Quantum computing has been discussed for years as a distant worry for the cryptocurrency market. In 2026, that conversation is becoming more urgent. Bitcoin, Ethereum and other major blockchain networks are not being broken by quantum computers today, but new research is pushing developers, exchanges, custodians and regulators to prepare for a different security era.

The concern comes from how blockchains prove ownership. Most crypto networks rely on public-key cryptography. A wallet signs a transaction with a private key, and the network checks that signature using a related public key. Under today’s computing limits, deriving the private key from the public key is considered impractical. A sufficiently advanced quantum computer running Shor’s algorithm could change that assumption and make some signature systems vulnerable.

Google Quantum AI added fresh momentum to the debate in March 2026. Its research said future quantum machines may be able to break 256-bit elliptic curve cryptography with fewer resources than earlier estimates suggested. Google described two circuit estimates: one using fewer than 1,200 logical qubits and 90 million Toffoli gates, and another using fewer than 1,450 logical qubits and 70 million Toffoli gates. The company also said post-quantum migration needs to begin before such attacks become realistic.

That does not mean ordinary crypto users should panic. Ethereum’s own roadmap says no current quantum computer can break Ethereum’s cryptography, and it frames current work as long-term preparation rather than a response to an active exploit. The key point is timing: large cryptographic migrations can take years, especially when millions of wallets, validators, apps and custody platforms are involved.

Why Bitcoin has a different kind of risk

Bitcoin’s exposure is not uniform across all coins. Some Bitcoin outputs reveal public keys directly on-chain, while others hide public keys until coins are spent. Once a public key is visible on the blockchain, it stays visible forever. In a future where quantum computers can derive private keys from public keys, those already exposed coins would become the easiest targets.

A 2025 Chaincode Labs report identified P2PK, P2MS and P2TR outputs as immediately exposed to a future cryptographically relevant quantum computer because these script types place public keys, or public-key equivalents, on-chain. It also noted that all Bitcoin script types reveal public keys when coins are spent, creating a short attack window around transaction broadcast and confirmation.

More recent Glassnode data gives a clearer view of the scale. Its May 2026 analysis estimated that 6.04 million BTC, or 30.2% of issued supply, is exposed at rest because the public key is already visible. Glassnode split that into 1.92 million BTC of structural exposure and 4.12 million BTC of operational exposure. The operational category largely reflects address reuse, partial spending and custody behavior, with exchange-related balances representing a major share.

This is why Bitcoin’s quantum problem is not only technical. It is also behavioral and political. Active users can reduce risk by avoiding address reuse and later migrating to safer script types when available. Lost coins, abandoned wallets and very old exposed outputs are much harder to move. Any protocol-level response would likely require difficult community consensus.

Ethereum is building post-quantum planning into its roadmap

Ethereum has made quantum resistance a formal part of its long-term roadmap. Its future-proofing page says the Ethereum Foundation formed a dedicated Post-Quantum Security team in January 2026. Current work includes hash-based signatures, a minimal zkVM to compress larger quantum-safe signatures, weekly interop testing with more than 10 client teams, and account abstraction through EIP-8141. Ethereum says core post-quantum infrastructure is being targeted around 2029, while also noting that this is a planning target rather than a guaranteed deadline.

Ethereum’s risk profile is broader than user wallets alone. Its roadmap highlights four areas that need post-quantum upgrades: consensus signatures, data availability commitments, account signatures and some application-layer zero-knowledge proof systems. The account risk is easy to understand. When an Ethereum account sends a transaction, its public key becomes visible on-chain. In a post-quantum scenario, that exposure could eventually matter.

Account abstraction could help because it may allow individual accounts to choose different signature verification methods. Instead of forcing every user through one massive network-wide change at the same moment, Ethereum may be able to support more flexible migration paths for quantum-safe signatures.

