Overview
- Bitcoin does not store encrypted data on‑chain, and the realistic quantum risk is private‑key recovery from exposed public keys that enables forged signatures.
- Project Eleven’s “Bitcoin Risq List” tracks exposure at the script and reuse level and currently flags roughly 6.7 million BTC, updated via automated weekly scans.
- Taproot (P2TR) places tweaked public keys directly in outputs, changing default visibility if key recovery becomes practical, while address reuse keeps funds persistently exposed once a key appears on‑chain.
- Breaking 256‑bit ECC is estimated to require about 2,330 logical qubits with physical qubit counts in the millions, and IBM describes a possible fault‑tolerant path around 2029, leaving timelines uncertain.
- Migration discussions focus on post‑quantum spend paths such as BIP‑360 and NIST‑standard options, with larger signatures affecting fees and UX as developers push wallet hygiene and some investors warn of near‑term risk.