This arXiv preprint (not yet peer-reviewed) offers new resource estimates for running Shor's algorithm against the 256-bit Elliptic Curve Discrete Logarithm Problem that underpins Bitcoin, Ethereum, and most cryptocurrencies. The authors calculate two optimized circuits: one requiring under 1,200 logical qubits and 90 million Toffoli gates, and another using 1,450 logical qubits but only 70 million Toffoli gates. On superconducting hardware with 10^-3 physical error rates and planar connectivity, these circuits could execute in minutes using fewer than 500,000 physical qubits.

The study is purely theoretical, relying on classical circuit optimization and resource counting rather than any physical quantum hardware. No sample sizes apply as this is not an experimental paper; limitations include optimistic assumptions about error-correction overhead, compiler efficiency, and the absence of real-world noise modeling beyond the stated error rate. The authors use a zero-knowledge proof to verify their calculations without revealing the precise attack circuit, an unusual but responsible disclosure choice.

What sets this work apart is its distinction between fast-clock architectures (superconducting and photonic) that could enable 'on-spend' attacks on unconfirmed mempool transactions and slower neutral-atom or ion-trap systems. This nuance was largely missed in earlier coverage that treated quantum threats as distant future events. The paper also flags under-discussed systemic risks: smart contracts that rely on ECDSA signatures, Proof-of-Stake finality mechanisms, Data Availability Sampling, and the massive pool of abandoned assets (estimated at 20% of all Bitcoin).

Synthesizing this with related research strengthens the warning. A 2017 analysis by Aggarwal et al. ('Quantum Attacks on Bitcoin', arXiv:1710.10377) first highlighted how quantum computers could derive private keys from public ones, while NIST's Post-Quantum Cryptography standardization project (now selecting algorithms like ML-KEM and ML-DSA) demonstrates that migration is technically feasible yet painfully slow in decentralized ecosystems. Earlier resource estimates by Roetteler et al. (2017) required millions of qubits; the new figures suggest the bar is lower than many anticipated.

The original paper underplays the coordination problem: blockchain upgrades require consensus, and many projects lack governance capacity for swift cryptographic changes. It also connects quantum risk to policy, proposing 'digital salvage' frameworks to recover or deliberately destroy dormant assets without enabling theft. This raises complex legal questions around property rights in a post-quantum world.

Patterns from past migrations, such as the slow adoption of TLS 1.3 or the SHA-1 to SHA-256 transition, show that decentralized systems move especially slowly. With IBM, Google, and IonQ publishing aggressive roadmaps toward error-corrected machines, the timeline for cryptographically relevant quantum computers may compress from decades to years. Cryptocurrency communities ignoring this risk are effectively gambling with users' funds.