According to the source, Q-Day describes the point when cryptographically relevant quantum computers can use Shor’s algorithm to break Bitcoin’s ECDSA and Schnorr signatures, endangering funds once their public keys are exposed; source: Shor 1994; source: BIP340; source: Bitcoin Wiki (Quantum computing and Bitcoin). For Bitcoin specifically, coins become vulnerable only after a spend reveals the public key, while unspent outputs with unrevealed keys retain stronger pre-spend safety; source: Bitcoin.org Developer Guide; source: Bitcoin Wiki. Early P2PK outputs and any reused addresses that have exposed public keys are structurally more at risk if a sufficiently powerful quantum computer emerges; source: Bitcoin Wiki; source: Bitcoin.org Developer Guide. No quantum computer currently exists that can break 256-bit ECC in practice, and NIST finalized the first post-quantum cryptography standards in 2024 to guide migration (ML-KEM, ML-DSA, SLH-DSA), indicating preparation rather than immediate breakage; source: NIST 2024 FIPS 203–205. U.S. national security guidance targets migration to post-quantum algorithms over the coming decade, underscoring a medium- to long-term threat horizon for public-key systems like ECDSA/Schnorr; source: NSA CNSA 2.0, 2022. For traders, key watchpoints include Bitcoin Core and BIP discussions on introducing post-quantum signature types via soft fork (demonstrated feasible by past upgrades like Taproot), the share of UTXOs with exposed public keys, and NIST/industry PQC adoption milestones; source: BIP341 Taproot; source: Bitcoin Wiki; source: NIST 2024. A credible roadmap to post-quantum migration and on-chain movement to new address types would be a critical market catalyst for BTC volatility and fees, making custody policies that minimize key exposure and reuse a prudent risk control; source: Bitcoin Wiki; source: Bitcoin.org Developer Guide.