Is Crypto Safe From Quantum Computing?Read more
Jul 17, 2026

Is Crypto Safe From Quantum Computing?

If we’re talking about whether crypto is safe today, then the answer is yes. Yet, the answer is a resounding no when it comes to safety by design. Those are two different answers, and everything serious about this question lives in the space between them. No quantum computer can touch your coins at this very moment. The machine that could hasn't been built. What has been built is the certainty that the signatures guarding nearly every chain are breakable in principle, plus a migration race to replace them that most chains are losing. Here's what each layer of "safe" means.

Safe today, and that part is real

Let’s start with the reassuring half. No publicly known quantum computer on Earth is currently anywhere near the scale needed to break secp256k1.

In March 2026, Google Quantum AI published a resource estimate that placed the cost of breaking the curve below 500,000 physical qubits, about a 20x drop from the prior best. The same downward trend shows up in related research. Iceberg Quantum estimated that RSA-2048, a different target that secures the classical web rather than crypto wallets, could be broken with under 100,000 physical qubits, another order-of-magnitude cut.

These results moved the goalposts closer, but they're still pretty far away. Today's best chips run a few thousand physical qubits, and their error rates are far too high for a sustained attack.

All that is to say that nobody is draining wallets with a quantum computer right now. The date people argue over is Q-Day, when a machine can break ECDSA in practice. Nobody can pin it down. Major forecasts range from an aggressive 2028 to a more mainstream 2035, and they keep sliding toward the present.

That “safe today” comes with a catch, though. A public key sitting exposed on-chain now can be copied and stored, then cracked once a capable machine exists. In other words, the exposure it already on-chain, even though no one can act on it yet.

Not safe by design, and that won't fix itself

Now the uncomfortable half. The weakness is baked into the cryptography the entire system runs on, and no patch reaches it.

Nearly every major chain proves ownership with elliptic-curve signatures. Bitcoin and Ethereum use ECDSA over secp256k1, with Taproot adding Schnorr. Cardano and Solana use Ed25519. Shor's algorithm recovers a private key from any of them once the hardware exists. The hashing and mining that secure block history hold up fine, because Grover's algorithm only cuts SHA-256 to about 128-bit security. We break that split apart in The Quantum Threat to Crypto.

quantum-two-layer-diagram.png

What a quantum computer breaks, and what it doesn't.

What makes "not safe by design" stick is simple: you can't quietly hotfix a signature scheme that an entire ledger's history depends on. The fix replaces the foundation on live chains, without losing anyone's money. Hence, the answer rests on migration, with the math already solved.

What "quantum safe" would take

"Quantum safe" gets thrown around like a checkbox, except it isn't one.

For the funds you hold, qLABS uses a two-part test. A post-quantum signature scheme has to be live in production, and holders have to have moved their funds onto it. Every exposed public key left behind on the old scheme is still a target when Q-Day happens. Full chain-level readiness is a bigger job still, since validators, bridges, and admin keys often rely on the same vulnerable cryptography.

Measured against that bar, none of the top 20 chains is quantum safe today. Some have shipped nothing at all. Others have a roadmap but no deployment, and none has done both. When you read that a token is "quantum resistant," check which of the two it has done, because most claims describe intent the chain hasn’t shipped yet.

So which crypto is closest to safe?

Closest is not the same as safe, and the distance is wide. Our L1 Quantum Vulnerability Index (qLVI, April 2026) scores the ten largest chains from 0 (safe) to 10 (maximum exposure), blending signature exposure, market value, chain age, and migration process. Every chain on the list sits above the midpoint, so none of them is close to safe.

qlvi-score-by-chain.png

Quantum Vulnerability Score by chain. Source: qLABS

Cardano lands lowest at 5.60. The qLVI rewards its migration progress and smaller footprint, but the cryptography underneath is still Ed25519, which Shor's algorithm breaks like any other elliptic-curve scheme. Its post-quantum work is at the roadmap stage for 2026.

