding past guidance against it. It also notes that definitive regulatory changes have not happened yet. but some in the cryptocurrency community see them on the horizon.

No simple solution appears in the source other than cooperation—and it’s hard to ignore the irony. The people who built much of society’s infrastructure, the source argues, did it by working together. Futuristic technologies such as quantum computing and blockchain shouldn’t become an excuse to forget that consensus is one of the oldest enabling technologies.

Ben-Sasson, the source says, has co-authored a book on cryptocurrency with the hope of bringing more educated and rational users into the fold.

Aumasson also suggests a role for government, warning that regulations, fines, and public shame can go a long way.

The source notes that the current administration in the US seems to be leaning away from regulating cryptocurrency, but that could change after elections in the next few years.

And for me. that’s where the stakes land—not in the speculative future of quantum machines. but in the practical reality that retirement plans can hold exposure to Bitcoin through index funds and public-company ownership. Quantum computing may be a lab-bound frontier today. But the consequences of Q-Day. if it comes with speed or even with credible fear. could reach into places that were never designed for crypto panic.

That’s the part I can’t shake. Not the headlines about qubits. The thought of ordinary savings riding along for the ride.

quantum computing Q-Day Bitcoin security post-quantum cryptography ECDLP Shor's algorithm qubits on-spend attack retirement accounts Fidelity Strategy StarkWare Eli Ben-Sasson JP Aumasson