
In March 2026, Google published research that shifted the security calculus for crypto: breaking the Elliptic Curve Digital Signature Algorithm (ECDSA) used by Bitcoin requires approximately 1,200 logical qubits, not the 4,000 previously estimated. Approximately 6.9 million BTC (32% of the total circulating supply) are stored in wallets whose public keys have already been exposed on the blockchain, precisely at the point of vulnerability that a quantum computer could exploit. Most crypto networks have no solution deployed on mainnet, but several projects have been building post-quantum cryptography (PQC) from the ground up. This article covers the projects considered to have already achieved quantum-resistant technology.
On March 31, 2026, Ryan Babbush and Hartmut Neven of Google Quantum AI published a whitepaper with updated estimates of the quantum resources required to break Bitcoin’s elliptic curve cryptography. The two circuit configurations they compiled could break ECDSA: one using fewer than 1,200 logical qubits (90 million Toffoli gates) and another using fewer than 1,450 logical qubits (70 million Toffoli gates), both requiring fewer than 500,000 physical qubits and completing the attack in minutes, approximately 20 times more efficient than previous estimates.
Google published a zero-knowledge proof allowing anyone to verify the claims without receiving the circuit details that could be misused. Google targets a full migration to post-quantum cryptography by 2029, collaborating with Coinbase, Stanford Institute for Blockchain Research, and the Ethereum Foundation to accelerate the transition.
The primary recommendation emphasized in Google’s paper is to avoid reusing wallet addresses whose public keys have previously been exposed on the blockchain.
Most blockchain networks use ECDSA to authenticate transactions. ECDSA relies on a mathematical problem that is computationally hard for classical computers: factoring elliptic curves. Quantum computers use Shor’s algorithm to solve this problem drastically faster, making it possible to derive a private key from an already-exposed public key.
What makes this threat impossible to ignore is the “harvest now, decrypt later” model: on-chain transaction data can be collected today and decrypted once a sufficiently powerful quantum machine becomes available.
The most powerful quantum machines today operate at around 100 logical qubits, far below the threshold needed to attack current systems.
In quantum-based attacks, the threat targets the signature system (ECDSA) rather than the mining process. Grover’s algorithm, used to attack SHA-256 (the basis of Bitcoin mining), provides only a quadratic speedup rather than an exponential one, so it does not abruptly compromise the mining process.
On April 24, 2026, researcher Giancarlo Lelli broke a 15-bit ECC key using public quantum hardware, winning 1 BTC from Project Eleven’s Q-Day Prize. The previous record was just 6 bits, representing a 512x improvement in seven months. Bitcoin remains far from direct threat (256-bit keys), but this pace is narrowing the migration window.
National Institute of Standards and Technology (NIST), the U.S. government body that sets global technology standards, published four official PQC algorithms in August 2024:
These four algorithms serve as the primary benchmark the crypto community uses to evaluate the credibility of any project’s quantum-resistance claims.
Bitcoin and Ethereum are not quantum-resistant today, but both are actively working on migration pathways to anticipate the advancement of quantum computing.
Bitcoin Improvement Proposal (BIP) 360, known as Pay-to-Merkle-Root (P2MR), conceals the public key inside a Merkle tree and reveals it only when a transaction is executed. This makes quantum attacks significantly harder, as they require the public key as an entry point. As of June 2026, BIP-360 is running on testnet with participation from more than 50 miners and has surpassed 100,000 blocks in testing.
Vitalik Buterin published Ethereum’s post-quantum roadmap in February 2026. Four areas require migration:
EIP-8141 has been proposed for the Hegotá hard fork targeted for the second half of 2026. More than 10 Ethereum client teams are already running weekly devnets for PQC, with full completion targeted around 2029 per pq.ethereum.org.
The following are crypto projects that have implemented or are actively developing PQC.

Algorand is an L1 blockchain using a Pure Proof-of-Stake mechanism, created by Silvio Micali, MIT professor and Turing Award recipient.
Algorand executed the first post-quantum transaction on mainnet using Falcon-1024, a NIST-approved lattice-based signature. It was integrated as a native opcode (falcon_verify) in AVM v12 without a hard fork, with Falcon-based state proofs already securing the chain every 256 blocks.
Strengths:
Weaknesses:
Read also: What is Algorand (ALGO)?

