The attacker could work out the private key from the public key of any Bitcoin address whose public key has been revealed on the chain. Think about that. (Again this is nothing to do with SHA256). Dormant whale wallets, especially from early years, all immediately drained. Following that (and assuming this all happens before any post-quantum resistance has had the chance to propagate) the % of total Bitcoin supply that would be drained by the attackers would likely be around 30%. (The attack team can drain the exposed wallets before the community can even migrate a small fraction, this is all very well prepared. The theft of this pool is almost guaranteed once a capable quantum computer is revealed.) You now have some random team, in some lab somewhere in Asia, in control of 30% of the supply of Bitcoin. Exchanges, wallets, and institutions would likely halt all Bitcoin transactions and withdrawals to assess the damage and prevent further theft, effectively paralysing the network. Short-range attacks (funds being moved exposing their wallets) means nobody who's wallet is not exposed moves anything either. The list goes on. GHash.io this absolutely is not.