New research from Google suggests that quantum computers could break the cryptographic protections underpinning major cryptocurrency blockchains using significantly less power than previously estimated. The study, released on Monday, finds that a quantum computer equipped with fewer than 500,000 physical qubits could crack the encryption securing Bitcoin and Ethereum. Researchers describe this as a roughly 20-fold reduction in the number of qubits previously thought necessary. A qubit is the basic unit of computation in a quantum machine.
The team tested two quantum circuits on a superconducting-qubit, cryptographically relevant quantum computer, targeting the 256-bit elliptic curve discrete logarithm problem, widely used across cryptocurrency blockchains. In a theoretical scenario, the research indicates a quantum computer could derive a Bitcoin private key in as little as nine minutes. That window is notable because Bitcoin’s standard block confirmation time is ten minutes, meaning an attacker could potentially execute what researchers call an “on-spend attack” before a transaction is finalized. Such an attack would allow a bad actor to steal funds by deciphering a private key from a public key exposed during a transaction.
The study also highlights a distinct and potentially more serious vulnerability for Ethereum. Researchers warn that Ethereum‘s account model is structurally prone to “at-rest attacks,” which do not require any timing window. Once an Ethereum account sends its first transaction, its public key becomes permanently visible on the blockchain, giving a quantum attacker unlimited time to derive the corresponding private key. The paper states this creates “a systemic, unavoidable exposure that cannot be mitigated by user behavior, short of a protocol-wide transition to post-quantum cryptography.”
Google estimated that the 1,000 wealthiest exposed Ethereum accounts, collectively holding approximately 20.5 million ETH, could be compromised in fewer than nine days under this attack model. Co-author and Ethereum researcher Justin Drake stated that his confidence in a so-called Q-Day arriving by 2032 had risen sharply, placing at least a 10% probability on a quantum computer recovering a private key from an exposed public key by that year. The findings have intensified debate within the cryptocurrency community about the timeline for quantum threats.
Google said its goal in publishing the research is to raise awareness and provide the cryptocurrency community with recommendations to strengthen security before such attacks become feasible. The company is urging blockchain networks to begin transitioning to post-quantum cryptography now, rather than waiting for concrete threats to materialize. Separately, on Wednesday, Google set a 2029 internal deadline for its own post-quantum cryptography migration, cautioning that quantum computing advances could arrive sooner than anticipated.
Responses from within the crypto industry followed quickly. Crypto entrepreneur Nic Carter said elliptic curve cryptography is on the “brink of obsolescence,” and contrasted the approaches of the two largest blockchain networks. Carter noted that Ethereum developers were already working on solutions while characterizing Bitcoin developers as having a “worst in class approach” to the issue. The remarks underscored a growing divide in how the two communities are responding to the quantum threat.
The Ethereum Foundation released a post-quantum roadmap in February, and co-founder Vitalik Buterin has stated that validator signatures, data storage, accounts, and cryptographic proofs must all be updated to prepare for quantum risks. The path forward for both networks remains technically complex, and experts note that the effectiveness of post-quantum cryptographic solutions has not yet been fully proven at scale.
Originally reported by CoinTelegraph.
