I thought Shor's algorithm will break elliptic curve encryption once quantum computers are sufficiently large?
It just cuts the effective key size in half. The current 160-bit signatures will be brute forced in 2^80 operations. That sounds weak, but it's going to be a long time before quantum computers reach 160-bit levels (if ever), and even when they do the operations per second will be very low and 2^80 will be infeasible for a long time thereafter.
You're thinking of Grover's algorithm. Shor's algorithm does indeed break ECDSA in polynomial time, though we're a very long way off a useful implementation. And note that Bitcoin public keys are 256 bits, not 160 bits - the
hash is 160 bits, but this is not broken by Shor's algorithm.