I'm a little more in my wheelhouse here -- without an algo change, Grover's algorithm would privilege quantum miners significantly, but not any more than the industry has seen in the last 13 years (C code on CPU -> GPU -> Large Geometry ASIC -> Small Geometry ASIC are similarly large shifts in economics for miners probably).

As to faking signatures and, e.g. stealing Satoshi's coins or just fucking up the network with fake transactions that verify, there is some concern and there are some attack vectors that work well if you have a large, fast quantum computer and want to ninja in. Essentially you need something that can crack a 256 bit ECDSA key before a block that includes a recently released public key can be inverted. That's definitely out of the reach of anyone right now, much less persistent threat actors, much less hacker hobbyists.

But it won't always be. The current state of the art plan would be to transition to a quantum-resistant UTXO format, and I would imagine, knowing how Bitcoin has managed itself so far, that will be a well-considered, very safe, multi-year process, and it will happen with plenty of time.

I think you’re going to need about 10,000,000 qbits to divert a transaction, but that’s still within foreseeable scale. I think it’s extreme likely that the foundation will have finished their quantum resistance planning before we get to 10MM coherent qbits, but still, it’s a potential scenario.

More likely that other critical infrastructure failures will happen within trad-finance, much larger vulnerability footprint, and being able to trivially reverse engineer every logged SSL session is likely to be a much more impactful turn of events. I’d venture that there are significant ear-on-the-wire efforts going on right now in anticipation of a reasonable bulk SSL de cloaking solution. Right now we think it doesn’t matter who can see our “secure” traffic. I think that is going to change, retroactively, in a big way.

> Yup, like Bitcoin going to zero.

If the encryption on Bitcoin is broken, say goodbye to the banking system.

Bitcoin will just fork to a quantum proof encryption scheme and there will be something called "bitcoin classic" that is the old protocol (which few would care about)

eh, they will add a quantum-resistant signature scheme (already a well-understood thing) then people can transfer their funds to the new addresses before it is viable to crack the existing addresses