When will your Bitcoin wallet be hackable?
A pessimistic forecast based on 2026 quantum breakthroughs. Forward-looking. Source-cited. Tweakable.
The acceleration is real.
Project Eleven's Q-Day Prize tracks the largest ECC key broken on real quantum hardware. The progression in 2025-2026 is what justifies our pessimistic curve.
First public ECC break on real quantum hardware.
512× the previous record. Won 1 BTC bounty.
Projected based on doubling cadence.
Cost to hack one wallet.
Drag the year. Watch the cost collapse. The curve is logarithmic — every horizontal step is a 100× drop.
The road from now to Q-Day.
Real milestones in teal · Projected milestones in gold dashed.
Steve Tippeconnic broke a 6-bit elliptic curve key on IBM's 133-qubit Heron processor.
Google whitepaper showed RSA-2048 breakable with ~1M physical qubits — 20× fewer than prior estimates.
Giancarlo Lelli wins 1 BTC bounty. 512× the previous record in 7 months.
Continued doubling cadence puts the next Q-Day Prize around 30 bits.
Architectural shift to neutral-atom qubits accelerates progress beyond superconducting.
Pessimistic forecast: a single Bitcoin wallet falls in a state-sponsored proof-of-concept.
Google's own stated deadline for general encryption breakability.
Cost-per-wallet drops below $25K — within reach of organised crime at scale.
Cost drops below $300. Bitcoin must hard-fork to PQ or face systemic loss.
Is your wallet exposed?
Bitcoin's vulnerability comes from public-key reuse. Any address that has ever sent a transaction has its public key permanently visible on-chain — and is therefore exposed to a future quantum attack.
Powered by the public Blockstream API. We do not store the address you enter. Approximately 6.9 million BTC currently sit in addresses with exposed public keys — roughly 33% of all circulating supply.
How we modelled this.
We chose pessimistic-but-defensible inputs throughout. Below is every assumption, with sources.
QuanChain neutralises this entirely.
Where Bitcoin and Ethereum exposed their public keys for a decade, QuanChain's TADEQS architecture means no public key ever protects value at rest.
Public keys revealed on first spend. 33% of supply directly attackable on Q-Day.
Every account has used its public key. PQ migration roadmap exists but is years away.
Parent identity uses ML-DSA-87 + SLH-DSA-SHA2-256f composite (FIPS 204/205). Child keys rotate every transaction. Public keys never protect value.
The hack is just the start. The sell-off is the real story.
A wallet getting cracked isn't a one-off event for the chain it's on — it's the start of a feedback loop. The hacked tokens get dumped on the market as forced sell pressure. The market then prices in the next upgrade window before it arrives: traders sell ahead of every migration because they've watched the previous cycles. The chain gets locked out of natural price discovery for as long as the migration tail exists.
For Bitcoin, that tail includes Satoshi-era addresses whose keys are lost — they can never be migrated. For Ethereum and other actively-migrating chains, the tail is the percentage of wallets that miss each upgrade window — historically around 20% of supply per cycle.
This is the deeper reason QuanChain exists. Not "safer than BTC" — that framing misses the point. The point is: a chain that adapts continuously has no upgrade windows, no vulnerable tail, and no recurring sell-off cycle pinning it out of natural price discovery.
- 1.Chain announces upgrade window
- 2.~20% of wallets miss it
- 3.Quantum-capable adversary cracks them
- 4.Stolen tokens dumped on market
- 5.Traders sell ahead of next window
- ↻Repeat every upgrade
Forecasts are not financial or security advice. The model is a tool for thinking about quantum risk; actual timelines depend on hardware breakthroughs, algorithmic discoveries, and economic incentives that cannot be predicted with certainty.