Crypto exec says moving Bitcoin to post‑quantum security could take years — why investors should care

Quick summary: a long migration matters to markets and BTC holders

A crypto executive told Cointelegraph this week that shifting Bitcoin to post‑quantum cryptography could “easily” take five to ten years. That sounds distant, but for investors it is a live risk that shapes custody, liquidity and market psychology today.

Put simply: current Bitcoin keys and addresses use cryptography that, in theory, could be broken by tomorrow’s quantum computers. Actual, practical quantum attacks are still speculative. But the work to change Bitcoin’s cryptography is real and hard. The timeline matters because it determines how long large pools of bitcoins—on exchanges, in custody services, and in long‑held cold wallets—remain potentially exposed.

Investors should treat the report as a risk management signal, not a panic trigger. The main question is not whether quantum computing will arrive, but how long it will take and how smoothly the Bitcoin community can move billions of dollars of funds to new cryptographic systems without breaking the network.

What post‑quantum means for Bitcoin: keys, signatures and the practical hurdles

At a basic level, Bitcoin relies on a kind of math that today’s computers find impossible to reverse. That math underpins private keys, which sign transactions, and public addresses, which receive funds. Quantum computers promise to solve some of those math problems much faster than classical machines.

Post‑quantum cryptography (PQC) means using algorithms believed to be safe against quantum attacks. The most visible change for Bitcoin would be replacing or augmenting current signature schemes with PQC signatures. Practically, that means:

• New address and key formats. Wallets would need to generate and store different private keys and present new public addresses. Old addresses would continue to exist on the blockchain but would be considered weaker.
• Signature scheme upgrades. Transactions today include short, efficient signatures. Many PQC alternatives create larger signatures and require more bandwidth and storage. That affects block space and fee dynamics.
• Migration of existing coins. Any Bitcoin still protected only by legacy keys would ideally be moved to PQC‑protected addresses to reduce exposure. That is a logistical problem at scale: billions of dollars of BTC are spread across exchanges, custodians, multisig setups, hardware wallets and paper wallets.

Technically, the migration isn’t a single flip of a switch. It’s a long project involving standards, wallet upgrades, testing, and adoption. That’s why experts point to multi‑year timelines: you need to standardize the algorithms, test implementations, update software across the whole ecosystem, and then actually move funds.

Why Bitcoin’s decentralization slows a protocol‑wide migration

The heart of the problem is coordination. Bitcoin is deliberately decentralized; no central authority can force everyone to upgrade. Protocol changes follow an informal multi‑step path: proposals, developer discussion, client updates, miner and node adoption, and—if needed—consensus rules changes that can split the chain.

Past changes give a guide. Segregated Witness (SegWit) and Taproot were multi‑year efforts from proposal to wide deployment. Both required client updates, wallet provider work, and time for users to move funds into upgraded address types. The Taproot upgrade, for example, was safe but still needed testing and adoption time because it changed how keys and scripts worked.

That history shows two key points. First, upgrades that are backwards compatible (soft forks) are easier to adopt, but they often don’t resolve the problem of legacy keys sitting on old addresses. Second, hard forks or more fundamental changes that would force a switch are politically fraught and risk chain splits—an outcome the community tries hard to avoid.

Then there is the collective‑action problem Lopp described. Every holder has an incentive to wait: if others migrate first, you can follow without bearing early costs. But if everyone waits, migration stalls and systemic exposure persists. For custodians who manage many users’ funds, acting early carries legal and operational costs; acting late carries theft risk.

Investor risk scenarios and possible market reactions

There are a few plausible scenarios investors should watch, from least to most disruptive:

• Slow, orderly migration. Standards emerge, major custodians and exchanges update keys and move funds over several years. Market impact is muted; the main cost is development and operational work, paid by service providers.
• News shocks and volatility. A credible demonstration of a quantum attack, or a high‑profile delay from a major custodian, could trigger short‑term volatility as traders price increased risk and holders rush to migrate funds.
• Coordination failure and selective exposure. If parts of the ecosystem lag—say, a big exchange keeps legacy keys—those balances become targets. That could cause localized runs, sudden withdrawals, and liquidity squeezes that ripple through markets.

Who gains and who loses? Providers that move early and can advertise PQC protection — custodians, wallet makers, and security firms — stand to gain market share and potentially charge premiums. Services that delay or resist the change risk reputational damage and, in the worst case, asset loss. Traders may find opportunities in volatility around major upgrade milestones, but that comes with operational and counterparty risk.

Concrete steps for investors and custodians — what to watch next

Institutions and serious holders should treat this like a long‑lead operational risk. Practical, immediate actions include:

• Inventory key exposure. Know where your private keys are, what type they are, who controls them and whether they are used in hot or cold storage.
• Engage custodians. Ask providers about PQC roadmaps, audit trails for migrations, and insurance coverage for cryptographic failures.
• Plan staged migrations. Prioritize high‑value and high‑risk balances for early migration. Test new key types in non‑production wallets before large moves.
• Use layered defenses. Multi‑signature setups, threshold schemes, and geographic key separation remain important, and they can be adapted to include PQC components over time.

Signals to monitor: formal standardization from bodies that evaluate PQC algorithms, Bitcoin Improvement Proposals focused on PQC, major wallet and custodian announcements, and credible reports of quantum hardware capabilities. Any clear timeline from large custodians or exchanges will be a market catalyst.

Bottom line: moving Bitcoin to post‑quantum security is not a binary ‘if’ but a long, multi‑year process that creates both operational costs and market risks. Investors should treat it like an evolving infrastructure risk — plan, prioritize, and watch for real‑world adoption signals rather than headlines alone.

Sources

• cointelegraph.com
• cointelegraph.com
• cointelegraph.com