Ethereum scores 6.80. XRP is at 6.30, and Ripple is targeting XRPL quantum readiness by 2028, one of the few concrete dates on the board. Bitcoin tops the table at 8.33 with draft proposals like BIP-360 on the table but no consensus-approved migration path. In a separate review of the top 20 Layer 1 networks, qLABS put the group at about $2.25 trillion, none of it behind post-quantum signatures on mainnet, and Bitcoin holds the largest single share.

A quick disclosure, since we build in this space. The qLVI is qLABS's own index, and we also make post-quantum products like qVAULT, so we have a stake here. Its scoring weights and definition of readiness are qLABS’s methodology rather than an industry standard. The full write-up and conflict-of-interest statement are in the qLVI, and anyone can reproduce the score.

quantum-vulnerable-capital-tiers.png

Quantum-vulnerable capital across the top 20 Layer 1s. Source: qLABS

How to make your own crypto safer today

Waiting on your chain’s roadmap can be a difficult task, especially if there isn’t such a roadmap at all. Either way, you can be safer than the chain where your assets exist.

For starters, on Bitcoin and other chains that hide the public key behind a hash, stop reusing addresses and keep long-term holdings in ones that have never sent a transaction. As long as an address stays unspent, its key stays hidden, so an attacker has nothing to aim at yet. This helps less on account-based chains like Solana, where the address is the public key, and on Ethereum once an account has sent anything, so it reduces exposure without removing it.

You can also add a post-quantum lock at the application level. qVAULT, a qLABS product, is a non-custodial smart-contract vault that requires a second signature, based on Falcon (FN-DSA, the scheme NIST selected for the forthcoming FIPS 206), on top of your normal wallet. By qLABS design, a broken ECDSA key alone can’t move the funds. 

It’s audited by Fairyproof and currently covers qONE and HYPE on HyperEVM, with Ethereum and stablecoins planned. It adds a withdrawal condition at the contract level, and that’s the trade-off. It doesn’t make the underlying chain quantum safe, and a smart-contract vault carries its own contract and implementation risks. Of course, none of this is financial advice.

The short version

Is crypto safe from quantum computing? For today, yes, because the machine that can break ECDSA doesn't exist yet and Q-Day estimates run 2028 to 2035. By design, no, because the signatures on which nearly every blockchain relies fall before Shor's algorithm, and swapping them on live chains is slow. 

Not one of the top 20 chains clears the quantum-safe bar. Cardano comes closest at a still-failing 5.60, and Bitcoin sits worst at 8.33. Check where your chain ranks on the qLVI and stop reusing addresses. Add a post-quantum layer if you want protection before the base chain catches up.

FAQ

Is crypto safe from quantum computing today?

Today, yes. No quantum computer exists that can break the ECDSA signatures securing crypto wallets, and the arrival date is highly uncertain. Credible forecasts place it between 2028 and 2035. The problem is that public keys exposed on-chain now can be recorded today and cracked once the hardware arrives.

Is any cryptocurrency quantum safe right now?

No. Even Cardano, with the lowest score on the qLVI at 5.60, still signs with Ed25519, which Shor's algorithm breaks. No chain in the top 20 has both shipped a post-quantum signature scheme in production and migrated its funds onto it, so none has cleared the bar.

How long until crypto is at risk?

Nobody can name a firm date. Q-Day estimates run from an aggressive 2028 to a more mainstream 2035, and they've been moving closer as quantum hardware improves. The exposure starts earlier than the attack, though, because keys harvested today can be cracked later.

What would make a coin quantum safe?

Two things at once. A post-quantum signature scheme, such as one of the NIST-standardized schemes, has to be live in production, and holders have to move their funds onto it. Leftover keys on the old elliptic-curve scheme stay vulnerable until they're moved.

Should I sell my crypto because of quantum computing?

That's your call, and this isn't financial advice. Nothing can break your wallet to steal your crypto today. Where the chain allows it, you can cut exposure without selling by avoiding address reuse so your public key stays hidden, and a post-quantum vault layer can add protection for the assets it supports.

qLABS Editorial. Sources are linked inline. See the L1 Quantum Vulnerability Index for our full methodology and conflict-of-interest disclosure.