Jefferies Dumped Bitcoin Over Quantum Fear. Developers Just Shipped a Fix.

Last month, Jefferies' global equity strategist Christopher Wood did something unusual for a Wall Street analyst: he killed a winning trade. Bitcoin had returned 325% since his initial allocation in December 2020. Gold, over the same period, gained 145%. And yet Wood dumped the entire 10% Bitcoin position from his model portfolio, reallocating it to gold and gold-mining stocks.

His reason? Quantum computing.

"While GREED & fear does not believe that the quantum issue is about to hit the Bitcoin price dramatically in the near term," Wood wrote, "the store of value concept is clearly on less solid foundation from the standpoint of a long-term pension portfolio."

The move sent a tremor through institutional crypto. Here was a major Wall Street strategist, citing not regulation, not volatility, not correlation breakdown--but a threat most investors barely understand. The debate that followed split the industry. Galaxy Digital CEO Mike Novogratz dismissed quantum as "the big excuse for people" looking to sell, arguing that "Bitcoin will be able to handle it." Coinbase acknowledged it as "a real, long-term threat." The Ethereum Foundation created a dedicated Post-Quantum team.

And in February 2026, Bitcoin developers quietly shipped a response.

The Institutional Fear

To understand why Jefferies moved, you have to understand what quantum computing actually threatens.

Bitcoin's security rests on elliptic curve cryptography--specifically ECDSA, the Elliptic Curve Digital Signature Algorithm. The math is elegant: generating a public key from a private key is trivial, but reversing the process would take classical computers trillions of years. That asymmetry is Bitcoin's foundation. Every transaction, every wallet, every signature depends on it.

Quantum computers running Shor's algorithm could theoretically invert that equation. Not today. Not next year. But the Jefferies report cited studies suggesting 20-50% of all Bitcoin in circulation--roughly 4-10 million BTC, worth $275-690 billion at current prices--may be vulnerable. The exposure comes from address reuse, which reveals public keys on the blockchain. Once a public key is exposed, a sufficiently powerful quantum computer could derive the private key.

The most vulnerable addresses? P2PK (Pay-to-Public-Key) outputs, including Satoshi's original coins, and Taproot addresses, which expose a tweaked public key by design. Taproot isn't some legacy format--it's the foundation for Lightning Network scalability, BitVM smart contracts, and much of Bitcoin's technical roadmap.

Imagine an institutional custody solution holding $500 million in Taproot addresses. The moment it executes a transaction, its public key broadcasts to the network. A future quantum attacker monitoring the mempool could theoretically derive the private key before the transaction even confirms.

This is the scenario that spooked Christopher Wood. Not that quantum computers will break Bitcoin tomorrow, but that from a pension fund's perspective--a thirty-year time horizon--the "store of value" thesis requires cryptographic guarantees that extend decades, not years.

Bitcoin's Answer

BIP-360, formally merged into the Bitcoin Improvement Proposal repository in February 2026, offers a response to that institutional anxiety. The proposal, originally called P2QRH (Pay-to-Quantum-Resistant-Hash), has evolved into P2MR (Pay-to-Merkle-Root)--a mouthful that describes an elegant technical fix.

The core innovation removes Taproot's quantum-vulnerable keypath spend while preserving everything else.

Standard Taproot outputs commit to a tweaked public key, creating the attack vector that concerns institutions. P2MR circumvents this by committing strictly to the Merkle root of a Tapscript tree--no internal public key exposed. The result maintains 32-byte hash outputs for wallet compatibility, preserves all Tapscript smart contract functionality, and can be activated via soft fork without contentious consensus changes.

If community consensus builds and the soft fork activates, Bitcoin could have quantum-resistant address options within 12-18 months. That timeline matters. The NSA's CNSA 2.0 mandates quantum-safe cryptography for national security systems by 2030. NIST plans to disallow ECC in federal systems after 2035. Bitcoin's developers are moving faster than federal regulators.

The Authors

BIP-360 is co-authored by three developers with deep cryptographic expertise:

Hunter Beast, a Bitcoin developer and Senior Protocol Engineer at MARA (Marathon Digital Holdings), leads the effort. He's joined by Ethan Heilman, a cryptographic researcher and co-author of OP_CAT, and Isabel Foxen Duke, a Bitcoin communications consultant. Their approach embodies Bitcoin's ethos: conservative, security-first, minimal surface area changes.

