Watch out, Bitcoin: truly powerful quantum computers may be much closer than the crypto industry has been assuming-and with them, a real threat to the cryptography that secures blockchains like Bitcoin and Ethereum.
New research from the California Institute of Technology suggests that a fault-tolerant quantum machine capable of executing Shor’s algorithm-the canonical method for breaking modern public-key cryptography-might require dramatically fewer qubits than earlier estimates. Instead of the millions of high-quality qubits often cited in projections, the study indicates that around 10,000 carefully controlled “atomic qubits” could be enough to put today’s cryptographic systems at risk.
The work was carried out in collaboration with Oratomic, a Pasadena-based quantum computing startup founded by Caltech researchers. Their team has developed a neutral-atom quantum architecture in which single atoms are trapped and manipulated using laser light, turning each atom into an individual qubit. Crucially, these atomic qubits are not static: they can be reconfigured, rearranged, and entangled in flexible patterns, giving the system an architectural advantage over many fixed-layout approaches.
This reconfigurability appears to be central to the leap in efficiency. According to the study, a neutral-atom device with roughly 10,000 qubits of sufficient quality could implement a full, fault-tolerant version of Shor’s algorithm at a scale large enough to attack real-world cryptographic schemes. That includes the elliptic-curve cryptography used by Bitcoin and many other blockchains to generate public and private key pairs.
Bitcoin, for example, relies on elliptic-curve digital signature algorithms (ECDSA) over a specific curve (secp256k1). The core security assumption is that, while it is easy to verify a signature using a public key, it is computationally infeasible for classical computers to reverse that process and derive the private key from the public one. Shor’s algorithm overturns this assumption: in principle, a sufficiently large and error-corrected quantum computer can efficiently compute discrete logarithms and factor large integers, tasks that underpin most of today’s public-key protocols.
If a fault-tolerant quantum computer with 10,000 high-fidelity atomic qubits became available, it could theoretically derive private keys from exposed public keys. In the Bitcoin ecosystem, that would mean that any wallet whose public key has been revealed on-chain-through spending, for instance-could be vulnerable. An attacker with quantum capability could calculate the corresponding private key and seize control of those funds.
Oratomic’s co-founder and CEO, Dolev Bluvstein, who also serves as a visiting associate in physics at Caltech, emphasized that rapid advances in quantum hardware and error correction are forcing a reassessment of long-term cryptographic assumptions. For years, the standard narrative in both industry and policy circles has been that practical, code-breaking quantum computers are decades away, largely because of the perceived need for millions of logical qubits and extensive error correction. The new results challenge that complacency by showing that, under realistic hardware designs, the qubit requirements might be one to two orders of magnitude lower for specific, targeted algorithms.
The distinction between “qubits” often mentioned in press releases and the kind of qubits needed for cryptanalysis is important. Many current quantum devices boast dozens or even hundreds of qubits, but they are noisy, short-lived, and not error-corrected. Shor’s algorithm at cryptographically relevant scales requires fault tolerance: logical qubits built on top of many physical qubits, controlled with extremely low error rates. The Caltech-Oratomic work is focused specifically on architectures that can support that demanding regime, not on lab demos or toy problems.
Neutral-atom systems offer several advantages that make them promising for such use cases. Individual atoms are nearly identical, which helps with uniformity. They can be arranged in two- or three-dimensional arrays using optical tweezers and reshaped on demand, enabling versatile connectivity between qubits. Laser-based control allows selective interactions and entangling gates over relatively long distances. Together, these features can reduce some of the overhead in building large-scale, error-corrected quantum circuits, translating into smaller qubit counts for a given task.
For cryptocurrencies, the most immediate concern is not necessarily a surprise, overnight break of the entire network, but a progressive widening of the “attack surface” as quantum capabilities grow. Bitcoin addresses that have never revealed their public keys are relatively safer under quantum attack models, because an attacker must first see the public key in order to run Shor’s algorithm against it. However, many long-lived wallets, institutional holdings, exchange addresses, and smart contracts routinely expose public keys on-chain. Those could be prime targets once quantum computers cross the threshold needed to run large-scale cryptanalytic routines.
