1 hour ago
243
Google’s quantum computing division just released a research paper that puts Bitcoin’s very own existence into question. The research from the Quantum AI team says that cracking Bitcoin’s elliptic curve cryptography could require less than 500,000 physical qubits. For context, this is roughly 80% less than earlier estimates which were in the millions. The same study also mentions that a sufficiently advanced quantum computer could intercept a live Bitcoin transaction in about nine minutes, which is faster than the network’s average confirmation time of around 10 minutes, succeeding about 41% of the time. At the same time, Google has already indicated that it will complete migration of its own authentication infra to post-quantum cryptography by 2029. This just shows that the company building the hardware recognizes the threat and the urgency needed to act.
Source: Google Quantum AI
There are roughly one-third of all BTC in circulation today, or 6.9 million BTC, worth around $456 billion that sit in wallets where the public keys are visible on-chain. Part of the reason for that is Bitcoin’s own Taproot upgrade, a protocol improvement that was supposed to enhance privacy but inadvertently defaulted to exposing public keys. Here’s what the research actually says, what Taproot changed, and where Bitcoin’s quantum preparedness actually stands right now.
Google Lowered the Qubit Estimate by 80%: Here’s What That Means
The quantum threat for Bitcoin has been a narrative for years now. However, this week, researchers from Google quantum AI division released a paper that narrowed the timeline even further. As reported in SpendNode and Crypto Briefing, the study found that breaking Bitcoin’s ECDSA cryptography may require only 500,000 physical qubits, which is far less than previous estimates that ranged into the millions. Approximately 1,200 to 1,450 high-quality logical qubits could be enough for an attack. The paper also mentions that a powerful enough quantum computer could intercept a live Bitcoin transaction within roughly nine minutes and redirect transactions faster than the network can confirm transactions around 41% of the time.
It’s important to note that a huge caveat still exists. No quantum computer in 2026 is anywhere close to executing this. Projections for a cryptographically relevant quantum computer vary from being 10 to 15 years away with more conservative outlooks pointing 20 or even 40 years. That, however, is actually besides the point. The resource estimate just dropped by 80% and that means what was seen as a multi-generational threat becomes a problem that we could realistically see within this decade. The shift isn’t that the threat has arrived, it’s that the assumptions underpinning Bitcoin’s security runway just got a lot less comfortable.
One Third of All Bitcoin Is Already Exposed and Taproot Made It Worse
Data from SpendNode states that roughly 6.9 million BTC, around one-third of all Bitcoins in circulation, sit in wallets where public keys are visible on-chain. At the time of writing, this is around $456 billion worth of Bitcoin that is essentially exposed to a potential quantum attack. The vulnerability comes from how Bitcoin addresses work: when a transaction is sent, the sender’s public key is briefly revealed on-chain. In theory, a sufficiently powerful quantum computer could use that public key to reverse-engineer the corresponding private key and redirect funds before the network finalises anything. That mechanism is the core of what Google’s paper is describing.
The number of wallets under threat is large and Bitcoin’s own Taproot upgrade that went live in November 2021, actually inadvertently widened this number. The upgrade was designed to improve privacy and efficiency which it delivered on. However, Taproot, by design, makes public keys visible for Taproot-type transactions. This means, every wallet that has ever sent BTC using a Taproot address has their public keys visible on-chain. That said, wallets that have only received transactions and never sent are safer since the public keys stay hidden behind a hash. There are no quantum computers that can act on this vulnerability at this stage. However, the concern is that the gap between “doesn’t exist” and “does exist” just got measurably narrower.
Google Says 2029: Bitcoin Has No Plan
On March 25, Google set a hard deadline of 2029 for its own authentication services to migrate to post-quantum cryptography. According to DL News, the company moved from demonstrating below-threshold error correction to setting a firm corporate migration deadline in just 16 months. That signal in itself is very hard to push aside. The organisation actually building the hardware is telling its own engineers to be ready in three years. Bitcoin’s position looks considerably different — no coordinated plan, no funding structure, no agreed timeline. The only formal step on record is BIP 360, a proposal for a quantum-resistant address format recently merged into Bitcoin’s improvement repository per Decrypt. It’s a starting point for a conversation, not a deployment.
The deeper issue is structural. Bitcoin’s last major cryptographic upgrade, Taproot, took years of community debate before finally activating in November 2021 — and that was a far less contentious change than a full post-quantum migration would be. Bitcoin’s decentralised, consensus-driven governance has historically been one of its genuine strengths — it has kept bad ideas out just as effectively as it has slowed good ones down. That trade-off works well when threats are abstract and timelines are long. It works less well when the company building the relevant hardware has just put a date on it. Three years is not a lot of runway for a network that takes years just to agree on the shape of a proposal and as Benzinga noted, the timeline just set by google puts Bitcoin developers “on the hot seat”.
What This Means for BTC Holders and What to Watch
The 2029 deadline is for Google, not Bitcoin. That said, the fact that the company building the hardware has set a date for its own systems to migrate says a lot about the timeline for potential quantum capabilities that could threaten Bitcoin’s cryptography. For now, wallets that have only received and never sent a transaction using Taproot are on the safe side. On the other hand, the most exposed Bitcoin is concentrated in wallets that have actively transacted using Taproot addresses.
When we come to the market side, this news has not moved price in any meaningful way just yet. Bitcoin is about to close Q1 at over -24%, making it the weakest first quarter since 2018. This decline, however, has had nothing to do with the quantum fear but is instead a result of the Iran conflict and the broader macro economic headwinds.
The timing of this news however is certainly not favourable for Bitcoin. If this narrative starts to pick up steam, it could rattle an already fragile market and cause a further decline in price. Whether proposals like BIP 360 evolve into actual activation discussions, and whether Google’s quantum milestones, especially progress toward the ~1,200 logical qubit threshold identified in its research, begin to materialize are what needs to be monitored at this stage. The threat isn’t immediate, but the timeline is no longer abstract and that’s the shift the market hasn’t priced in yet.
If you're reading this, you’re already ahead. Stay there with our newsletter.
English (US)