Hedera is a hashgraph-based network (a Directed Acyclic Graph/DAG structure), governed by the Hedera Governing Council, whose members include Google, IBM, and Boeing.
Hedera uses SHA-384 as its primary hash function, delivering a 192-bit security level even against quantum attacks, because Grover’s algorithm provides only a quadratic speedup. In December 2024, Hedera partnered with SEALSQ to develop the QS7001 quantum-resistant semiconductor chip, designed to secure IoT devices on the Hedera network.
Strengths:
Weaknesses:

Starknet is a ZK-rollup Layer 2 built on Ethereum, developed by StarkWare, using STARK proofs (Scalable Transparent Argument of Knowledge) to cryptographically validate transactions.
STARK proofs are based on hash functions rather than elliptic curves, making them unexposed to Shor’s algorithm. Starknet is migrating from the Pedersen hash to the more quantum-resistant Poseidon. Native account abstraction makes every wallet a smart contract, so protocol upgrades are automatically inherited by all wallets.
Strengths:
Weaknesses:

Succinct is a zero-knowledge infrastructure project developing SP1, a zkVM (zero-knowledge virtual machine) that generates ZK proofs for programs compiled to the RISC-V architecture. Unlike ALGO, HBAR, or STRK, Succinct operates as a decentralized proving infrastructure layer within the Ethereum ecosystem.
SP1 uses a hash-based proof system rather than elliptic curves, meaning its proving layer is not vulnerable to Shor’s algorithm. SP1 Hypercube proves Ethereum blocks in an average of 10.3 seconds, with 93% of blocks completed in real-time using 200 GPUs. Succinct is also integrated with Ethereum L2 networks such as Base as of May 2026.
Strengths:
Weaknesses:
Read also: What is Succinct (PROVE)?
The quantum computing threat is real, but there is no certainty about when a sufficiently powerful machine will be available. Researcher estimates range from 5 to 15 years. Existing quantum-resistant projects are still in early stages and have yet to be concretely proven against real quantum attacks.
Key factors to keep in mind:
While quantum computers cannot yet break Bitcoin or Ethereum, recent research shows that the threshold is lower than previously assumed, and most crypto networks have no production-ready solution on mainnet. Bitcoin is working on BIP-360, Ethereum is preparing the Hegotá hard fork, Algorand has implemented NIST standards on mainnet, and Succinct provides a hash-based proving infrastructure already in use across multiple networks. Understanding the quantum computing threat to crypto will become increasingly relevant in the coming years, as quantum computing continues to advance.
Disclaimer: All information presented in this article is compiled for educational and general informational purposes. This content is not intended as investment advice, a recommendation, or a solicitation to buy or sell any specific crypto asset, nor as a basis for any financial decision. Every investment decision is solely the responsibility of the reader, taking into account their own financial condition, investment objectives, and risk tolerance.
What is a quantum computer and why is it dangerous for crypto?
A quantum computer is a machine that uses the principles of quantum mechanics to process information far faster than conventional computers for certain types of problems. The danger to crypto comes from an algorithm called Shor’s algorithm, which can break ECDSA, the signature system used by Bitcoin and Ethereum, potentially enabling the theft of assets from wallets whose public keys have already been exposed.
Can Bitcoin be hacked by a quantum computer right now?
Not yet. The most powerful quantum machines today operate at around 100 logical qubits, while breaking Bitcoin’s ECDSA requires approximately 1,200 logical qubits. This threat could become real within the next several years if quantum computing development continues at its current pace.
What is post-quantum cryptography?
Post-quantum cryptography (PQC) is cryptography designed to withstand attacks from quantum computers. NIST established four official standards in 2024: Dilithium, Falcon-1024, SPHINCS+, and XMSS. These algorithms use mathematics based on lattice problems or hash functions, which cannot be significantly accelerated by quantum computers.
Is it safe to invest in quantum-resistant crypto projects?
Algorand has a technically verified mainnet implementation meeting NIST standards. Hedera and Starknet are still in the process of a full migration to PQC. Succinct (PROVE) provides a hash-based proving infrastructure already used by Base and Ethereum. All four are available on Pintu. Volatility risk remains higher than Bitcoin or Ethereum, so conduct your own research before investing.
After learning about quantum-resistant crypto assets, you can start investing in ALGO, HBAR, STRK, PROVE, and other assets directly through Pintu. You can also trade Futures directly on Pintu Pro Web!
Download the Pintu app on the Play Store and App Store! Your security is guaranteed as Pintu is regulated and supervised by Bappebti and Kominfo.
Share
Table of contents
See Assets in This Article
ALGO Price (24 Hours)
Market Capitalization
-
Global Volume (24 Hours)
-
Circulating Supply
-