The problem is that the owner needs to claim their wallet and migrate it to the new encryption. Just freezing the state at a specific moment doesn't help; to claim the wallet in the new system I just need the private key for the old wallet (as that's the sole way to prove ownership). In our hypothetical post-quantum scenario, anyone with a quantum computer can get the private key and migrate the wallet, becoming the de-facto new owner.

I think this is all overhyped though. It seems likely we will have plenty of warning to migrate prior to achieving big enough quantum computers to steal wallets. Per wikipedia:

> The latest quantum resource estimates for breaking a curve with a 256-bit modulus (128-bit security level) are 2330 qubits and 126 billion Toffoli gates.

IIRC this is speculated to be the reason ECDSA was selected for Bitcoin in the first place.

Note, the 126 billion Toffoli gates are operations, so that's more about how many operations you need to be able to reliably apply without error.

It should be noted that according to IonQ's roadmap, they're targeting 2030 for computers capable of that. That's only about 5 years sooner than when the government has said everyone has to move to post quantum.

Yes obviously that has to happen before authentication doesnt work anymore. And then it also needs to end before, because yeah obviously everybody who can crack it has access to all wallets.