<p>Bitcoin uses two cryptographic primitives: an elliptic-curve public-key signature for signing transactions, and SHA-256 for mining blocks and proof of work.</p>
<p>The public key signatures (ECSDA) could be broken by a quantum computer. Some level of protection is possible, because Bitcoin addresses are not "bare" public keys; they are hashes of public keys. &nbsp;But once a transaction is signed, the public key is visible and a sufficiently large quantum computer could recover the private key. &nbsp;This private key could be used to withdraw any remaining funds in the account. &nbsp;(Some Bitcoin experts recommend only using any given account once, for this reason and others.)</p>
<p>So, quantum computing would definitely endanger the ability for Bitcoin users to have control over their own accounts. &nbsp;(See the discussion here: https://en.bitcoin.it/wiki/Quantum_computing_and_Bitcoin)</p>
<p>The proof-of-work scheme is not so vulnerable. No quantum algorithm is known that breaks cryptographic hashes to the same degree. The best is Grover's algorithm which reduces a black box search, like a proof-of-work problem, from N queries to sqrt(N) queries. &nbsp;If only one person had a quantum computer, this would be a substantial advantage, and that person could probably use it for double-spending attacks. &nbsp;(Spend on block X, wait several blocks for confirmation, then use your advantage to go back to block X-1 and create a fork that is longer than the one where you spent your bitcoin. &nbsp;Then the new chain would be accepted by the other nodes.) &nbsp;However, if quantum computers are widely available, then the difficulty level of proof-of-work would increase, making this attack no longer feasible.</p>