The question is no longer whether quantum computers will eventually crack Bitcoin's encryption—it's whether the network can upgrade its defenses before that day arrives. According to a new analysis from Citi, the timeline for quantum risk has shortened meaningfully, and Bitcoin sits more exposed than most of the digital infrastructure it shares a threat model with.

The bank's researchers point to recent advances in quantum error correction and qubit stability as evidence that the field is progressing faster than consensus forecasts from even two years ago. While a cryptographically relevant quantum computer—one capable of running Shor's algorithm at scale—remains years away, Citi argues the margin for complacency has narrowed. For Bitcoin, whose security model depends on the computational difficulty of deriving private keys from public ones, the stakes are existential.

Why Bitcoin is uniquely vulnerable

Most internet security relies on similar cryptographic assumptions, but Bitcoin faces a compounding problem: its decentralized governance makes rapid protocol changes extraordinarily difficult. Upgrading the signature scheme from ECDSA to a quantum-resistant alternative would require overwhelming consensus among miners, node operators, and developers—a process that historically takes years, not months. The network's last major cryptographic upgrade, Taproot, took over three years from proposal to activation.

Citi also notes that Bitcoin's transparent ledger creates a secondary vulnerability. Addresses that have ever spent funds—revealing their public keys—would be immediately at risk once a sufficiently powerful quantum machine comes online. Estimates suggest hundreds of billions of dollars in BTC sit in such addresses, including coins believed to belong to Satoshi Nakamoto.

The broader infrastructure problem

Bitcoin is not alone in facing quantum risk, but it may be alone in facing it without a clear remediation path. Traditional financial institutions and governments are already migrating to post-quantum cryptographic standards, with NIST having finalized its first set of approved algorithms in 2024. Cloud providers and major tech platforms have begun integrating these standards into their systems.

The crypto industry, by contrast, has treated quantum risk as a distant hypothetical. Ethereum's roadmap includes vague references to quantum resistance, but no concrete timeline. Smaller chains have even less urgency. Citi's report serves as a reminder that decentralization, for all its virtues, can also mean paralysis in the face of coordinated technical threats.

Our take

The crypto industry's default response to quantum risk has been a shrug and a reference to how far away the threat supposedly is. Citi's analysis suggests that posture is increasingly reckless. Bitcoin's governance model is a feature when it comes to resisting censorship; it is a bug when it comes to responding to existential technical threats. The network that prides itself on being the hardest money ever created may also be the slowest to adapt when adaptation becomes non-negotiable. That's not a fatal flaw—yet. But the window for treating quantum computing as someone else's problem is closing faster than the maxis would like to admit.