BlockBeats News, May 28, Scroll co-founder Sandy Peng pointed out in an article that the quantum computing threat to Bitcoin is fundamentally not a physical challenge, but a governance coordination challenge. According to a whitepaper released by Google Quantum AI in March of this year, using the optimized Shor algorithm to break the Bitcoin secp256k1 elliptic curve would only require about 1200 logical qubits, nearly 20 times lower than the estimate five years ago. IonQ's official roadmap plans to reach 1600 logical qubits by 2028, while IBM expects to launch a 2000 logical qubit Blue Jay system by 2033. This indicates that the threat timeline has been roughly outlined — "around a decade, or possibly even shorter."

The attack will be carried out in waves, with the most vulnerable being the early P2PK format addresses, whose public keys have been permanently exposed on the chain, including over a million bitcoins mined by Satoshi Nakamoto in the early days that cannot be moved to protect due to the lack of private key holders. In addition, a "gather first, decrypt later" attack may already be quietly underway, with intelligence agencies not needing to wait for quantum computers to emerge but simply storing encrypted data for future decryption. Once quantum computers mature, unconfirmed transactions in the mempool will also face real-time double-spend attacks within the ten-minute confirmation window. Although post-quantum cryptography standards were published by NIST in 2024, the migration cost is high — some studies have shown that network throughput could decrease by 52%-57%, while costs could rise 2-3 times, and storage requirements would greatly expand. This is a "defensive downgrade": the cost is immediate, the benefits are abstract and far in the future, making it extremely challenging for the Bitcoin community, which has been debating the SegWit upgrade for nearly two years, to reach a consensus.

In contrast, Vitalik has already released the Ethereum Quantum Emergency Response Plan, allowing individual accounts to autonomously switch to quantum-resistant signatures without the need for a full network vote. Sandy Peng warns that Bitcoin will not go to zero, but the survival path is narrower than optimists think, and the quantum threat window almost overlaps with the 10-15 years needed for the Bitcoin community to form a consensus. Early Bitcoin holders are advised to check their address formats and migrate promptly, while institutional investors should incorporate the "post-quantum migration roadmap" into their due diligence framework.