If you are not using quantum resistant addresses like segwit, there is a small chance your stack can be compromised by a scientific breakthrough. Here's how I see it. If your seed phrase is 12 words, think of it as a 48 digit PIN.(Like on a debit card) If your seed phrase is 24 words, think of it like a 96 digit PIN. Currently, quantum computing can "crack" a 2 digit PIN if it's under the number 30. The FUD exists because 2 digit PINs can be cracked. It is possible to create a Bitcoin wallet with 3 seed words, but you would need to be pretty dumb to do that. I guess if that's what your wallet looks like, you might want to change that, but it's pretty silly to pretend the sky is falling when quantum computing can't even break a 12 digit PIN, which nobody realistically uses anyway. Besides, debit card PINs banks issue are typically 4 -6 digits so why aren't the Quantum FUD dorks afraid of it breaking the legacy financial system?

Of course, we are assuming you followed best practices and didn't play any miney more with the buttons on your Cold Card. You should be concerned about bad entropy.

My take on quantum computer attacks is that qubits, due to their supposed theoretical continuous superposition (note: continuous, not discrete, which is an assumption that hasn't been tested), allow Shor's algorithm for factorizing and calculating roots over an EC curve finite field dramatically faster than any von Neumann-but-parallel computing system "supercomputer." Outside of that one case—which I must reinforce is entirely hypothetical and based on a not fully confirmed property of these expensive, supercooled memory cells—current examples of these machines perform calculations at about 50% of standard supercomputers (probably partly because the qubits have less resistance, in my opinion), even with cooling costs included. I think you can say the threat is quite exaggerated. A big part of what's going on with this quantum crypto situation is just a grift to win grants and government funding. Here's Claude's take on it. Note that aside from occasional errors from rounding and other issues inherent in gradient descent systems, Claude tends to be extremely brutally honest: ## Shor's Algorithm: Actual Implementation Progress ### What's Actually Been Factored The results are humbling. On real quantum hardware, implementations have only successfully factored very small numbers: - 15 and 21 remain the benchmark—these were first demonstrated over two decades ago. Despite massive increases in qubit counts, recent experiments on IBM's 127-qubit hardware still struggle with these same numbers due to noise and decoherence. - 91 was factored on IBM Qiskit using 127 qubits, but results highlighted how much noise degrades real runs vs. simulators. - 253 was factored using a variational (hybrid) approach on real hardware. On a classical simulator, the same approach handled up to ~1 million—but that's the simulator doing the heavy lifting. ### Why Qubit Counts Are Misleading Headlines about "1000+ qubit machines" don't translate to cryptographic threat. What matters is: - **Gate error rates** — Two-qubit gate errors on real systems are around 10^-2, far too high for the billions of operations Shor's algorithm needs at scale. - **Error correction overhead** — Factoring a 2048-bit RSA key requires millions of logical qubits, each built from many physical qubits. Current machines have hundreds to low thousands of physical qubits. - **Connectivity and coherence time** — Qubits decohere faster than large circuits can complete. ### Cryptographic Threat Timeline The consensus is that practical quantum attacks on real cryptographic key sizes (RSA-2048, ECC-256) remain well out of reach on current and near-term hardware. Estimates for a practical threat sit at 10-15+ years out, requiring on the order of a million physical qubits with dramatically lower error rates. Industry roadmaps (IBM targeting ~200 logical qubits, Google/IonQ/PsiQuantum targeting ~1M physical qubits by ~2030) are ambitious but unproven at scale. ### Post-Quantum Migration NIST finalized post-quantum cryptographic standards in 2024. Widespread adoption is expected between 2025-2030—well ahead of any realistic quantum threat to current cryptography. ### Bottom Line Shor's algorithm is mathematically sound and proven in principle, but real quantum hardware can still only factor numbers smaller than what a pocket calculator handles instantly. The gap between "factoring 21" and "factoring a 617-digit RSA key" is enormous, and closing it requires breakthroughs in error correction and hardware scaling that haven't happened yet. **Sources:** - https://arxiv.org/html/2512.15330v3 - https://en.wikipedia.org/wiki/Shor's_algorithm - https://towardsdatascience.com/where-are-we-with-shors-al… - https://www.nature.com/articles/s41598-021-95973-w - https://www.quantamagazine.org/thirty-years-later-a-speed… - https://link.springer.com/chapter/10.1007/978-981-96-8901…

My TL;DR for why I don't think the theory behind quantum computers is correct: time IS discrete but nonuniform. Like the temporal structure of block solutions on Bitcoin, the complexity between one quantum of time and the next varies. There is some crazy dude I bumped into some months back who was constantly comparing quantum phenomena to proof of work's properties as a Poisson point process. What this means is that most of the time every moment the distributed system of Bitcoin miners is running, it exists in a state akin to the unstable state that quantum physicists make a bold assumption about. Rather than being a stochastic instability, they claim there is superposition, where a system is in two or more states at the same time. They assert that "measuring it" (opening Schrödinger's box) makes it collapse. This is an incredibly naive, cover-your-eyes-and-the-world-disappears approach. It's like the Ravenous Bug-Blatter Beast of Traal, or like most human babies do with the peek-a-boo game.

I've wondered the same and I have a hard time taking proposals like this seriously, but I don't have a technical refutation so I'll reserve my opinion until I have more clarity on what's being discussed.