Google Reduces Quantum Computing Power Estimate for Bitcoin Breach

Google estimates fewer than 500,000 qubits needed to breach Bitcoin, 20 times less than prior estimates.

A quantum computer may require fewer than 500,000 physical qubits to breach the security of Bitcoin and Ethereum, a figure 20 times lower than previous estimates. This conclusion was reached by Google researchers.

The experts devised two schemes for testing on a superconducting cryptographically relevant quantum computer. One scheme utilized 1,200 logical qubits and 90 million Toffoli gates, while the other employed about 1,450 logical qubits and 70 million gates.

According to the company’s estimates, assuming standard equipment capabilities, computations would take between nine to 12 minutes. This timeframe fits within Bitcoin’s block time (10 minutes), making an “on-spend attack” feasible—a hypothetical threat where an attacker derives a private key from a public one revealed during a transaction.

“We aim to draw attention to this issue and provide the cryptocurrency community with recommendations to enhance security and stability while it is still possible,” Google noted.

Additional Challenges for Ethereum

The researchers also warned that the account model of the second-largest cryptocurrency by market capitalization is structurally vulnerable to “at-rest attacks.” Unlike Bitcoin, this threat does not require a time window.

Once an Ethereum wallet sends a transaction, its public key remains on the blockchain. An attacker with a quantum computer can compute the private key from the public one at any time.

“This is a systemic, unavoidable vulnerability that cannot be mitigated by user behavior without a network-wide transition to post-quantum cryptography (PQC),” the experts stated.

Google estimated that the 1,000 largest vulnerable addresses (holding ~20.5 million ETH) could be breached in less than nine days.

Ethereum researcher and co-author Justin Drake commented on the findings, stating that his confidence in the arrival of the so-called Q-Day by 2032 “has significantly increased.”

Today is a monumentous day for quantum computing and cryptography. Two breakthrough papers just landed (links in next tweet). Both papers improve Shor’s algorithm, infamous for cracking RSA and elliptic curve cryptography. The two results compound, optimising separate layers of…

— Justin Drake (@drakefjustin) March 31, 2026

“I estimate the probability of a quantum computer capable of recovering an ECDSA secp256k1 private key from a public key by 2032 to be at least 10%. Although the creation of a cryptographically significant quantum computer by 2030 seems unlikely, preparations for this scenario should begin now,” he wrote.

Google also urged a swift transition to post-quantum cryptography. Researchers described PQC as a “proven path” to security that will bolster confidence in the long-term viability of the digital economy.

Short-term recommendations include avoiding the reuse of vulnerable addresses and considering measures for lost coins.

Earlier, Ethereum Foundation promised to protect the network from the quantum threat by 2029. Developers will implement four hard forks.

Castle Island Ventures partner Nic Carter supported the team’s efforts. He described the Bitcoin community’s approach to the looming issue as the least effective.