The market will be disrupted once an attacker finds out the first ever rewarded addresses' private keys. Imagine being able to include a million of bitcoins into circulation.
That could happen at any time that Satoshi or some other early miner with a large stack of dormant coins decides they wants to spend their coins. Assuming that coins which have not moved in 5 or 10 years are permanently lost is incorrect, as we regularly see coins like this move, or occasionally even sign messages.
Then, you need to ensure that the attacker can't make the calculations quickly. If they do and specifically faster than the time that takes your transaction to be confirmed, then they can even spend your own money.
It will be decades before we have a quantum computer powerful enough to reverse the ECDLP. It will be significantly longer than that until we have one which can solve it in <1 hour, or even <10 minutes. I suspect we will move to a quantum resistant algorithm before the former of those two events happen, which will be
long before the latter is even within the realms of possibilities.