Google just told the crypto industry that the threat is closer than anyone has realized. The industry, for once, is listening.
A whitepaper published late Monday by Google’s quantum AI team found that breaking the 256-bit elliptic curve cryptography that secures Bitcoin and Ethereum wallets could require fewer than 500,000 physical qubits (a unit of computing in quantum systems), roughly a 20-fold reduction from previous estimates that put the requirement in the millions.
The paper also describes how a quantum computer could decrypt bitcoin’s private keys in about nine minutes once a transaction exposes a public key, giving an attacker a 41% chance of beating bitcoin’s 10-minute confirmation window.
The research fell like a bomb in online crypto circles. Not because it says quantum computers can break bitcoin today (they can’t), but because it dramatically compresses the timeline for when they could.
“We are no longer looking at the mid-2030s, we could have quantum computers of this scale by the end of the decade,” Haseeb Qureshi, managing partner at Dragonfly, said in X. “All blockchains need a transition plan as soon as possible. Post-quantum is no longer a drill.”
Qureshi pointed out an unusual detail in Google’s disclosure. The team did not publish the actual quantum circuits. Instead, they published a zero-knowledge proof that verifies that the circuits exist without revealing how they work. “This is very atypical, it shows that Google thinks this is serious,” he said.
Justin Drake, a researcher at the Ethereum Foundation who joined the Google paper as a late co-author, said his “confidence in q-day 2032 has skyrocketed significantly,” estimating at least a 10% chance of a quantum computer recovering a ‘secp256k1’ private key from a public key exposed by that date.
Drake noted that the optimized quantum circuit has “only 100 million Toffoli gates, which is surprisingly shallow,” and that on a superconducting platform, the total runtime would be about 1,000 seconds.
“Low-hanging fruit is still being picked, and at least one of Google’s optimizations is the result of a surprisingly simple observation,” Drake added. “AI was not yet tasked with finding optimizations.”
While human researchers are still finding simple improvements, the minimum limit on the number of qubits needed has not been reached. Drake said logical qubit counts “could reach less than 1,000 soon.”
Today is a momentous day for quantum computing and cryptography. Two innovative articles just arrived (links in the following tweet). Both articles improve Shor’s algorithm, famous for cracking RSA and elliptic curve cryptography. The two results are combined, optimizing separate layers of…
-Justin Drake (@drakefjustin) March 31, 2026
Security engineer Conor Deegan, whose published research was cited in the Google article, offered one of the most technically detailed answers. He pointed out a pattern in which paper emerges through multiple chains: quantum computing acts as a single cost that produces indefinitely reusable classical feats.
Ethereum’s ‘KZG’ trusted setup, Zcash’s ‘Sapling’ protocol, and Litecoin’s ‘MimbleWimble’ all incorporate elliptic curve hardness into fixed public parameters that only need to be broken once.
“Deploying new crypto infrastructure on ECDLP curves is now indefensible given these resource estimates,” Deegan said.
The document estimates that approximately 6.9 million bitcoins, around a third of the total supply, are held in wallets where public keys have already been exposed. That includes 1.7 million BTC from the network’s early years, including that of Satoshi Nakamoto (the mysterious creator of the Bitcoin network), as well as additional funds affected by address reuse.
CoinDesk reported earlier Monday that bitcoin’s Taproot 2021 update, which was designed to enable more efficient private transactions, also exposed public keys on the blockchain by default, a technical move that now carries quantum risk.
That figure dwarfs CoinShares’ February estimate that only about 10,200 BTC are concentrated enough to cause “measurable market disruption” if stolen. Google’s methodology counts all exposed keys, not just large balances.
The split between Bitcoin and Ethereum
The reaction divided along familiar lines. Ethereum’s preparation drew praise. The lack of Bitcoin in it raised alarm.
“You can think of Q-Day as the year 2000, but it’s real,” said a widely followed crypto investor known only as ‘McKenna,’ managing partner at Arete. “People should thank the Ethereum Foundation for being one of the first and leading this research. The complicated part of this is Bitcoin. The lack of urgency and the question of consensus on what to do with vulnerable currencies.”
The Ethereum Foundation launched pq.ethereum.org last week with eight years of post-quantum research, more than 10 customer teams shipping weekly devnets, and a multi-fork migration roadmap.
Drake, a co-author of the Google paper, is part of the same Ethereum team: a direct link between the researchers quantifying the threat and the developers building the defense.
