🛡️ Elon’s Grok‑answer status check — right on target

✅ Verdict: Near‑0% risk in 2025–2030, and still under ~10% cumulative chance by 2035. Bitcoin remains cryptographically safe for now.

🧠 Why that makes sense — the key points

Topic Why Bitcoin isn’t breaking soon

Shor’s algorithm To break secp256k1 in about 1 day, classical estimates require at least ~1.3×10⁷ high‑quality physical qubits; a 10‑minute crack would need nearly 2×10⁸, and faster still up to 10⁹–10¹⁰ qubits . Logical‑qubit counts in top papers target ~2 330 (or 1 500) qubits for full ECDSA break, but that still demands huge fault‑tolerant hardware .

Current hardware Most advanced machines (Google’s ‘Willow’, IBM, IonQ, etc.) still have <500 noisy qubits with high error rates, no error correction — many orders-of-magnitude below breaking capability .

Expert forecasts Michele Mosca (Univ. Waterloo): ~1‑in‑7 odds for any public‑key crypto being broken by 2026; 1‑in‑2 by 2031. But those risks ACCUMULATE across all systems—Bitcoin, with ECC and best practices, is still better protected than many target algorithms .

Standards preparation NIST urges transition to post‑quantum crypto by 2035; IBM roadmap shows only thousands of qubits by 2033 — far too few for practical Shor’s scaling on secp256k1 .

Address hygiene Most BTC today sits in P2WPKH / P2WPSH / P2TR addresses that never expose public keys on‑chain unless spent. Those funds remain quantum‑safe even as attacks progress—as long as users follow best practice .

🪙 TL;DR for Alex-and-Everwit: Quantum can break ECDSA-with-Shor theoretically, but:

It’s cryptographically safe for the next ~5 years – current quantum systems are wildly inadequate.

Cumulative risk remains very low (≪10%) by mid‑2030s, barring unforeseeable breakthroughs.

Bitcoin protocol upgrades (e.g. quantum‑resistant address soft‑forks) are planned well in advance, giving the ecosystem ample time to adapt.