Hopium goes both directions, though. What's missing is an honest assessment and acknowledgement of the engineering practicalities involved in scaling the current state of the art. These will likely get solved, "eventually", as you say, but 1 yr. vs. 10 yrs. vs. 100 yrs. makes a qualitative difference in what current course of action is motivated.
Discussion
indeed
Just for lay of the land, we are at 96 logical qubits now, with error correction working, and we need around 2,000 logical qubits to crack a wallet key.
The main issue, though, is that unexpected breakthroughs are by nature *unexpected*. That includes breakthroughs in hardware, as well as breakthroughs in pure math, which people often forget about. (The most dangerous breakthroughs for bitcoin are actually mathematical, the space of quantum algorithms and classical assistance for quantum algorithms is woefully under-explored.)
So as long as unexpected breakthroughs are a thing, there is no honest assessment of the number of years that would carry weight. All we can say is that the cracking of bitcoin wallet keys in the near term would require a major breakthrough but is certainly within the realm of possibility.
The problem is, does *anyone* have any clue, at all.
I keep pattern matching to nuclear fusion in the 80s, which would mean the current panic is ridiculous. But that assessment itself could be ridiculous; I don't know.
I am suspicious generally of advances in fundamental physics, that field went from breakneck speed in say the 1920s to an enormously expensive waste of time by around 2000. Arguable, of course, but still.
All good points.
As someone else wrote, the biggest risk is a mathematical breakthrough. Since these are inherently unpredictable there is no way to hedge against something that might happen tomorrow or might happen never, other than to just give up.
On the other hand, it is the engineering difficulties in the practical implementations of these designs much more so than quantum error correction scaling that provides more fundamental limits on system size.
Issues such as thermal cooling, control circuitry and cabling, manufacturing yield, environmental shielding, and supply chains for components all present massive challenges to creating a hundreds of thousands of qubits system needed to produce error corrected logical qubits of the size necessary to put ECC at risk.
Surmounting these requires solving not just physics or math issues, but coordinating and tooling an industrial, financial, and political capacity I am deeply skeptical is actually achievable.
I maintain that the primary motivation to look at post-quantum cryptography now is to mitigate the "harvest and decrypt later" situation perhaps more important in communication systems like Nostr than in Bitcoin.
