Quantum computing headlines increasingly suggest bitcoin is on the verge of collapse, with claims that future machines could crack its cryptography in minutes or overwhelm the network entirely.

But academic research paints a more constrained picture. Some widely cited "breakthroughs" rely on simplified problems that don't reflect real-world cryptography. And quantum attacks on Bitcoin? The energy required is equivalent to a small star, according to research papers shared on X by Bitcoin hardware entrepreneur Rodolfo Novak.

Bitcoin's security rests on two different kinds of math, and quantum computers threaten them in two different ways.

One, known as Shor's algorithm, targets wallet security. In theory, it allows a sufficiently powerful quantum computer to derive a private key from a public key. That would let an attacker take control of funds outright, breaking the ownership guarantees that underpin bitcoin.

The other, known as Grover's algorithm, applies to mining. It offers a theoretical speedup on the trial-and-error search miners perform — but as one of the papers below shows, that advantage largely evaporates once you try to build the machine.

The two threats often get blurred in headlines. But they land very differently once you account for real-world constraints.

Two recent papers highlighted in a thread on X — one a sober engineering analysis, the other a deadpan satire — make that case from opposite directions. Together, they suggest, along with a thread that summarizes the contrarian research and viewpoints, the current panic on crypto Twitter is conflating a genuine long-term concern with a news cycle built on theater.

Mining runs into a wall made of physics

The first paper, from Pierre-Luc Dallaire-Demers and the BTQ Technologies team, published in March 2026, asks whether a quantum computer could actually out-mine BTC using Grover's algorithm, a quantum technique that could let a computer guess its way through a problem much faster than any normal machine — in bitcoin's case, speeding up the trial-and-error search process miners use to find valid blocks.

The stakes are higher than they sound. Mining is what protects BTC from a 51% attack, the scenario in which a single actor controls enough hash power to rewrite recent transaction history, double-spend coins, or censor the network. If a quantum miner could dominate block production, consensus itself would be in play, not just individual wallets.

In theory, Grover offers a path to that dominance. In practice, the researchers argue, the answer collapses once you price out the hardware and its energy requirements. Running Grover against SHA-256 — the math formula bitcoin miners race to solve to add new blocks to the blockchain and earn rewards — would be physically impossible.

Running the algorithm against bitcoin would require quantum hardware on a scale no one knows how to build.

Every step of the search involves hundreds of thousands of delicate operations, each requiring its own dedicated support system of thousands of qubits just to keep errors in check. And because bitcoin produces a new block every ten minutes, any attacker would have only a narrow window to finish the job, forcing them to run enormous numbers of these machines side by side.

At Bitcoin's January 2025 difficulty, the authors estimate a quantum mining fleet would need roughly 10²³ qubits drawing 10²⁵ watts — approaching the energy output of a star. The entire current Bitcoin blockchain, by comparison, draws about 15 gigawatts.

A quantum 51% attack isn't just expensive. It's physically unreachable at any scale a real civilization could power.

The quantum factoring records are mostly theater

The second paper, from Peter Gutmann of the University of Auckland and Stephan Neuhaus of Zürcher Hochschule in Switzerland, takes aim at a different part of the narrative: the steady drumbeat of headlines claiming quantum computers are already starting to break encryption.

The authors set out to replicate every major quantum factoring "breakthrough" of the past two decades. They succeed — using a 1981 VIC-20 home computer, an abacus, and a dog named Scribble, trained to bark three times.

The joke lands because the underlying point is serious. Factoring is the math problem at the heart of most modern encryption: take a very large number and find the two prime numbers that multiply together to make it.

For a number with hundreds of digits, that is believed to be effectively impossible on any normal computer. Shor's algorithm, the quantum technique behind the bitcoin wallet threat, is the reason people worry that quantum machines could eventually do it.

But according to Gutmann and Neuhaus, nearly every demonstration so far has cheated. In some cases, researchers picked numbers whose hidden prime factors were only a few digits apart, making them easy to guess with a basic calculator trick.

In others, they ran the hard part of the problem on a regular computer first — a step called preprocessing — and then handed a stripped-down, trivially easy version to the quantum machine to "solve." The quantum computer gets credit for the breakthrough, but the real work was done elsewhere.

The authors focus on one recent paper that claimed a Chinese team had used a D-Wave machine to make progress toward breaking RSA-2048, the encryption standard that protects most of the internet's banking, email, and e-commerce traffic.

The researchers had published ten example numbers as proof. Gutmann and Neuhaus ran those numbers through a VIC-20 emulator and recovered the answers in about 16 seconds each. The primes had been chosen to sit just a few digits apart, making them easy to find with an algorithm the mathematician John von Neumann adapted from an abacus technique in 1945.

Why does this keep happening? The authors suggest a simple answer: quantum factoring is a high-profile field with limited real results, and the incentive to publish something impressive-sounding is strong.

Picking rigged numbers or doing most of the work classically lets researchers claim a new "record" without actually advancing the underlying science. The paper proposes new evaluation standards that would require random numbers, no preprocessing, and factors kept secret from the experimenters. No demonstration to date would pass.

The takeaway is not that quantum computing is harmless. It is not that every "breakthrough" headline represents real progress toward breaking modern encryption, and traders should be skeptical when the next one arrives.

What still deserves concern

Neither paper dismisses the quantum threat entirely.

The real vulnerability is bitcoin wallets, not mining. Millions of bitcoin sit in older or reused addresses where key information is already exposed on the blockchain, making them the most likely long-term target if quantum machines improve.

Since these papers were published, what’s changed is not the threat, but the estimates. A recent paper from researchers at Google suggests the computing power needed for such an attack could fall sharply, with the encryption that secures the Bitcoin blockchain vulnerable in an attack that takes minutes.

That does not mean the attack is close. The authors disclose in the paper that building such a machine is currently physically impossible and requires engineering advances that haven't been done yet: from the lasers that control the qubits, to the speed at which they can be read, to the ability to keep tens of thousands of atoms running in concert without losing them.

There are also signs the public view may be incomplete. Some recent research has withheld key technical details, and experts have warned that progress in this field may not always be shared openly.

Still, developers are already working on fixes, including ways to reduce key exposure and new types of signatures designed to withstand quantum attacks.

Markets reflect the view that this threat is still one stuck in the classroom. Traders see little chance that bitcoin will replace its mining algorithm before 2027, but assign much higher odds, around 40%, to upgrades like BIP-360 aimed at reducing wallet risk.

The quantum threat to Bitcoin is real, but it's important to remember that building the machines used to attack blockchain is constrained by the limits of physics.