Every past hash function has failed at some point. It's likely only a matter of time. However, they are usually broken in increments (instead of 256 bits of protection, you only practically get 256 - X bits). Before X reaches 128 bits, I'd expect to see bitcoin (and anything else using SHA256) to move to a newer, more robust algorithm.
Bitcoin won't fail because of this. Even with a partially broken SHA256, difficulty will just go up because miners can use the shortcuts just as easily as attackers. When the time comes, the switch will require a hard fork, but what miner would want to stay with the old, broken algorithm? The biggest threat is if we have two competing algorithms to replace it. However, by the time we get there I would think there would be several companies and individuals in the position (the funds and motivation) to really analyze the options thoroughly and to be able to reach an information based consensus.
Thank you for explaining this to me. So it will more likely follow the demise of MD5, correct?
Also, I'm assuming the only way to fix that problem in the future will be a hard fork. (I'd like to see a thread about the problems of an organized fork, I'm headed to the search bar)
@jimbobway
How would that appear any different than more hashing power added to the network? I'm guessing no one will know that it's broken until someone draws up a proof.