Fresh research from Google’s Quantum AI team is reviving debate over quantum Bitcoin risk and the long-term security of leading digital assets.
Summary
Google’s Quantum AI whitepaper challenges old assumptions
In a newly released whitepaper, the Google Quantum AI group argues that cracking the cryptography that secures Bitcoin and Ethereum could require fewer than 500,000 physical qubits. This threshold is dramatically below the several million qubits that many experts had cited in recent years as the practical barrier for such attacks.
Moreover, the study, highlighted by NS3.AI, suggests that a determined and well-prepared attacker could execute the decisive stage of a quantum assault in about nine minutes. That window would open once a Bitcoin public key appears in a live transaction on the network, potentially beating the roughly 10 minutes typically needed for on-chain confirmation.
Timing risk and attack surface on Bitcoin and Ethereum
That said, the whitepaper underlines that the danger hinges on timing. If a quantum computing attack can be completed before a block is mined, funds linked to the exposed public key might be redirected. This scenario underscores how even small changes in estimated qubit thresholds can reshape the perceived cryptocurrency quantum risk profile.
The analysis covers both Bitcoin and Ethereum, whose current public-key schemes could, in theory, be targeted by sufficiently powerful quantum hardware. However, the authors do not claim such machines exist today; instead, they stress that progress on quantum systems may be faster than many stakeholders in digital finance still assume.
Bitcoin Taproot and expanded exposure of public keys
The researchers also highlight that the Taproot upgrade on the Bitcoin network could unintentionally broaden the attack surface. Taproot improves privacy and flexibility, yet it makes public keys visible by default in many spending conditions. As a result, more addresses reveal the data that a future quantum adversary would need.
According to the paper, an estimated 6.9 million Bitcoin are now held in wallets whose public keys are already exposed on-chain. Moreover, this stock of coins represents a sizeable portion of the total supply and may be especially at risk in a world where breaking bitcoin cryptography becomes technically feasible.
Scale of potential exposure and quantum qubits requirement
The authors argue that the quantum qubits requirement for such attacks is only one part of the overall threat assessment. Network behavior, wallet design, and transaction patterns will also determine which funds are most vulnerable. However, the demonstration that fewer than 500,000 physical qubits might suffice challenges long-standing comfort zones in the industry.
Furthermore, the study distinguishes between keys that have never been revealed on-chain and those already used in transactions. The latter category, which includes many post-Taproot outputs, could be immediately interesting to an attacker as soon as the necessary hardware becomes available.
Implications for Ethereum and broader crypto security
While much of the narrative centers on Bitcoin, the paper also points to potential ethereum quantum vulnerability. Ethereum relies on similar elliptic-curve cryptography for its public keys, implying that any future breakthrough affecting Bitcoin security would have comparable consequences for the smart contract ecosystem.
However, the authors emphasize that both communities still have time to coordinate responses, including migration to post-quantum schemes. Planning, they argue, is critical because protocol changes, wallet upgrades, and user education may each take years to implement safely at global scale.
Strategic urgency and the quantum bitcoin risk debate
Against this backdrop, the discussion over quantum bitcoin risk is shifting from abstract theory to concrete engineering timelines. Developers, exchanges, custodians, and long-term investors may need to reassess assumptions about how long current cryptographic standards will remain robust under accelerating quantum research.
In summary, Google’s Quantum AI whitepaper does not claim that Bitcoin or Ethereum are about to be broken. Instead, it warns that the technical bar for a public key quantum attack could be lower than many had believed, suggesting that serious mitigation work should start well before large-scale quantum devices arrive.
