The problem most people are still underestimating

For most of Bitcoin’s history, security has been treated as a solved problem.

The assumption has been simple: the cryptography works, the network is robust, and any meaningful threat sits far enough in the future to be dealt with later.

That assumption is now being challenged.

Not because Bitcoin is broken, but because the timeline around one specific threat, quantum computing, is beginning to shift.

What Google’s latest estimates actually say

Recent work highlighted by PostQuantum, based on updated resource estimates from Google Quantum AI, points to something important.

Breaking Bitcoin’s elliptic curve cryptography may not require the scale once assumed.

Instead of millions of qubits and distant timelines, the latest modelling suggests:

• Fewer than 500,000 physical qubits could be sufficient to attack ECDLP-256 (the cryptography used in Bitcoin wallets)

• In more optimized scenarios, as few as ~1,200 logical qubits may be required

• Once a public key is exposed, an attack could theoretically be executed in ~9 minutes

• Under ideal conditions, there is a modeled ~41% probability of successfully attacking an in-flight Bitcoin transaction before finalisation

These are not production-ready capabilities.

But they are not abstract either.

They represent a meaningful compression of the assumptions the industry has been relying on.

At the same time, Google has publicly pointed to 2029 as its internal planning horizon for post-quantum cryptography.

That matters because it signals intent.

Large-scale technology players are no longer treating this as a distant possibility. They are planning around it.

How the attack actually works (and why wallets matter)

To understand the risk, it helps to break down where the vulnerability sits.

Bitcoin does not expose your public key by default. It exposes a hash of your public key.

However, when you spend funds, your public key is revealed as part of the transaction.

That creates a window.

In a classical system, that window is not a problem.

In a quantum scenario, it could be.

If a sufficiently capable quantum system can derive the private key from the exposed public key quickly enough, it can attempt to redirect the transaction before it is confirmed.

That is where the “~9-minute window” becomes relevant.

And this is why the conversation is shifting toward the wallet layer.

Because:

• Wallets generate and manage keys

• Wallets determine how and when keys are exposed

• Wallets define how users interact with security

Which means the point of risk is no longer just the protocol.

It is the interface between the user and the system.

The structural exposure already in the system

This is not only about future transactions.

There is also existing exposure.

It is estimated that approximately 2.3 million BTC sits in categories where:

• Public keys are already exposed

• Assets have remained dormant

• Migration or key rotation may not be possible

In these cases, the risk is not about timing a transaction.

It is about eventual access.

That turns quantum from a theoretical threat into a structural one.

Why protocol-level fixes are not enough (on their own)

A natural response is to assume that Bitcoin can simply upgrade its cryptography.

In practice, this is more complex.

Protocol-level changes require:

• Broad consensus

• Careful implementation

• Long migration periods

Even if quantum-resistant standards are adopted, moving the entire ecosystem - wallets, users, infrastructure - takes time.

Which creates a gap:

👉 The threat timeline may be compressing

👉 But the response timeline is inherently slow

This is where the wallet layer becomes critical.

Because it is one of the few places where changes can be made:

• Immediately

• At the user level

• Without waiting for full protocol transition

What “fixing it at the wallet level” actually means

Fixing the quantum issue at the wallet level does not mean solving quantum computing.

It means reducing exposure before the system fully transitions.

In practice, that can include:

• Using cryptographic schemes designed to resist quantum attacks (post-quantum cryptography)

• Changing how keys are generated and stored

• Minimising unnecessary public key exposure

• Introducing additional layers of entropy and randomness

This is not a complete solution.

But it is a practical one.

And it can be implemented now.

From theory to implementation

This is the focus of the session being presented at Bitcoin 2026.

James Stephens, CBE CCFI, Founder & CEO of Krown Technologies Inc., will present:

Fixing the Quantum Issue on a Wallet Level

The aim is not to speculate on distant timelines.

It is to address a more immediate question:

👉 What can be done, today, at the point where users actually interact with the system?

This reflects work already underway.

Krown Technologies, in collaboration with Quantum eMotion, has developed Qastle Wallet, integrating post-quantum cryptography and quantum-generated entropy into a live product.

That matters because it brings three things together:

• A clearly defined risk

• A technical approach to mitigating it

• A real-world implementation

Why this matters now

This is not a binary moment.

Bitcoin is not suddenly vulnerable, and quantum capability has not suddenly arrived.

What has changed is the shape of the timeline.

And when timelines move, decisions move with them.

As digital assets become more deeply embedded in financial infrastructure, the tolerance for long-term uncertainty reduces.

Security assumptions that once felt stable begin to be re-evaluated.

And the cost of waiting increases.

Final thought

As James Stephens has said:

“The issue is not whether quantum risk exists. The issue is whether the industry moves before the timelines compress further.”

That is the real question.

Not whether the system works today.

But whether it is being prepared for what comes next.

Learn more

https://www.qastlewallet.com