Google Quantum AI researchers have published a study suggesting that the cryptography safeguarding Bitcoin and Ethereum could be cracked with far fewer quantum hardware resources than previously believed. The work, released this week, estimates that a practical quantum computer might break the 256-bit elliptic curve cryptography (ECDLP-256) used by major blockchains with under 500,000 physical qubits, given current hardware assumptions.
In tests conducted on superconducting-qubit cryptographically relevant quantum computers, the researchers demonstrated a 20-fold reduction in the number of qubits needed to derive the private key from a public key, a step that underpins the security of most cryptocurrency accounts. The paper highlights a scenario in which a quantum attacker could recover a Bitcoin private key in about nine minutes, potentially enabling an “on-spend” attack within Bitcoin’s typical 10-minute block interval.
“We should estimate the time required to launch an on-spend attack starting from this primed state at the moment the public key is learned to be roughly either 9 minutes or 12 minutes.”
One of the authors, Ethereum researcher Justin Drake, publicly acknowledged growing confidence in a quantum-day timeline. In a social post, he suggested there’s a meaningful chance that by 2032 a quantum computer could recover a private key from an exposed public key, noting specifically that this is not merely a theoretical concern but a material possibility on the horizon.
Ethereum’s “at-rest” risk compounds the challenge
The Google study also casts light on what it calls an “at-rest” vulnerability in Ethereum’s account model. Unlike the Bitcoin scenario, where an attacker would need to time their attack to a specific moment, an at-rest attack relies on a public key that has already been revealed when an account first transacts. Once that public key becomes visible on the blockchain, a quantum adversary could take their time to derive the corresponding private key, potentially compromising the account at any future point.
The researchers warn that this is a systemic exposure that cannot be mitigated merely by user behavior. It argues for a protocol-wide shift to post-quantum cryptography (PQC) to harden security before credible threats can materialize.
Google estimated that the top 1,000 Ethereum accounts, collectively holding around 20.5 million ETH, could be cracked in fewer than nine days under certain quantum scenarios. The finding underscores a key distinction: Bitcoin’s risk window is time-bound, while Ethereum’s exposure could be persistent once a public key has left the user’s control.
The paper ties these technical insights to a broader warning for the crypto community: the clock toward quantum threats is moving faster than many had anticipated, and transitional security measures are urgently needed.
Google’s research is part of a broader push to raise awareness about quantum risk in crypto and to offer concrete recommendations for security upgrades. The team argues that the community should accelerate the adoption of PQC and begin transitioning systems now, rather than wait for a real quantum attack to materialize.
What changes are on the horizon for post-quantum security?
The research arrives amid a wave of activity around post-quantum cryptography and blockchain security. In parallel with the study’s release, Google signaled a firm deadline for its own post-quantum cryptography migration: 2029. While this timeline is specific to Google’s internal deployment, it has intensified industry discussions about how quickly protocols, wallets, and consensus layers across major networks must evolve.
Industry voices have varied in their assessment of the urgency. Nic Carter, a crypto researcher and commentator, summarized the tension in a recent thread, noting that elliptic-curve cryptography could be “on the brink of obsolescence.” He argued that Ethereum developers have already started exploring post-quantum approaches, while Bitcoin communities have been slower to adopt such changes. Carter’s assessment reflects a broader concern that, even if the risk is not imminent for all networks, the potential for accelerated disruption is real and requires proactive planning.
On the development front, Ethereum’s community has been alert to quantum risk for some time. The Ethereum Foundation released a post-quantum security roadmap earlier this year, outlining the kinds of changes needed to signatures, data storage, account structures, and cryptographic proofs to withstand quantum-era threats. Vitalik Buterin himself has highlighted the need for substantial updates across validator signatures, storage formats, accounts, and proofs to build resilience against future quantum capabilities.
Google’s paper and the ensuing discussion have heightened attention on how networks can migrate toward quantum-resistant schemes. The recommendations call for a coordinated transition that minimizes user disruption while upgrading core cryptography, a complex engineering challenge that spans client implementations, node operators, and ecosystem tooling.
Why this matters for investors, users, and builders
The potential for quantum-assisted breaches touches several layers of the crypto stack. For investors, it introduces a strategic risk horizon that could compress security timelines and affect long-hold strategies for large holdings, especially if the most valuable accounts rely on exposed public keys. For users, the findings emphasize the importance of wallet and key-management practices that minimize exposure of public keys and support seamless upgrades to quantum-resilient schemes. For builders and developers, the message is clear: security audits, protocol upgrades, and cross-ecosystem interoperability will need to accelerate in tandem with cryptographic research.
The divergence in risk models between Bitcoin and Ethereum also highlights how different design choices influence vulnerability. Bitcoin’s on-spend risk translates into a window of opportunity for attackers, whereas Ethereum’s account model could face a broader, systemic threat if and when quantum-ready cryptography is not universally deployed. The study’s authors stress that this is not a distant concern but a practical risk requiring immediate attention from protocol designers, wallet providers, and exchanges alike.
What to watch next
As the crypto industry digests Google’s findings, the next several quarters will likely feature intensified focus on post-quantum readiness. Key areas to watch include: the pace of PQC standardization and adoption across major platforms, the ability of wallet providers to roll out user-friendly upgrades, and how layer-2 ecosystems and centralized services handle migration without disrupting service. The Ethereum Foundation’s roadmap and ongoing development work on quantum-resistant signatures and proofs will be critical to gauge whether practical, broad-based adoption can start within a few years. Meanwhile, Bitcoin developers face the challenge of aligning security upgrades with long-standing principles of decentralization and backward compatibility.
Experts caution that even with a clear migration path, incentives and coordination across a diverse set of actors will determine how quickly the ecosystem can transition. The study’s authors emphasize a proactive stance: by beginning the transition now, networks can reduce the risk of a sudden, disruptive quantum-enabled event in the future.
In sum, the Google study reframes the quantum threat as both more tangible and more nuanced than earlier forecasts suggested. It underscores the urgency of moving toward post-quantum cryptography while acknowledging the complexity of achieving a seamless, ecosystem-wide upgrade. For market participants, the message is practical: begin planning today, monitor progress on standards, and be prepared for the first wave of PQC-enabled solutions to arrive sooner than expected.
Readers should keep an eye on updates from major blockchain projects, standard-setting bodies, and security researchers as the push toward quantum resilience accelerates. The question is not merely whether quantum computers will crack current cryptography, but how quickly the industry can adapt to ensure the security of stored value and the integrity of decentralized networks in a quantum-enabled era.
