The most dangerous attack on Bitcoin might already be underway, and nobody would know it until it’s too late. Security researchers are raising alarms about “harvest now, decrypt later” strategies, where nation-state adversaries quietly collect encrypted blockchain data today with plans to crack it open once quantum computers catch up.

The qubit countdown

A March 2026 whitepaper from Google Quantum AI delivered a jolt to the cryptography community. The paper estimated that breaking Bitcoin’s secp256k1 elliptic curve cryptography, the mathematical backbone securing every Bitcoin signature, could require as few as 1,200 logical qubits. That represents a 20-fold reduction from previous estimates of the computational resources needed to compromise ECC-256.

To be clear, no quantum computer exists today with 1,200 fault-tolerant logical qubits. Current machines operate with far fewer, and the gap between physical qubits (noisy, error-prone) and logical qubits (reliable, corrected) remains significant. Project Eleven, a research initiative tracking quantum threats to cryptography, models the arrival of cryptographically relevant quantum computers, what they call “Q-Day,” somewhere between 2030 and 2033.

$500 billion in exposed Bitcoin

According to analyses from Citi and Project Eleven published in May 2026, approximately 6.5 to 6.9 million BTC have their public keys exposed on the blockchain. At current valuations, that translates to roughly $450 to $500 billion worth of Bitcoin sitting in a quantum-vulnerable state.

Public key exposure happens when a Bitcoin address has been used to send a transaction, because the spending process reveals the public key associated with that address. Coins sitting in addresses that have never sent an outbound transaction are safer, since only a hashed version of the public key is visible. A significant chunk of those exposed coins likely sits in dormant wallets, including addresses potentially linked to Bitcoin’s pseudonymous creator, Satoshi Nakamoto.

Bitcoin’s governance problem

Bitcoin’s decentralized governance model becomes a liability when the network needs to execute a rapid, sweeping protocol change. Every node operator, miner, and wallet provider would need to adopt new cryptographic standards. Users would need to migrate their funds to new address formats.

Citi’s May 2026 analysis specifically highlighted this disadvantage, noting that Bitcoin’s upgrade process is slower and more contentious than proof-of-stake networks like Ethereum, which can push protocol changes through more streamlined governance mechanisms.

What this means for investors

Nation-state actors were already reported to be stockpiling blockchain data as of October 2025. The roughly $450 to $500 billion in quantum-exposed BTC represents a concentrated risk pocket. Alternative networks that can implement post-quantum cryptography faster may attract capital from institutions conducting long-horizon risk assessments, as platforms with more agile governance hold a structural advantage identified in Citi’s analysis.