We don't think that QC development will happen step by step. Our expectation is that someone will find a QC technology, that allows "far beyond expectations" numbers of qubits, that will allow this QC to get all private keys immediately.
We think that such a QC will surprise the Bitcoin community and only thereafter we will upgrade to a quantum resistant Bitcoin network. We hope that the user of such a QC to get the private keys, knows exactly how Bitcoin works and allows the owners to transfer their coins to the new QC resistant addresses. It would be a win-win game: the QC user would get the "lost" coins, the Bitcoin owners could transfer their coins to QC resistant addresses, the Bitcoin ecosystem wouldn't be affected, we would have a stronger Bitcoin network. How would a QC user act: starting with the oldest "lost" coins and moving them, so that the Bitcoin community can realize that someone is moving the "lost" coins (e.g. a special posting board here on bitcointalk) but gives the owners the possibility to transfer their coins to other addresses. In the meantime we will have a very quick "quantum resistance upgrade". And it will continue like DannyHamilton described it:
but stronger

1+ million Bitcoins, the other "lost" coins are QC resistant

The first quantum computers won't be able to mine Bitcoin because they will not have enough qubits to get the hash of the next block. For that task 2^128 basic quantum operations are needed. That is something for the "second generation quantum computers".
But to get the privatekey only 128^3 basic quantum operations are sufficient and will be within the range of "first generation quantum computers".
https://en.bitcoin.it/wiki/Quantum_computing_and_Bitcoin

And for the "second generation quantum computers" people are already developing post SHA-hash signature systems. So we would then change to post SHA-hash signature systems before "second generation quantum computers" exist.

The first quantum computers won't be able to mine Bitcoin because they will not have enough qubits to get the hash of the next block. For that task 2^128 basic quantum operations are needed. That is something for the "second generation quantum computers".
But to get the privatekey only 128^3 basic quantum operations are sufficient and will be within the range of "first generation quantum computers".
https://en.bitcoin.it/wiki/Quantum_computing_and_Bitcoin

And for the "second generation quantum computers" people are already developing post SHA-hash signature systems. So we would then change to post SHA-hash signature systems before "second generation quantum computers" exist.

I have no idea and I just learned it from this thread. Those coins in Satoshi's wallet will then be activated which sooner there might not have forgotten coins after all. I guess we can all say Bitcoin will live on to be 21M in total. Nothings wasted and SAtoshi has really thought all of these will happen one day.

I mean if you look at companies like Bitmain, they use their Asics first and mine the S**t out of them, driving up the hash rate, Once they are done they sell their stuff to the public.

That's not an issue. Bitcoin developers have already post quantum solutions.
But there are lots of 'shalecoins', https://bitcointalk.org/index.php?topic=5134441.0 coins with no owner. With quantum computers, these coins will become active and change the Bitcoin ecosystem.

His coins would be quantum secured, if he sent them to P2PKH addresses. But he did not and isn't doing.

All I am saying is will we be able to "save" the decentralized nature of Cryptocurrencies. Once these "Super Machines" become a reality?

I have really learnt so much from this thread. I feel like the discussion now needs to heads towards Mining. How Quantum Computers could affect mining

Concerning quantum computers and cryptography, there are two totally different aspects.

1) quantum computers, if ever they come into existence with a lot of qubits (which I personally doubt, but ok), can TOTALLY CRACK the current public key systems based on prime factorisation (RSA, Diffie-Hellmann) or based upon discrete logarithms in groups (elliptic curve crypto).  The algorithm to do so is known, it is Shor's algorithm.  By TOTALLY I mean totally: just ANY key can be cracked in a matter of milliseconds, on the condition that the quantum computer has more qubits than (a few times) the key length.  If such a quantum computer exists, there is simply no difficulty in cracking the key, it doesn't take "days" or anything because the difficulty goes LOGARITHMIC with Shor's algorithm.

2) however, for hash functions, and symmetric crypto like AES-256, it can be shown that a quantum computer can AT BEST use Grover's algorithm to crack it.  Grover's algorithm doesn't crack entirely a hash function, but essentially HALVES ITS BIT STRENGTH.  So a SHA-256 hash (with 256 bits) would not require 2^256 trials like on a classical computer, but "only" 2^128 trials on a quantum computer, which is STILL IMPOSSIBLE to do practically.  Most people think that quantum computers will, if ever they exist, run much slower than classical machines, so 2^128 trials on a quantum machine will be much harder to solve than 2^128 trials on a classical machine.

So while quantum computers can speed up hash function searching, they won't crack it entirely.  The interesting thing is that under certain conditions, it has been established that Grover's algorithm is the best possible one on a quantum machine, to attack a random hash function.

==> big hash functions are still secure against quantum attacks ; most current public key crypto is totally broken by quantum attacks.

This is why it is somewhat strange, in the bitcoin protocol, to have hashed the public key to 160 bits, and not have kept the 256 bits.  If the menace of a quantum attack were the reason for this, it would have been wiser to keep the 256 bit hash as an address instead of the 160 ripemd hash, because under grover's algorithm this would become only 80 bits secure, while the 256 bit hash would remain 128 bit secure under a quantum attack, which is the same level of *classical* security offered by the elliptic curve signature scheme - which wouldn't survive, by itself, a quantum attack.  This is one of the peculiar crypto design "features" of bitcoin...