Most of the online reaction to the Google Quantum AI paper, published Monday night, focused on bitcoin. The nine-minute attack, a 41% theft probability, and the 6.9 million in BTC possibly exposed.
The Ethereum section received less attention. Deserves more.
The white paper, co-authored by Ethereum Foundation researcher Justin Drake and Stanford’s Dan Boneh, mapped five ways a quantum computer could attack Ethereum, each targeting a different part of the network.
The combined exposure exceeds $100 billion at current prices, and the knock-on effects could be much larger.
Wallets that can never be hidden
In bitcoin, your public key (the cryptographic identity linked to your funds) can remain hidden behind a hash, a kind of fingerprint, until you spend. In Ethereum, the moment a user submits a transaction, their public key is permanently visible on the blockchain.
There is no way to rotate it without abandoning the account completely. Google estimates that the top 1,000 Ethereum wallets by balance, holding approximately 20.5 million ETH, are exposed.
A quantum computer that cracked one key every nine minutes could solve all 1,000 in less than nine days.
DeFi master keys
Many smart contracts on Ethereum, the self-executing programs that power lending, trading, and the issuance of stablecoins, grant special privileges to a handful of administrator accounts. These administrators can pause the contract, update its code, or move funds.
Google found at least 70 major contracts with admin keys exposed on-chain, containing around 2.5 million ETH. But the biggest risk is what those keys control beyond ETH.
Administrator accounts also govern the minting authority of stablecoins like USDT and USDC, meaning a quantum attacker who cracks one could print unlimited tokens. The paper estimates that approximately $200 billion in stablecoins and tokenized assets on Ethereum depend on these vulnerable management keys.
Forging even one could trigger a chain reaction across all credit markets that accept those tokens as collateral.
Layer 2 based on vulnerable mathematics
Ethereum processes most of its transactions through Layer 2 networks, separate systems like Arbitrum and Optimism that handle and report off-chain activity.
These L2s rely on Ethereum’s built-in cryptographic tools, none of which are quantum resistant. The document estimates that at least 15 million ETH are exposed on major L2 and cross-chain bridges.
Only StarkNet, which uses a different type of math based on hash functions instead of elliptic curves, is considered secure.
Attack the betting system
Ethereum is secured by proof-of-stake, where validators (network participants who lock up ETH as collateral) vote on which transactions are valid. Those votes are authenticated using a digital signature scheme that the newspaper considers vulnerable to quantum computers.
Approximately 37 million ETH have been staked. If an attacker compromises one-third of the validators, the network will no longer be able to complete transactions. Two-thirds gives the attacker the ability to rewrite the chain’s history.
The document notes that if staking is concentrated in large pools, such as Lido by about 20%, targeting a single provider’s infrastructure could drastically shorten the attack timeline.
The exploit you only need to run once
This is the unprecedented vector. Ethereum uses a system called data availability sampling to verify that transaction data published by L2 networks actually exists. That system depends on a unique configuration ceremony that generated a secret number, which was supposed to be destroyed later.
A quantum computer could recover that secret from publicly available data. Once recovered, it becomes a permanent tool, a regular piece of software, that can falsify data verification tests forever without needing quantum access again.
Google describes this exploit as “potentially marketable.” Every L2 that depends on the Ethereum blob data system would be affected.
The advantage of Ethereum and its limits
Drake, one of the co-authors of the article, is part of the Ethereum Foundation. The Foundation last week launched a post-quantum research portal backed by eight years of work, with testnets shipping weekly and a multi-fork upgrade roadmap targeting quantum-resistant cryptography by 2029.
Ethereum’s 12-second block times also make stealing real-time transactions much more difficult than in Bitcoin, where blocks take 10 minutes.
But the document makes clear that updating Ethereum’s base layer does not automatically fix the thousands of smart contracts already deployed on it. Each protocol, bridge, and L2 would need to independently update its own code and rotate its own keys. No entity controls that process.
