Quantum Computing Threats to the Blockchain Industry

Executive Summary

DOWNLOAD the full report here!

Quantum computing has moved from theoretical concern to active planning issue for the blockchain industry. The threat is not that today's quantum computers can break major blockchains — they cannot. The concern is that future fault-tolerant quantum computers may break the public-key cryptography that blockchains depend on to authorize transactions, secure validators, operate bridges, control smart contracts, and manage custody infrastructure.

Our report finds that digital signatures are the primary exposure. Most major blockchain ecosystems rely on elliptic-curve signature schemes whose security rests on mathematical assumptions vulnerable to Shor's algorithm. If a sufficiently capable quantum computer can recover a private key from an exposed public key, an attacker can produce signatures that appear valid to the network — and a blockchain has no native mechanism to distinguish a forged transaction from a legitimate one.

The timeline remains uncertain, but public planning signals are tightening. The main algorithmic threat has been known since the 1990s, resource estimates for blockchain-relevant attacks are becoming more concrete, and major governments, standards bodies, technology companies, and financial-sector groups are planning post-quantum migration around the late 2020s to mid-2030s. A 2026 Google resource estimate paper focused specifically on cryptocurrency signatures, and an open benchmark arena called ecdsa.fail has already reported a 15.1% improvement over Google's circuit as of June 2026. For blockchain ecosystems, the key issue is that migration may need to begin long before a cryptographically relevant quantum computer is publicly confirmed.

Mitigation is possible, but it is not a simple algorithm swap. NIST-standardized post-quantum signatures — ML-DSA, SLH-DSA, and the forthcoming FN-DSA — provide important building blocks, but blockchain migration must also address transaction size, fees, wallet UX, validators, smart contracts, bridges, custodians, dormant accounts, governance processes, and operational readiness.

Key Insights

• Quantum risk is a credible future planning issue, not an immediate threat. No public quantum computer can currently break production blockchain signatures. The concern is that future fault-tolerant machines may be able to, and blockchain migration requires coordinating many stakeholders before that moment arrives.
• Digital signatures are the primary blockchain exposure. Most major blockchain ecosystems rely on elliptic-curve schemes whose security depends on assumptions vulnerable to Shor's algorithm. A successful key-recovery attack would allow an attacker to produce signatures that the network treats as valid.
• Public key visibility determines exposure. Keys that have already appeared on-chain may be targetable if funds or authority still depend on them. Wallets that reuse addresses, dormant accounts, bridge signers, validator keys, and governance multisigs represent higher-risk categories than fresh keys not yet revealed.
• Bitcoin, Ethereum, and Solana face distinct migration challenges. Their account models, address designs, signature schemes, validator architectures, and upgrade governance processes create different exposure profiles and different paths to post-quantum migration.
• Public planning timelines cluster around 2029–2035. Google has set a PQC migration target of 2029, the UK NCSC recommends completing highest-priority migration by 2031, and G7 financial-sector guidance points to 2035 as an overall target, with critical systems prioritized around 2030–2032. Expert surveys put the probability of a cryptographically relevant quantum computer at 28–49% within 10 years.
• Resource estimates are becoming more blockchain-specific. Google's 2026 whitepaper estimated that attacking 256-bit elliptic-curve signatures could require fewer than half a million physical qubits under stated assumptions. The ecdsa.fail benchmark arena is making optimization of blockchain-relevant quantum circuits open and publicly verifiable.
• NIST post-quantum standards exist, but standards alone do not migrate blockchain assets. ML-DSA (FIPS 204) is the primary candidate, SLH-DSA (FIPS 205) provides assumption diversity with heavier signatures, and FN-DSA (FIPS 206, forthcoming) may offer compact signatures suited to high-throughput environments. Each involves tradeoffs in transaction size, verification cost, and implementation complexity.
• Bridges, custodians, and governance systems may need to migrate earlier than ordinary users. Concentrated value and long-lived signing keys make these systems priority targets. Migration for these infrastructures is an operational transition, not only a cryptographic one.
• Cryptographic agility is the strongest near-term posture. Systems designed so that signature schemes can be replaced or supplemented — without emergency redesign — will be better positioned regardless of how the quantum timeline develops.

Read the full report to learn more about quantum computing threats to blockchain security and the migration paths available to protocols, validators, custodians, and ecosystem participants.

FAQs

Can quantum computers break blockchain security today?

No. Current quantum hardware cannot break production blockchain signatures. The concern is that future fault-tolerant quantum computers may be capable of doing so, and that blockchain ecosystems require significant lead time to migrate.

What is the primary quantum threat to blockchains?

Digital signatures. Most major blockchains rely on elliptic-curve schemes vulnerable to Shor's algorithm. If a quantum attacker can recover a private key from an exposed public key, they can authorize transactions that the network treats as legitimate.

Which wallets and systems are most exposed?

Exposure depends on whether a public key is already visible on-chain. Reused addresses, dormant wallets with exposed keys, bridge validator sets, custodial signing systems, and governance multisigs represent higher-risk categories because their keys may already be known and their value or authority remains.

When do blockchain ecosystems need to act?

Public planning signals increasingly point to a migration window between 2029 and 2035. Because blockchain migration requires coordinating protocols, wallets, validators, custodians, exchanges, and users, the relevant deadline is not the arrival of a quantum computer — it is the latest point by which migration can be completed in an orderly way.

Are post-quantum signature standards ready to use?

NIST finalized ML-DSA and SLH-DSA in August 2024, with FN-DSA under development. These standards provide building blocks, but each involves tradeoffs in signature size, verification cost, and implementation complexity that blockchains must address alongside transaction formats, fee markets, wallet UX, and infrastructure coordination.