A warning has emerged that digital assets worth more than $3 trillion, including bitcoin, could be exposed to theft risk within the next 4 to 7 years.

Coindesk reported on Friday that Project Eleven, which studies post-quantum security, said in a report that quantum computers powerful enough to neutralise widely used public-key cryptography could appear as early as 2030 and no later than 2033.

The report said most digital assets currently rely on elliptic-curve digital signatures and that this structure is vulnerable to quantum computer attacks. It said a sufficiently powerful quantum computer could use Shor's algorithm to derive private keys from public keys, forge signatures and seize control of wallets and digital accounts.

It said the impact would not be limited to cryptocurrencies. It said public-key cryptography used in bitcoin, ethereum and stablecoins is also applied to banking systems, cloud infrastructure, authentication networks and military communications, meaning not only blockchain networks but also financial infrastructure and digital identity systems more broadly could face the same risk.

Project Eleven said the obstacle to a shift to post-quantum cryptography was coordination rather than technology. It said large systems could take 5 to more than 10 years to transition depending on network complexity, and blockchains require users, exchanges, custody firms, wallet providers and miners to move at the same time.

It said bitcoin faces an even harder transition. The report said the SegWit upgrade took more than 2 years from its proposal in 2015 to activation in 2017, and even led to a contentious chain split. It said the decentralised nature of the network means a post-quantum cryptography transition could take longer than in centralised systems, effectively close to 10 years.

The 110-page report, written by Alex Pruden (알렉스 프루든) and Connor Deegan (코너 디건), said bitcoin's shift to post-quantum cryptography could be harder than Taproot. Pruden said he personally leans toward bringing vulnerable holdings of 5.6 million to 6.9 million BTC, worth up to about $500 billion at current prices, back within bitcoin's supply curve rather than leaving them for a quantum attacker to take. The report also said the issue highlights tension between bitcoin's fixed supply principle and the principle of protecting property rights.