More than $3 trillion in digital assets could eventually become vulnerable to theft within the next four to seven years, according to a new report from Project Eleven.
Project Eleven focuses on post-quantum security and migration for digital assets and recently announced a collaboration with the Solana Foundation to prepare its network for the threat of quantum computing.
“The digital asset industry holds over $3 trillion in aggregate value, and virtually all of it is secured by the same class of cryptographic primitives: elliptic curve digital signatures,” which are vulnerable to quantum computing attacks, the report said.
But it’s not just crypto that’s at stake here. The report states that the same public key cryptography security used by bitcoin, ether and stablecoins also underpins banking systems, cloud infrastructure, authentication networks and military communications.
The 110-page report by Project Eleven, whose executive director Alex Pruden was on stage at Consensus Miami 2026also states that sufficiently powerful quantum computers could use Shor’s algorithm to derive private keys from public keys, allowing attackers to forge signatures and take control of wallets and digital accounts secured by the elliptic curve cryptography.
This means that blockchains, banking infrastructure, cloud systems, military communications and other digital identity systems are also vulnerable, not just bitcoin, ethereum, stablecoins and other blockchains, the report emphasizes.
Project Eleven says a “Q-Day” scenario, the arrival of a cryptographically relevant quantum computer cable to break widespread public-key cryptography, could be as early as 2030, 2033 at the latest.
“Our analysis suggests that, based on current trends, it is more likely that Q-Day will occur in 2033, and possibly even as soon as 2030,” the report reads. “The window for the world to migrate to post-quantum cryptography is narrowing.”
And here’s why it gets so complicated, the report explains: Large systems often take anywhere from five to more than 10 years to migrate, depending on how complex their networks are.
Another difficult challenge is how the transition actually takes place, as migrating all quantum vulnerable systems and blockchains to secure networks involves a process that requires a coordinated, simultaneous transition from all users, exchanges, custodians, wallet providers and miners.
Read more: To freeze or not to freeze: Satoshi and the $440 billion in bitcoin threatened by quantum computing
“The gap is not technical,” the report says. “The gap is purely coordination, urgency and willingness to accept the costs of migration.”
When it comes to Bitcoin, things get even more complicated because upgrades are historically slow and often become politically contentious.
βThe Bitcoin SegWit upgrade β a relatively modest change compared to the PQC migration β took over two years from proposal to activation (2015-2017) and triggered a contentious chain split,β the report recalled.
Read more: What the Fork? Why Bitcoin Tech Changes Impact Price
“The distributed nature of blockchain networks means that migrating to post-quantum cryptography could take the better part of a decade, longer than other centralized systems.”
Pruden, who co-authored the report with CTO Conor Deegan, warned that Bitcoin’s migration to post-quantum cryptography could prove even more difficult than Taproot because it would require coordinated action across users, exchanges, custodians and miners. He also said he was personally leaning toward “recycling” the 5.6 million to 6.9 million vulnerable BTC tokens, worth up to about $500 billion at current prices, back into bitcoin’s supply curve rather than allowing a quantum attacker to eventually sweep them.
The report by Pruden’s Project Eleven ultimately acknowledges that the issue creates tension between bitcoin’s fixed supply ethos and its commitment to property rights.
Read more: Bitcoin’s quantum debate splits as Adam Back pushes optional upgrades over forced freeze
