Bitcoin’s main long-term quantum risk lies in ECDSA signatures: a sufficiently powerful quantum computer using Shor’s algorithm could derive private keys from exposed public keys and enable unauthorized spending. In contrast, SHA-256 hashing remains comparatively resilient—Grover’s algorithm only reduces its effective security to ~128 bits, which is still far beyond practical attack capabilities for the foreseeable future.