Report: Quantum ‘Q-Day’ Could Break Bitcoin, Ethereum by 2030

Project Eleven warns a “cryptographically relevant quantum computer” capable of breaking the elliptic-curve digital signatures used by Bitcoin and Ethereum could appear as early as 2030, exposing millions of addresses and more than $700 billion in digital assets. The report calls that moment “Q-Day.”

The report estimates such a machine is more likely than not to exist by 2033 and possibly by 2030. It cites a March research paper that calculated breaking the elliptic-curve scheme used by Bitcoin could require roughly 1,200 logical qubits and under 90 minutes of superconducting-hardware run time.

Project Eleven estimates about 6.9 million Bitcoin-roughly one-third of the total supply-are held in addresses whose public keys have been revealed on-chain and are therefore exposed. On Ethereum, analysts classify more than 65% of all ETH as stored in quantum-exposed addresses. The report gives an aggregate figure for vulnerable assets of about $711 billion.

Blockchains are vulnerable because public ledgers are permanent and there is no mechanism to reverse forged transactions. If an attacker recovers a private key and moves funds, those transfers cannot be undone. The report notes recent demonstrations of simplified quantum attacks; the group awarded a 1 Bitcoin “Q-Day Prize” to Italian researcher Giancarlo Lelli after he used a publicly available quantum device to crack a 15-bit elliptic-curve key with a variant of Shor’s algorithm.

The report details technical and governance hurdles to upgrading signatures on major blockchains. It notes that Bitcoin’s SegWit upgrade took more than two years from proposal to activation and provoked contentious debate, and that Ethereum’s switch to proof-of-stake required about six years of development. Even under optimistic assumptions, migrating all Bitcoin unspent transaction outputs would take about 76 days if 100% of block space were devoted to the effort; routine transactions would extend that timeline.

Project Eleven recommends immediate steps: inventories of wallet and contract cryptography, deployment of post-quantum key exchange in off-chain infrastructure, and the start of governance and protocol design work needed for on-chain signature upgrades. The report reads, “Migration to quantum-resistant cryptography is no longer optional but imperative for any blockchain system expected to be trusted and secure into the future.” The report notes broader internet adoption of post-quantum measures: more than half of human web traffic was post-quantum encrypted by December 2025, OpenSSH now defaults to post-quantum key exchange, Apple added hybrid post-quantum support in iOS 26, and the U.S. National Security Agency has set a 2030–2033 target for government migration.

The authors warn that by the time the quantum threat feels urgent there may be insufficient time for a coordinated global migration. The report concludes, “The internet has already moved.” Background: Shor’s algorithm, first described in 1994, can recover private keys far faster on a quantum computer than on classical machines; recent hardware advances have lowered the resource estimates needed to run the algorithm at scales relevant to real-world blockchains.