Google warns that Bitcoin encryption may break away from fewer resources than expected
As quantum computing advances, the cost of attacking Bitcoin may drop significantly.
In a new analysis, Google warns that crypto assets such as Bitcoin and Ethereum may be vulnerable to quantum attacks much sooner than previously thought.
Research shows that quantum machines using Shor’s algorithm can solve the 256-bit Elliptic Curve Discrete Logarithm Problem (ECDLP) that secures multiple blockchains with fewer qubits and gates.
Google researchers estimate that 1,200–1,450 logical qubits and 70–90 million quantum gates can break Bitcoin’s 256-bit encryption in minutes, using less than 500,000 physical qubits per minute.
These findings show that quantum attacks can happen much faster than previous estimates suggested.
Bitcoin wallets at risk
Future quantum threats to Bitcoin depend on which hardware scales first, according to Google. Faster systems can allow for immediate attacks between purchases, while slower systems can initially target reserves.
As noted in the paper, the main risks include reused addresses, old wallet types, and exposure of public keys during transactions, millions of BTC are already at risk.
A “spending” attack, where a transaction is intercepted and misused before being confirmed, can occur within a Bitcoin block window of 10 minutes. That challenges the long-held assumption that transaction fees and network speed will provide sufficient security for quantum hosts.
Billions at risk
Aside from active tasks, the biggest possible target is a dormant catch.
According to researchers, about 1.7 million Bitcoins, worth tens of billions of dollars, remain locked in the original wallet formats known as P2PK, many of which are believed to be inaccessible due to a lost key.
These assets cannot be upgraded to quantum-resistant standards and can eventually be unlocked by anyone who first gains access to a cryptographically compatible quantum computer, or CRQC.
That creates what analysts describe as a “concentrated reward pool” for future attackers, from government actors to private firms, and enforcement could prove difficult in an expansive and global system.
Mines are safe, although not completely
Although quantum computers could threaten Bitcoin’s cryptography, Google notes that the mining itself is not in immediate danger. Quantum speedups from Grover’s algorithm are limited, and conventional ASIC miners still dominate performance.
However, sudden attacks can disrupt the network’s economy. A successful quantum attack can depress the value of Bitcoin, reduce incentives for miners, and compromise network performance and security.
Taproot’s development improves privacy but exposes Bitcoin to quantum attacks
Google warns that Bitcoin’s cryptographic documents may be targeted by quantum attacks.
Funds are controlled by UTXOs, public keys, and digital signatures, making it transparent when using critical risks.
Early and Taproot addresses are particularly exposed, while standard addresses retain some security until they are used.
The report notes that Taproot represents a trade-off between performance and quantum security and presents P2MR as a future type of script designed to retain the benefits of Taproot while mitigating quantum risks.
37 million ETH at risk
Quantum computing could have a more negative impact on Ethereum than Bitcoin, according to Google.
Smart contracts do not have post-quantum cryptography, which makes code at rest vulnerable, while BLS signatures on Proof-of-Stake create system vulnerabilities if a sufficient number of validators are compromised.
Ethereum’s layer 2 networks also rely on high-risk KZG bindings, which can allow for permanent backorders.
Effective mitigation requires massive integration, manual contract development, rapid key rotation, and transition to post-quantum cryptography throughout the ecosystem.
Except for Bitcoin and Ethereum
Quantum risk goes beyond Bitcoin and Ethereum, affecting forks, sidechains, privacy coins, and stablecoins, Google’s flagship.
Many chains still rely on ECDLP-based encryption, leaving funds and privacy exposed, while bridges with multiple signatures and key management create additional risks.
Even privacy-preserving blockchains like Zcash or Mimblewimble can be subject to reverse attacks, allowing the exposure of past transactions or the exploitation of inflation.
A full transition to post-quantum cryptography (PQC) is within reach
Blockchain platforms are increasingly hosting tokenized real-world assets, including bonds and real estate. With market projections exceeding $16 trillion by 2030, experts warn that the threats of quantum computing could be a systemic risk to the financial system as a whole.
While temporary mitigations, such as key rotation and protocol updates, can reduce exposure, only moving to PQC will provide lasting protection against unexpected quantum threats, Google notes.
A complete revolution in post-quantum cryptography is possible, but only if the work starts now, Google researchers emphasize.
New cryptographic methods, including lattice- and hash-based systems, are already being tested and released on selected networks.
Some projects, such as QRL and Abelian, were built to be quantum-proof from the start, while others, such as Algorand, Solana, and XRP Ledger, attempted quantum-secure integration. The Ethereum Foundation has also stepped up efforts to develop the core infrastructure for post-quantum security.
Google urges the crypto community to prepare for quantum attacks in advance, adopt PQC, address short-term risks, and share information responsibly to protect both funds and public confidence.
