I speculate, most likely it will be a government - one of the five eyes, or China - or an entity that is a de-facto arm of a government, and I think they will absolutely be a malicious actor. It will be in this entity's interest to keep the fact they have the QC technology sufficient to break ECDSA and other encryption algorithms a state secret because it will allow their government to spy on their enemies for longer.

If a government develops QC technology that can be run efficiently, and use said technology to steal a few hundred thousand bitcoins, the coin they steal would be worth billions as of when they steal the coin, but its value would quickly plummet once many people start complaining their coin was stolen after practicing good security practices. It would also be a warning to other governments, banks, communications companies, and others to upgrade their encryption systems ASAP, and to stop using "now broken" encryption systems immediately, even if this means taking services offline for some time.

If a government were to develop QC tech that can efficiently break modern encryption algorithms, I think they would prefer to use it to decrypt intercepted communications via the internet and elsewhere, with the hope their enemies will continue using "broken" encryption algorithms. Last month, a bunch of European internet traffic was rerouted via China for two hours, and there have been similar incidents before. These incidents could be true errors, or they could have been the Chinese government collecting encrypted internet traffic hoping to decrypt it, with current or future technology.