Eli Ben-Sasson, co-founder of StarkWare, urged the Bitcoin community to “strengthen initiatives like BIP 360,” a proposal that would introduce quantum-resistant wallet formats that would allow voluntary migration.
“To say that quantum computers are coming is not nonsense,” Ben-Sasson said. “FUD claims that Bitcoin cannot adapt. It can adapt. I just need to start working on these solutions today.”
Bitcoin needs to prepare for the quantum era.
We need to strengthen initiatives like BIP 360.
We need to invest more efforts in finding creative and smart solutions to ensure Bitcoin is post-quantum secure.Saying that quantum computers are coming is not FUD. FUD is claiming… https://t.co/KqQ0RpXKbX
— Eli Ben-Sasson | Starknet.io (@EliBenSasson) March 31, 2026
Bitcoin advocate Bit Paine offered a measured opinion. “I still think about 10 years is the most likely time frame, but I assign an uncomfortably high probability that we will see something disruptive within five years. High enough that it would be prudent to take action within a year or two.”
The element that changed their thinking was the “persistent nonlinearities in quality control progress and the cloak of secrecy underlying this research.” When physical qubit estimates drop by orders of magnitude, he said, “we may not have much of a window between ‘quantum is on a trajectory to disrupt bitcoin’ and ‘secp256k1 is broken.'”
Paine added a national security dimension. “A CRQC can develop in stealth mode and disappear seemingly out of nowhere.”
Google’s decision to use a zero-knowledge proof instead of publishing the circuits reinforces that point. If the world’s leading quantum laboratory self-censors its own research for security reasons, state actors with equivalent or superior capabilities are unlikely to publish anything.
Drake echoed this. “From now on, let’s assume that the most modern algorithms will be censored. A block on academic publications would be a telling sign.”
Why crypto?
Some industry voices questioned why Google directed its more detailed analysis at cryptocurrencies rather than banking or military systems. ETF analyst Eric Balchunas asked why Google would “apply this research time/money to cryptocurrencies instead of something that has much more social consequences.”
Nic Carter, a partner at Castle Island Ventures, had the answer: Blockchains are the most fragile systems that rely on encryption that quantum computers can break. “Banks don’t fail because a single key is reverse engineered. Blockchains do,” Carter said. “They’re much more fragile. The banks will be upgraded anyway. There won’t be an attack surface there.”
Binance co-founder Changpeng Zhao urged calm but acknowledged the practical difficulty.
“All cryptocurrencies have to do is upgrade to quantum-resistant algorithms. So there is no need to panic,” Zhao said. “In practice, there are some execution considerations. It is difficult to organize updates in a decentralized world.”
Zhao also directly raised Satoshi’s question. If those coins move during a migration, “it means it’s still present, which is interesting to know.” If they don’t, he said, “it might be better to effectively block or burn those addresses so they don’t reach the first hacker who cracks them.”
I saw some people panic or ask about the impact of quantum computing on cryptocurrencies.
At a high level, all cryptocurrencies have to do is upgrade to quantum-resistant (post-quantum) algorithms. So there is no need to panic. 😂In practice, there are some execution considerations. It’s difficult…
– Czech Republic 🔶 BNB (@cz_binance) March 31, 2026
The most popular counterargument about Crypto X was that quantum computing breaks everything, not just blockchains.
“If quantum technology kills Bitcoin, it also kills the global banking system, SWIFT transfers, stock exchanges, military communications, nuclear command systems, and every HTTPS website in the world,” wrote crypto commentator Quinten Francois.
Elon Musk took a lighter note, posting that at least “if you forgot your wallet password, you’ll be able to access it in the future.”
The article addresses this framing head-on. Centralized systems, from banks to military networks, can push software updates to their users. A decentralized blockchain cannot. The timeline for migrating bitcoin infrastructure, including user wallets, exchange support and new address formats, could take five to 10 years, even after a solution is agreed upon.
Meanwhile, Google said it is working together with Coinbase, the Stanford Institute for Blockchain Research, and the Ethereum Foundation on responsible approaches to the transition.
The company framed its research not as an attack on cryptocurrencies but as an effort to “support the long-term health of the cryptocurrency ecosystem.”
The message coming from almost every corner of the industry is now the same. The threat is no longer theoretical; It’s time to act. The only variable left is whether the protocols that need to migrate will do so before the hardware catches up.
Read more: Here’s how bitcoin, Ethereum and other networks are preparing for the looming quantum threat
