According to the source, IBM has publicly demonstrated the 127-qubit Eagle in 2021 and the 433-qubit Osprey in 2022, and unveiled the 1,121-qubit Condor in 2023, as documented in the IBM Research quantum roadmap and announcements. NIST states that cryptographically relevant, fault-tolerant quantum computers do not yet exist and has initiated a multi-year migration to post-quantum standards, per NIST’s Post-Quantum Cryptography standardization updates in 2022 and 2024. For Bitcoin’s secp256k1 ECDSA, resource estimates indicate very large error-corrected qubit counts and long runtimes are required for Shor-based attacks, far beyond today’s devices, per Roetteler et al. 2017 and NIST assessments. In practice, only outputs whose public keys are revealed at spend are directly exposed before any upgrade, while P2PKH, P2WPKH, and Taproot outputs reveal the pubkey only on spending, limiting immediate on-chain attack surface, per the Bitcoin.org Developer Guide.

According to the source, Trezor unveiled its new Safe 7 hardware wallet, marketed as anticipating a post-quantum future for private-key protection. Source: Trezor. For traders, the launch broadens self-custody options for BTC and ETH by keeping keys offline and away from exchange counterparty risk. Source: Trezor. Long-horizon holders should track vendor roadmaps to adopt NIST-selected post-quantum cryptography such as CRYSTALS-Kyber and Dilithium to mitigate future key exposure risks. Source: NIST. To gauge market impact, monitor hardware wallet sales updates alongside exchange BTC and ETH balance trends commonly watched by market participants. Source: Glassnode.

According to Charles Edwards (@caprioleio), up to 20–30% of BTC held in legacy P2PK outputs could be taken by a future quantum computer within 2–8 years, and he proposes either allowing theft-related dumping or enforcing a migration window that burns unmigrated coins (source: Charles Edwards on X, Oct 15, 2025). According to Bitcoin Wiki, P2PK outputs reveal public keys on-chain, leaving any unspent P2PK UTXOs inherently exposed if Shor’s algorithm breaks secp256k1 ECDSA (source: Bitcoin Wiki, Pay-to-Pubkey). According to NIST’s Post-Quantum Cryptography program, no cryptographically relevant quantum computer exists today, though ECDSA is not quantum-safe and migration to standardized PQC schemes like CRYSTALS-Dilithium will be required once timelines warrant (source: NIST PQC status reports, 2022–2024). According to Roetteler et al. (Microsoft Research), breaking a single secp256k1 key demands very large fault-tolerant quantum resources beyond current hardware, making the specific 2–8 year horizon uncertain for traders to price (source: Roetteler et al., 2017, Quantum Resource Estimates for ECC).

According to @caprioleio, the US Dept of War has raised the alarm that a potential 'Q-Day' could arrive within three years, arguing BTC will not reach $1M per coin unless the quantum threat is addressed (source: @caprioleio on X, Oct 8, 2025). Bitcoin relies on ECDSA (secp256k1) for transaction signatures, which are theoretically breakable by sufficiently powerful quantum computers via Shor’s algorithm, making quantum security a systemic consideration for BTC (source: Bitcoin.org Developer Documentation; NIST Post-Quantum Cryptography program). U.S. standards bodies have already moved to mitigate such risks, with NIST publishing post-quantum cryptography standards in 2024 and the NSA’s CNSA 2.0 guidance setting migration timelines for national security systems, providing objective checkpoints for security transition risk (source: NIST 2024 PQC standards; NSA CNSA 2.0 guidance). For trading, monitor official NIST/NSA releases and any Bitcoin Core proposals on post-quantum signatures, as policy or development milestones can reprioritize BTC risk premia and hedging demand in derivatives markets (source: @caprioleio; NIST; NSA).