Quantum computing was until recently seen as a distant threat that would affect cryptocurrencies decades from now. However, new research from Google significantly challenges this assumption. According to the latest findings, breaking the cryptography that underpins Bitcoin or Ethereum may require far fewer computational resources than previously expected.
Fewer qubits than expected
In its study, Google states that breaking elliptic curve cryptography (ECDLP-256), which secures most cryptocurrency blockchains, could require a quantum computer with fewer than 500,000 physical qubits. This is roughly twenty times less than earlier estimates suggested.
A qubit is the fundamental unit of a quantum computer — the more qubits a system has, the more complex calculations it can perform. The reduction in the required number of qubits significantly brings closer the scenario in which quantum attacks become a real and practical threat.
Read also: How Quantum Computers Could Transform Investing: A Technology That May Rewrite Market Rules
Bitcoin under pressure: an attack within minutes
The research also suggests that, in a theoretical scenario, a quantum computer could reveal the private key of a Bitcoin wallet in just nine minutes. This is a critical number, as Bitcoin operates with roughly a ten-minute block interval.
Within this short time window, a so-called “on-spend attack” could occur. This involves an attacker exploiting the moment when a public key is exposed during a transaction, using quantum computation to derive the private key and subsequently steal funds.
Study co-author and Ethereum researcher Justin Drake warns that the probability of “Q-Day” — the moment when quantum computers begin to realistically threaten cryptography — is no longer negligible. According to him, there is at least a 10% chance this could happen by 2032.
Ethereum may be even more vulnerable
While Bitcoin attacks would need to happen within a very narrow timeframe, Ethereum faces a more fundamental structural issue, according to Google.
Its account-based model allows so-called “at-rest attacks.” Once an Ethereum account makes its first transaction, its public key remains permanently visible on the blockchain. This means attackers are not time-constrained — they can take as long as needed to derive the private key from the exposed public key.
According to Google’s estimates, it would be possible to break the 1,000 richest exposed Ethereum accounts — which together hold approximately 20.5 million ETH — in less than nine days.
Researchers emphasize that this represents a systemic vulnerability that cannot be solved by individual user behavior. The only viable solution is transitioning to post-quantum cryptography (PQC), which is designed to resist such attacks.
Read also: AI Study: Bitcoin Beats Traditional Money
Time is running out: Google sets 2029 deadline
Following its findings, Google has set its own deadline for transitioning to post-quantum cryptography to 2029. According to the company, “quantum boundaries are closer than they appear.”
Other voices within the crypto industry share similar concerns. Investor Nic Carter described elliptic curve cryptography as a technology “on the verge of obsolescence.” He also noted that Ethereum developers are already actively working on solutions, while Bitcoin’s approach appears weaker in this area.
The Ethereum Foundation has already introduced its roadmap for post-quantum security earlier this year. Co-founder Vitalik Buterin emphasized that the transition will affect the entire infrastructure — from validator signatures and data storage to the structure of accounts themselves.
What it means for everyday investors
For everyday cryptocurrency users, quantum computers do not yet pose an immediate threat. The technology is still not advanced enough to enable real-world attacks at scale.
However, the new research suggests that the timeline may be shrinking faster than previously expected. If the development of quantum technologies continues at its current pace, the crypto industry may need to react within years rather than decades.
The key question remains whether blockchain projects will be able to transition to new security standards before quantum computers reach the necessary level of performance. Because once they do, it could represent one of the greatest security challenges in the history of digital finance.
