Google’s Quantum AI team published a whitepaper on March 31, 2026, warning the cryptocurrency industry it has less time to prepare for quantum threats than it assumed. The team found breaking the cryptography protecting Bitcoin and Ethereum wallets would require fewer than 500,000 physical qubits. Previous estimates put the number in the millions.
The researchers designed two potential attack methods, each requiring roughly 1,200 to 1,450 high-quality qubits. Under one model, a quantum computer could crack a Bitcoin private key in about nine minutes once a public key is exposed during a transaction. Bitcoin transactions typically take around 10 minutes to confirm, giving an attacker a 41% chance of beating the original transfer and redirecting the funds. Ethereum faces less exposure to this specific attack because its transactions confirm faster.
The paper also flagged Bitcoin’s Taproot upgrade as a concern. Taproot, designed to make transactions more efficient and private, makes public keys visible by default. This widens the number of wallets exposed to a quantum attack. Google estimated about 6.9 million bitcoin, roughly one-third of the total supply, already sit in wallets where the public key has been revealed in some form.
A separate paper from Caltech and quantum startup Oratomic, published the same day, went further. Those researchers found the cryptography securing Bitcoin and Ethereum wallets could be broken with as few as 10,000 physical qubits using a neutral-atom quantum computer. A system with around 26,000 qubits could crack ECC-256, the encryption standard used by both blockchains, in about 10 days. CoinDesk noted all nine authors of the Caltech/Oratomic paper hold shares in Oratomic, with six employed by the company.
Estimated requirements for running Shor’s algorithm, the quantum method for breaking public-key encryption, have dropped five orders of magnitude over two decades, from roughly 1 billion physical qubits in 2012 to about 10,000 today. Google itself is setting a 2029 deadline to migrate its own authentication services to post-quantum cryptography.
The crypto community responded with a mix of urgency and reassurance. Binance founder CZ wrote on X the industry needs to upgrade to quantum-resistant algorithms. Ethereum developers have already started a post-quantum migration effort. Starknet co-founder Eli Ben-Sasson urged the Bitcoin community to accelerate work on BIP 360, a proposal for quantum-resistant addresses. Bitcoin advocate Bit Paine said he assigns “an uncomfortably high likelihood” of something disruptive within five years.
Google stressed no quantum computer exists today with the capacity to carry out these attacks. Its most advanced processor, Willow, has 105 qubits. The company did not release the algorithm it developed, offering instead a zero-knowledge proof so external researchers could verify the findings without accessing the method itself.
Google concludes their report by adding:
With this work, our goal is to support the long-term health of the cryptocurrency ecosystem and blockchain technologies, which are an increasingly significant part of the digital economy. Moving forward, we hope our approach to responsible disclosure can spur an important conversation among quantum computing researchers and the broader public, and offer a model on which to build for the quantum cryptanalysis research field.
You can read the whitepaper here.