Ethereum and other smart contract platforms have even more complex exposure. Beyond simple account keys, many layer-2 solutions, multisignature wallets, and DeFi protocols rely on elliptic-curve signatures and key exchanges that would be vulnerable in a post-quantum world. Legacy contracts that cannot easily be upgraded could become permanent weak points, holding assets that cannot be seamlessly migrated to quantum-safe schemes.
A further complication is the “harvest-now, decrypt-later” strategy that security experts have been warning about for years. Adversaries can passively collect encrypted traffic, public keys, and other cryptographic material today, then store it until quantum tools are powerful enough to crack it. While this is often discussed in the context of state surveillance and secure communications, the same logic can apply to blockchain data: historical transactions and exposed keys are permanently recorded and publicly accessible. Once quantum machines reach the necessary scale, there is no way to erase that history.
This is why many cryptographers argue the relevant timeline is not when quantum computers can immediately break Bitcoin, but when it becomes rational for sophisticated attackers to begin preparing for that future. The Caltech findings, by lowering the estimated resource threshold, effectively move that decision point closer. Organizations holding large crypto positions, custodians, and infrastructure providers may need to treat quantum migration as a medium-term strategic risk rather than a distant theoretical concern.
On the defensive side, post-quantum cryptography (PQC) is developing quickly. New classes of algorithms-such as lattice-based, hash-based, and code-based schemes-are being standardized to resist attacks from both classical and quantum computers. Many of these are believed to be secure against Shor’s algorithm and other known quantum techniques, though the field is still evolving. For blockchains, the challenge is not only choosing quantum-resistant primitives, but also integrating them into live networks without breaking compatibility or decentralization properties.
Transition strategies for Bitcoin and similar assets are particularly delicate. Updating the signature scheme typically requires consensus among miners, node operators, and users, often implemented via a soft or hard fork. Any migration path must also consider stranded funds: coins locked in addresses that cannot be upgraded because the owners have lost keys or are no longer active. These unmovable coins could become low-hanging fruit for quantum attackers once quantum computers mature, potentially damaging market confidence even if most active users have migrated to quantum-safe addresses.
One practical approach discussed in technical circles involves introducing new, quantum-resistant address types alongside existing ones, then creating economic incentives and protocol nudges for users to move their funds. Over time, the ecosystem would shift its weight toward PQC, while the old, quantum-vulnerable outputs gradually shrink in importance. However, this is not a trivial process; it demands coordinated development, security audits, and clear communication to avoid confusion or fragmented liquidity.
Another angle is regulatory and institutional response. Large financial institutions, ETFs, and custodians holding Bitcoin and Ethereum on behalf of clients will increasingly be asked how they plan to handle quantum risk. As research like Caltech’s narrows the gap between theory and plausible hardware, boards and risk committees may insist on explicit quantum-transition roadmaps. Failure to prepare could eventually be framed not just as a technical oversight, but as a breach of fiduciary duty for entities managing substantial digital asset portfolios.
It is also worth noting that quantum computing is not inherently hostile to cryptocurrencies. In theory, quantum technology could be used to design novel cryptographic primitives, enhance randomness generation, or enable new forms of secure multiparty computation that benefit decentralized finance and privacy-preserving applications. Yet in the near to medium term, the asymmetry is clear: the most imminent and impactful use case is likely to be breaking, not building.
For individual users and developers, the takeaway is nuanced. There is no indication that a 10,000-qubit, fault-tolerant quantum computer capable of running Shor’s algorithm at Bitcoin scale exists today. The Caltech-Oratomic research is about revising resource estimates and demonstrating a promising hardware platform, not announcing an operational cryptanalytic engine. Nonetheless, the direction of travel is unambiguous: the barriers are shrinking, not growing, and the time window to upgrade critical cryptographic infrastructure is finite.
In summary, the Caltech study places renewed urgency on a long-recognized but often deferred problem: the vulnerability of current blockchain cryptography to future quantum attacks. By showing that a neutral-atom quantum computer with on the order of 10,000 reconfigurable atomic qubits could, in principle, run Shor’s algorithm against elliptic-curve schemes like those protecting Bitcoin, the research compresses previous timelines and undermines the comforting assumption that “millions of qubits” are still a remote prospect. For Bitcoin, Ethereum, and the wider crypto ecosystem, the message is clear: quantum resistance is no longer a problem for the next generation to solve. It is a strategic priority that needs serious engineering, governance, and policy attention today.