Great answer! Just one note: you wouldn't necessarily need to break SHA-256 in order to break bitcoin, you could also just break ECDSA, which would allow you to spend any bitcoin in any wallet. This is possible with a large enough quantum computer, though you would need significantly more than 1000 qubits (in the hundreds of millions).

You're right that symmetric cryptography (like AES) is still safe against quantum attacks, but the Internet relies heavily on asymmetric cryptography protocols, as well. The latter are based almost exclusively on the (elliptic curve) discrete logarithm problem and the integer factorization problem, which are easily solvable on quantum computers, so they wouldn't be secure in a post-quantum world.

The problem is that symmetric protocols need encryption keys, which can't securely be exchanged over insecure channels (like the Internet), so you either need to exchange them out-of-band (infeasible in most cases) or in ways that rely on the difficulty of solving hard mathematical problems. Additionally, things like digital signatures (which are vital in systems like Bitcoin) always use asymmetric cryptography, so it being broken would make it impossible to check the identity of the author of a digital message.

Luckily we've been working on post-quantum asymmetric protocols that use new mathematical problems for which we don't yet have efficient quantum algorithms. The hope is that by the time large-scale quantum computers become widely available, we'll have minted new secure standards.