New research from Google suggests quantum computers could crack the cryptography securing Bitcoin and Ethereum with far fewer resources than previously believed.
The study, released Monday, estimates a quantum computer could break the 256-bit elliptic curve discrete logarithm problem (ECDLP-256) using fewer than 500,000 physical qubits — a 20-fold reduction from prior estimates.
On-spend attack window
The research raises a particularly alarming scenario for Bitcoin: a quantum computer could theoretically derive a private key from an exposed public key in as little as nine minutes.
Since Bitcoin’s block subsidy and transaction confirmation cycle runs on roughly 10-minute intervals, that window is razor-thin.
The paper stated:
“We should estimate the time required to launch an on-spend attack starting from this primed state at the moment the public key is learned to be roughly either 9 minutes or 12 minutes.”
Ethereum co-researcher Justin Drake responded to the findings, saying:
“My confidence in Q-Day by 2032 has shot up significantly. IMO there’s at least a 10% chance that by 2032 a quantum computer recovers […] private key from an exposed public key.”
Ethereum faces structural risk
The researchers flagged that Ethereum’s account model is “structurally prone to at-rest attacks,” meaning an attacker doesn’t need to act within any time window.
Once an Ethereum account sends its first transaction, its public key is permanently visible on-chain, giving a future quantum attacker unlimited time to derive the private key.
Google estimated the 1,000 wealthiest exposed Ethereum accounts, holding roughly 20.5 million ETH, could be cracked in fewer than nine days.
Transition to post-quantum cryptography urged
Google recommended that blockchains begin transitioning to post-quantum cryptography (PQC) now, rather than waiting for real threats to materialize.
The company had already set a 2029 internal deadline for its own PQC migration.
