A recent white paper published by Google’s Quantum AI team has sparked renewed debate over the security of major cryptocurrencies like Bitcoin and Ethereum. According to the report, the computational power required to break the encryption that secures these crypto networks may be significantly lower than previously assumed. While the Taproot upgrade has bolstered efficiency and privacy on the Bitcoin network, Google’s scientists highlighted that it could also increase vulnerability to quantum attacks.
Quantum computers may be closer than thought
The study re-examined earlier forecasts regarding the number of quantum bits (qubits) needed for a successful quantum attack on Bitcoin’s cryptography. Previous assumptions held that several million qubits would be required, putting such a threat far into the future. However, Google’s team now estimates this number could be under 500,000. The research also outlines two model attack scenarios that might only require between 1,200 and 1,450 high-quality qubits.
Google had previously cited 2029 as a milestone year for deploying “usable” quantum systems. The new findings suggest that crypto assets could face heightened risks from quantum computing advances on a much shorter timeline than many in the ecosystem had anticipated.
Unlike classical computers, quantum computers are capable of solving complex problems with vastly greater efficiency. This disrupts current cryptographic safeguards, such as those protecting crypto wallets. Although quantum computers have yet to reach the level required to launch such attacks in practice, the specter of their capabilities is already fueling anxiety among investors and crypto advocates.
Real-time transactions bring increased exposure
The research team emphasized that, rather than targeting old wallets with exposed public keys, an attacker wielding a fast enough quantum computer could intervene during live transactions. Every time Bitcoin is transferred, the recipient’s public key is briefly visible. In that short window, a quantum computer could theoretically deduce the corresponding private key, allowing stolen funds to be redirected before the transaction is securely added to the blockchain.
Google’s simulation demonstrated that a portion of the required calculations for this attack can be prepared ahead of time. Once a cryptocurrency transfer is initiated, a quantum-enabled attacker could potentially complete the hack in around nine minutes. Given that Bitcoin transactions typically take about ten minutes to be confirmed on the blockchain, Google’s analysis estimates a roughly 41% chance that a malicious party could approve their fraudulent transaction before the legitimate one is processed.
The study extended its analysis to other cryptocurrencies, noting that networks like Ethereum—where transactions confirm almost instantly—may present a smaller target window for quantum attacks. This structural difference could make Ethereum less exposed to the specific type of quantum threat described.
Another key finding relates to existing vulnerabilities: around 6.9 million Bitcoins, nearly a third of the total supply, are stored in wallets where the public key has been revealed at some point. This figure includes about 1.7 million coins from Bitcoin’s early days and assets held in addresses that have been reused. Previous risk assessments from various institutions had downplayed the number of susceptible wallets, but Google’s research suggests the risk could be more substantial than earlier believed.
“Due to the Taproot design choice, the number of wallets potentially exposed to quantum-based attacks may increase,” the researchers concluded.
The Google Quantum AI team also disclosed that some sensitive details were deliberately withheld from publication to prevent misuse. Instead of step-by-step technical disclosure, the group employed zero-knowledge proofs to verify their analysis. This careful approach aimed to ensure the findings could be trusted while minimizing the potential for malicious exploitation.