XRP Ledger and other networks are also preparing

Ripple has also started laying out a post-quantum roadmap for the XRP Ledger. In April 2026, Ripple said it is targeting full readiness by 2028. The plan includes testing quantum-resistant cryptography, using a hybrid rollout alongside existing systems, working with Project Eleven, running validator-level tests and building custody wallet prototypes. Ripple also referenced a “Quantum-Day” contingency plan for migration to quantum-safe accounts if existing standards become compromised.

Circle Research has framed the issue as “Q-Day” preparation for the broader blockchain stack. Its January 2026 post said protocols using elliptic curves or RSA are vulnerable to Shor’s algorithm, while hash functions such as SHA-256 and SHA-3, along with symmetric encryption such as AES, are expected to remain secure.

That difference matters. The main quantum threat to crypto is not mining. It is signatures. Digital signatures such as ECDSA and Ed25519 are the exposed layer because they depend on elliptic curve assumptions. Hashing and symmetric encryption are in a stronger position when appropriate key sizes are used. Hedera’s analysis reaches the same broad conclusion: signatures and key agreement need migration, while hashes and symmetric encryption are lower-risk areas.

The tools exist, but the migration will be hard

The crypto industry is not starting from zero. In August 2024, the U.S. National Institute of Standards and Technology finalized its first three post-quantum cryptography standards. FIPS 203 covers ML-KEM for key establishment, FIPS 204 covers ML-DSA for digital signatures, and FIPS 205 covers SLH-DSA as another digital signature standard. NIST says organizations should begin identifying vulnerable algorithms and moving systems toward quantum-resistant cryptography.

For blockchains, the challenge is not simply choosing a new algorithm. Post-quantum signatures are often much larger than the signatures used today. Hedera notes that Ed25519 signatures are 64 bytes, while FN-DSA-1024 signatures are 1,280 bytes and ML-DSA signatures are larger still. Bigger signatures can affect transaction size, fees, bandwidth, storage and multi-signature design.

Centralized companies can update systems internally, although that can still be expensive. Public blockchains face a more complex problem. Wallets, validators, hardware devices, exchanges, custodians, developers and users all need to coordinate. Users may need to rotate keys, move funds, upgrade software or sign migration transactions using the very systems being phased out.

That is why crypto-agility is becoming a major theme. Networks that can swap cryptographic tools without breaking user experience will have an advantage. Networks that wait until the threat is immediate may face rushed migrations, higher costs and user confusion.

What users, exchanges and developers can do now

For regular crypto users, the simplest Bitcoin habit is still important: avoid address reuse. Most modern wallets already create a fresh receiving address automatically. Users should also keep wallet software updated and follow official migration guidance from the networks they use.

For exchanges and custodians, the work is more urgent. They need to map where public keys are already exposed, reduce address reuse, test post-quantum signature schemes, update custody procedures, plan key rotation and review cold-storage systems. Glassnode’s data shows that a meaningful share of measurable Bitcoin exposure is tied to custody and wallet-management practices, which means some of the risk can be reduced before any protocol-wide upgrade arrives.

For blockchain developers, the goal is balance. Post-quantum systems must be secure, but they also need to be practical. A solution that makes transactions too large, too expensive or too difficult for wallets to support may not gain adoption. A transition that is technically sound but socially chaotic could also create problems for decentralized networks.

The bottom line

Quantum computing is not breaking crypto today. But it is no longer a distant science-fiction scenario. It has become a serious planning challenge for any blockchain that wants to secure value for decades.

Bitcoin faces a coordination problem because some exposed coins may be impossible to migrate voluntarily. Ethereum is building account-level and protocol-level pathways into its roadmap. Ripple is targeting XRP Ledger post-quantum readiness by 2028. NIST has already given the industry a set of standardized post-quantum tools.

Crypto’s next major security test may not come from an exchange hack, bridge exploit or smart contract bug. It may come from whether the industry can upgrade its cryptography before quantum computers make today’s assumptions obsolete.