Quantum computing headlines increasingly suggest that bitcoin is on the brink of collapse, with claims that future machines could crack its cryptography in minutes or overwhelm the network entirely.
But academic research paints a more limited picture. Some widely cited “breakthroughs” rely on simplified problems that do not reflect real-world cryptography. And quantum attacks on Bitcoin? The energy required is equivalent to a small star, according to research papers shared on X by Bitcoin hardware entrepreneur Rodolfo Novak.
Bitcoin’s security rests on two different kinds of mathematics, and quantum computers threaten them in two different ways.
One, known as Shor’s algorithm, is aimed at wallet security. In theory, it allows a sufficiently powerful quantum computer to derive a private key from a public key. That would let an attacker take control of funds directly and break the guarantees of ownership that underpin bitcoin.
The second, known as Grover’s algorithm, applies to mining. It theoretically speeds up the trial-and-error searches that miners perform – but as one of the articles below shows, this benefit pretty much disappears when you try to build the machine.
The two threats are often blurred in headlines. But they land very differently when you factor in real-world constraints.
Two recent articles highlighted in a thread on X—one a sober engineering analysis, the other a deadpan satire—make this case from opposite directions. Together, they suggest, along with a thread summarizing the conflicting research and views, that the current panic on crypto-Twitter is mixing a genuine long-term concern with a news cycle built on theater.
Mining runs into a wall made of physics
The first paper, from Pierre-Luc Dallaire-Demers and the BTQ Technologies team, published in March 2026, asks whether a quantum computer could actually beat BTC using Grover’s algorithm, a quantum technique that could let a computer guess its way through a problem much faster than any normal machine—in bitcoin’s case, making it faster to find blocks to the trial process.
The stakes are higher than they sound. Mining is what protects BTC from a 51% attack, the scenario where a single actor controls enough hash power to rewrite recent transaction history, duplicate coins, or censor the network. If a quantum miner could dominate block production, consensus itself would be at play, not just individual wallets.
In theory, Grover offers a path to that dominance. In practice, the researchers argue, the answer comes down to pricing the hardware and its energy needs. Running Grover against SHA-256 — the mathematical formula bitcoin miners race to solve in order to add new blocks to the blockchain and earn rewards — would be physically impossible.
Running the algorithm against bitcoin would require quantum hardware on a scale that no one knows how to build.
Each step of the search involves hundreds of thousands of delicate operations, each requiring its own dedicated support system of thousands of qubits just to keep errors at bay. And because bitcoin produces a new block every ten minutes, any attacker would only have a narrow window to finish the job, forcing them to run huge numbers of these machines side by side.
At Bitcoin’s January 2025 difficulty, the authors estimate that a quantum mining fleet will need about 10²³ qubits drawing 10²⁵ watts – approaching the energy output of a star (for reference, this is still 3% of Earth’s Sun). The entire current Bitcoin blockchain, by comparison, draws about 15 gigawatts.
A 51% quantum attack isn’t just expensive. It is physically unattainable on any scale that a real civilization can power.
The quantum factoring records are mostly theater
The second paper, from Peter Gutmann of the University of Auckland and Stephan Neuhaus of the Zürcher Hochschule in Switzerland, takes aim at another part of the narrative: the constant drumbeat of headlines claiming that quantum computers are already starting to break encryption.
The authors set out to replicate every major “breakthrough” of quantum factors in the past two decades. They succeed – using a 1981 VIC-20 home computer, an abacus and a dog named Scribble, trained to bark three times.
The joke lands because the underlying point is serious. Factoring is the mathematical problem at the heart of most modern cryptography: take a very large number and find the two primes that are multiplied together to make it.
For a number with hundreds of digits, it is believed to be virtually impossible on any normal computer. Shor’s algorithm, the quantum technique behind the bitcoin wallet threat, is why people worry that quantum machines could eventually do it.
But according to Gutmann and Neuhaus, almost all demonstrations so far have cheated. In some cases, researchers chose numbers whose hidden prime factors were only a few digits apart, making them easy to guess with a basic arithmetic trick.
In others, they first ran the hard part of the problem on a regular computer — a step called preprocessing — and then handed a stripped-down, trivially easy version for the quantum machine to “solve.” The quantum computer gets credit for the breakthrough, but the real work was done elsewhere.
The authors focus on a recent paper that claimed a Chinese team had used a D-Wave machine to make progress toward breaking RSA-2048, the encryption standard that protects most of the Internet’s banking, email and e-commerce traffic.
The researchers had published ten sample numbers as evidence. Gutmann and Neuhaus ran these numbers through a VIC-20 emulator and recovered the answers in about 16 seconds each. The primes had been chosen to sit just a few digits apart, making them easy to find with an algorithm that mathematician John von Neumann adapted from an abacus technique in 1945.
Why does this keep happening? The authors suggest a simple answer: quantum factoring is a high-profile field with limited real-world results, and the incentive to publish something that sounds impressive is strong.
Picking bogus numbers or doing most of the work the classical way lets scientists claim a new “record” without actually advancing the underlying science. The paper proposes new evaluation standards that would require random numbers, no preprocessing, and factors kept secret from the experimenters. No demonstration to date would pass.
The takeaway is not that quantum computers are harmless. It’s not like every “breakthrough” headline represents real progress toward breaking modern encryption, and traders should be skeptical when the next one arrives.
What still deserves concern
Neither paper completely dismisses the quantum threat.
The real vulnerability is bitcoin wallets, not mining. Millions of bitcoins sit in legacy or recycled addresses where key information is already exposed on the blockchain, making them the most likely long-term target if quantum machines improve.
Since these papers were published, what has changed is not the threat, but the estimates. A recent paper by researchers at Google suggests that the computing power needed for such an attack could drop sharply, with the encryption that leaves the Bitcoin blockchain vulnerable to an attack that takes minutes.
This does not mean that the attack is close. The authors reveal in the paper that building such a machine is currently physically impossible and requires technical advances that have not yet been made: from lasers that control qubits, to the speed at which they can be read, to the ability to keep tens of thousands of atoms running together without losing them.
There are also indications that the public may be incomplete. Some recent research has withheld important technical details, and experts have warned that progress in this area may not always be shared openly.
Still, developers are already working on fixes, including ways to reduce key exposure and new types of signatures designed to resist quantum attacks.
Markets reflect the view that this threat is still one that is stuck in the classroom. Traders see little chance that bitcoin will replace its mining algorithm before 2027, but assign much higher odds, around 40%, to upgrades like BIP-360 aimed at reducing wallet risk.
The quantum threat to Bitcoin is real, but it is important to remember that the build of the machines used to attack the blockchain is limited by the limits of physics.
