BlackRock published a report titled 'Quantum Computing and Blockchains' warning that future quantum computing breakthroughs could threaten the cryptography securing Bitcoin and Ethereum. The report was authored by Will Su, Head of Digital Assets Research at BlackRock, Inish Crisson, Senior Software Engineer at Aladdin Digital Assets Lab, and Robert Mitchnick, BlackRock's Head of Digital Assets. The firm states that blockchains do not face an immediate crisis, but the industry needs to begin post-quantum migration before 'Q-Day' becomes a live security event. The report frames quantum computing as both a cybersecurity risk and a test of blockchain governance, particularly for networks relying on elliptic curve cryptography for transaction signatures.
Bitcoin and Ethereum Face Elliptic Curve Cryptography Vulnerability
BlackRock states that no functional Cryptographically Relevant Quantum Computer, or CRQC, exists today. The report notes that Google has moved its post-quantum migration deadline to 2029, while IBM is targeting large-scale fault-tolerant quantum computing between 2029 and 2033.
The report identifies digital signatures that prove control over coins as the main attack surface, not Bitcoin's proof-of-work engine. BlackRock says Bitcoin's SHA-256 hash function is "largely considered quantum-resistant," with Grover's algorithm offering only a quadratic speedup that could be absorbed by Bitcoin's difficulty adjustment.
Bitcoin and Ethereum currently rely on elliptic curve cryptography for key ownership and transaction authorization. Classical computers would need millions to billions of years to break 256-bit ECC, according to the report. A sufficiently powerful quantum computer using Shor's Algorithm could change that equation by turning private-key recovery into a more tractable mathematical problem.
"The foundations of modern-day cryptography become challenged in the quantum world," BlackRock wrote. "This is not because quantum computers run faster. Rather, QCs are particularly efficient at teasing out hidden patterns in large datasets by leveraging unique properties of quantum physics and employing quantum algorithms to solve classically infeasible problems like ECDLPs in as little as days to minutes."
Bitcoin Holds 7 Million BTC in Quantum-Vulnerable Addresses
BlackRock argues that the technical scope of a post-quantum upgrade for Bitcoin is narrower than for many other systems because the core task is replacing a digital-signature algorithm. The harder problem is social coordination across a decentralized network that deliberately avoids rapid or centralized change.
The report says nearly 7 million BTC, or roughly 35% of circulating supply, may be vulnerable to long-range quantum attacks because public keys have already been exposed. That figure includes 1.9 million BTC in address types that expose unhashed public keys and another 5 million BTC in reused addresses that have revealed public keys in previous transactions while still holding UTXOs.
BlackRock also highlights the unresolved debate around inactive or lost coins. It cites Chainalysis estimates that 2.3 million to 3.7 million BTC, or 11% to 19% of circulating supply, may be permanently lost. That includes roughly 1.1 million BTC in P2PK addresses widely believed to belong to Satoshi Nakamoto.
"In our view, PQ migration for cryptocurrencies is eminently addressable from a technical standpoint, and the key challenge is one of timely coordination and implementation," the report said. "The end-to-end process to build consensus around PQC protocols and timing, implement upgrades on the blockchain, and perform orderly migrations across the ecosystem will likely be a multi-year endeavor."
Ethereum Plans Seven Network Updates Between 2026 and 2029
BlackRock says Ethereum has a more clearly defined migration path, guided by the Ethereum Foundation, but faces greater technical complexity due to its proof-of-stake architecture, smart-contract environment, data layer and application-layer zero-knowledge systems.
The report cites four Ethereum vulnerability areas identified by Vitalik Buterin in early 2026: BLS signatures in the consensus layer, KZG proofs in the data layer, externally owned account signatures, and zero-knowledge proofs in the application layer.
BlackRock points to Ethereum's "L1 Strawmap," a draft sequence of seven network updates and hard forks between 2026 and 2029, five of which directly address quantum vulnerabilities. These include native account abstraction, post-quantum signature precompiles, post-quantum validator keys, hash-based consensus signatures and a longer-term shift from KZG commitments toward STARK-based verification.
BlackRock Calls Quantum Risk Manageable With Timely Upgrades
BlackRock's conclusion is measured. The report does not present quantum computing as an imminent existential threat to Bitcoin or Ethereum. It argues instead that quantum risk is one of the few remaining "walls of worry" for digital assets, and that successful post-quantum migrations could strengthen the sector over time.
"Global cybersecurity infrastructure stands at an important inflection point as quantum computing advances," the authors wrote. "Digital assets including Bitcoin and Ethereum are technically positioned for migration; a harder problem is coordinating timelines and rolling out upgrades across decentralized networks in an orderly manner. That said, it is a much less daunting task to upgrade current cryptographic systems, including Bitcoin, Ethereum, and others, to a quantum-secure standard than it is to build a CRQC from where quantum computing progress stands today."
At press time, BTC traded at $62,629.
FAQ
What did BlackRock warn about Bitcoin and Ethereum?
BlackRock published a report warning that future quantum computing breakthroughs could threaten the cryptography securing Bitcoin and Ethereum. The report was authored by Will Su, Inish Crisson, and Robert Mitchnick, and states that the industry needs to begin post-quantum migration before "Q-Day" becomes a live security event.
How much Bitcoin is vulnerable to quantum attacks according to BlackRock?
BlackRock's report says nearly 7 million BTC, or roughly 35% of circulating supply, may be vulnerable to long-range quantum attacks because public keys have already been exposed. This includes 1.9 million BTC in address types that expose unhashed public keys and another 5 million BTC in reused addresses.
What is Ethereum's post-quantum migration timeline?
BlackRock points to Ethereum's "L1 Strawmap," a draft sequence of seven network updates and hard forks between 2026 and 2029, five of which directly address quantum vulnerabilities. The report cites four vulnerability areas identified by Vitalik Buterin in early 2026: BLS signatures, KZG proofs, externally owned account signatures, and zero-knowledge proofs.
