It’s a threat to both, ecdsa will probably be cracked first

You have to attack the signatures to attack Bitcoin transfers, so yes. Determining the private key that generated a public key is the holy grail of cryptography.

No one gets anything out of reversing a sha256 hash. Passwords have their own hashing schemes that would also be a target.