Crypto : Quantum risk is real, but not all wallets are threatened

Quantum risk does indeed exist in crypto. But it does not affect all wallets in the same way. This is the central point of Galaxy Digital’s new observation: the real fault line does not run between Bitcoin and the rest, but between funds whose public key is already exposed on-chain and those still hidden behind a hashed address.

The real danger does not concern all crypto wallets

The heart of the problem is simple. A quantum computer powerful enough could, in theory, find a private key from a public key and sign a fraudulent crypto transaction. Put another way, it could steal funds without knowing the seed phrase. However, Galaxy recalls that this scenario does not uniformly affect all wallets today.

Why? Because many users confuse address and public key. On Bitcoin, a large part of the funds remains protected as long as the public key has not been revealed during a spend. It is this nuance that changes everything. It reduces the immediate exposure of part of the network.

On the other hand, some bitcoins are already more fragile. This mainly concerns old address formats, reused addresses, as well as some deposits managed by exchanges or custodians who prioritized operational simplicity at the expense of cryptographic hygiene.

Bitcoin is not out of danger, but it has a structural advantage

This is where the debate becomes more subtle. Bitcoin is not “quantum proof.” But its UTXO model gives it a small safety cushion that account-based blockchains do not always have. On Bitcoin, the public key is often visible only at the moment funds are spent. On networks like Ethereum or Solana, the public key is generally exposed at the account level.

This difference does not eliminate the risk. It shifts it. In an extreme scenario, a quantum attacker could target coins whose public key has been visible for a long time. For others, they would need to act very quickly during the confirmation window of a transaction still in the mempool.

Galaxy also cites an estimate from Project Eleven according to which about 7 million BTC could fall into a category called “long exposure,” that is, coins whose public key is already exposed on-chain. This number is impressive. But it does not mean that a raid is possible today with known public quantum capabilities.

The crypto market is not stagnant; developers are already working

The idea that Bitcoin developers ignore the subject no longer really holds. Galaxy says on the contrary that the pace of proposals has accelerated since late 2025. The topic is no longer marginal. It has become a concrete, technical, and increasingly visible project.

The BIP 360 proposal is the most cited example. It introduces Pay-to-Merkle-Root, or P2MR, a new type of output designed to remove the “key path spend” from Taproot, which precisely constitutes a vulnerability surface against a future quantum attacker. The idea is not magical, but it shows that the ecosystem is already trying to reduce exposure even before the arrival of a real machine capable of breaking these signatures.

This movement extends beyond Bitcoin alone. In August 2024, the NIST finalized its first three post-quantum cryptography standards and has continued to advance standardization in 2025. In short, global cybersecurity is already preparing for this transition. So crypto does not live in a separate bubble.

The biggest challenge may not be technical

The real headache could come from governance. Bitcoin has neither CEO, nor board of directors, nor red button capable of imposing an emergency update. Even when a technical consensus emerges, its adoption at network scale takes time. And time is precisely the most vague variable in the whole quantum case.

Galaxy points out that estimates on the arrival of a truly dangerous quantum computer range from a few years to several decades, with no solid consensus. This uncertainty fuels two opposing errors. The first is to deny the risk. The second is to announce the apocalypse for tomorrow morning. Neither stance really helps investors.

The right reading is cooler. Quantum risk is real, but it does not justify blind panic over all crypto wallets. What it does require, however, is better technical discipline: avoiding address reuse, understanding where the public key is exposed, and following post-quantum solutions closely. In this case, inaction is more dangerous than lucidity.