Bitcoin doesn't use them in a way that'd let you completely break it; the asymmetric keys aren't broadcast until someone does a new transaction with them, so you can't fake one for a wallet you've never seen the public key to.
How is the transaction signature verified without the public key? This link seems to indicate spender public keys are inside of the transaction: https://bitcoin.stackexchange.com/a/102667
Ah, I had the details wrong. If there’s a signed transaction from a wallet, then you have the compressed public key and it’s not quantum safe.
But if the funds are sent to a new wallet address and there’s no transactions signed by that wallet yet, it can’t be forged without also reversing the hash that created the address.