The proposal isn't designed to be the final answer--it's explicitly a bridge. Future soft forks could integrate full post-quantum signature algorithms like ML-DSA (Dilithium) and SLH-DSA (SPHINCS+), which NIST has standardized for government use. But those signatures present a practical problem: SPHINCS+ signatures can exceed 40KB, impractical for Bitcoin's block space constraints today. P2MR buys time while the ecosystem figures out efficient integration.

The Debate

Mike Novogratz's dismissal of quantum concerns captures one side of the institutional divide. "As we get closer to quantum, we're gonna get closer to quantum resistant," he told investors during Galaxy's February earnings call. "And you will have the Bitcoin code changed in time."

He has a point. Google's Willow chip and Microsoft's Majorana 1 demonstrate quantum progress, but cryptographically relevant quantum computers (CRQCs) remain years--possibly decades--away. Most researchers place the timeline at 5-15 years for machines capable of breaking ECDSA, with considerable uncertainty on both ends.

But Christopher Wood's counterargument is equally valid for his audience: institutional allocators with multi-decade horizons. A pension fund can't afford to wait for certainty. The question isn't whether quantum will break Bitcoin's cryptography--it's whether the network will adapt before that happens. BIP-360 represents evidence that adaptation is underway.

The timing is strategic. Treasury Secretary Bessent is actively pushing crypto legislation to Congress "this spring." Part of the institutional case for Bitcoin rests on its long-term cryptographic security. BIP-360 strengthens that case by demonstrating that developers are proactively addressing risk rather than waiting for crisis.

What This Means

For retail holders, the immediate implications are limited. The quantum threat remains distant, and BIP-360 won't require action until it activates--if it activates.

For institutions, the calculus is different. The existence of BIP-360 provides a response to the Jefferies thesis: Bitcoin isn't ignoring the quantum threat. Developers are building the infrastructure for quantum resistance now, not waiting for cryptographically relevant machines to appear. Whether that's sufficient to bring Christopher Wood back to Bitcoin is another question.

The deeper significance is what BIP-360 signals about Bitcoin's capacity to evolve. A cryptocurrency that couldn't adapt to technological change would eventually fail. The soft fork mechanism--enabling upgrades without contentious hard forks--allows Bitcoin to absorb new cryptographic techniques as they mature. P2MR today. Full post-quantum signatures tomorrow. Whatever the next threat requires, the day after that.

The Stakes

Here's the uncomfortable truth that neither side of this debate fully acknowledges: we don't know when quantum computers will become cryptographically relevant. We don't know if the transition will be gradual or sudden. We don't know whether the first entity to achieve quantum supremacy over ECDSA will be a nation-state, a tech giant, or something else entirely.

What we do know is this: 6.7 million bitcoin--roughly $460 billion at current prices--sits in address formats that quantum computers could theoretically crack. That's not a rounding error. That's the GDP of Norway. And unlike fiat currency, which can be reprinted by central banks, stolen Bitcoin is gone forever. There's no FDIC for quantum theft.

Christopher Wood looked at those numbers and decided the risk wasn't worth it for a pension portfolio. Mike Novogratz looked at Bitcoin's track record of adaptation and decided the network will evolve in time. Both are making bets on institutional capacity--one on the capacity of Bitcoin's developer community to ship quantum-resistant code, the other on the capacity of quantum computing to outpace that development.

BIP-360 changes the terms of that bet. It's not a guarantee that Bitcoin will survive the quantum era--no one can offer that guarantee. But it's evidence that the network isn't waiting for crisis to act. The code is in the repository. The soft fork mechanism is ready. The bridge is under construction.

In the end, this may be the most important thing about BIP-360: it forces the conversation from if Bitcoin can adapt to how fast. That's a very different question. And for institutions weighing multi-decade allocations, it might be the only question that matters.

The quantum clock is still ticking. But for the first time, Bitcoin is building faster than it's counting down.

Sources

• BIP-360 Official Documentation -- Technical specification and press materials
• Jefferies GREED & fear Report -- Christopher Wood's Bitcoin exit announcement (January 2026)
• Galaxy Digital Earnings Call -- Mike Novogratz on quantum threat (February 2026)
• MARA BIP-360 Support -- Marathon Digital Holdings position
• Reuters on Crypto Legislation -- Treasury Secretary Bessent pushing for spring 2026
• Hunter Beast Profile -- BIP-360 lead author