A new paper from Google Quantum AI has sharply reduced the estimated hardware required to crack elliptic-curve cryptography used by Bitcoin and much of Ethereum, moving a long-running security debate closer to market terms. At current market prices, the quantum computing risks could affect more than $600 billion in Bitcoin, Ethereum, and stablecoins.

The paper, co-authored by Google researchers, Ethereum Foundation researcher Justin Drake, and Stanford cryptographer Dan Boneh, reveals that Shor’s algorithm for the 256-bit elliptic curve discrete logarithm problem can run with either no more than 1,200 logical qubits and 90 million Toffoli gates or no more than 1,450 logical qubits and 70 million Toffoli gates. This is a significant finding that not only highlights the vulnerabilities of current cryptographic standards but also raises alarms about the future of digital asset security as quantum computing technology progresses.

Google has indicated that those circuits could be executed on a superconducting, cryptographically relevant quantum computer with fewer than 500,000 physical qubits in a matter of minutes, representing a remarkable 20-fold reduction from prior estimates of the number of physical qubits needed for such operations. This advancement marks a pivotal moment in the ongoing discourse on whether current cryptographic methods can withstand the impending quantum threat.

Notably, Google does not say such a machine exists today. However, Ethereum Foundation's Drake stated that his confidence in a so-called Q-day by 2032 has risen sharply, and he now sees at least a 10% chance that a quantum computer could recover a secp256k1 private key from an exposed public key by then. This potential shift in the landscape of cryptographic security necessitates urgent discussions and strategic planning within the cryptocurrency community regarding quantum-resistant cryptographic solutions.

The paper models a scenario known as an “on-spend” attack for Bitcoin, illustrating how a quantum machine could derive a private key after a public key is revealed through a transaction. With Bitcoin’s average block time at roughly 10 minutes, the potential for theft rises dramatically with this new quantum computing capability, reducing the attack window to about 9 minutes. The implications are dire; if a quantum computer can operate at speeds proposed in the paper, it risks undermining the very foundations of Bitcoin’s security model.

Bitcoin holds about 6.7 million BTC in vulnerable addresses, which is equivalent to approximately $444 billion, representing nearly 32% of Bitcoin's total cap of 21 million coins. Of this, the paper notes that old Pay-to-Public-Key scripts still secure more than 1.7 million BTC worth about $112.6 billion at current market prices. These older scripts are particularly susceptible to quantum attacks, raising concerns about the security of dormant coins that could become targets in a post-quantum world. The challenge lies not just in the immediate threat to live transactions but also in the vast amounts of older, dormant coins that could become targets in a post-quantum world.

Moreover, the paper highlights that the total amount of dormant quantum-vulnerable Bitcoin may reach 2.3 million BTC across various script types, or about $152.3 billion. These coins cannot all be migrated simply by asking current users to move funds, as many are thought to be abandoned, lost, or otherwise inactive. This presents an additional hurdle in securing Bitcoin against potential quantum threats.

The authors also argue that while Taproot introduces benefits for privacy and flexibility, it inadvertently reintroduces a quantum weakness. This is because Pay-to-Taproot places the tweaked public key directly in the locking script, exposing it to risks associated with quantum computing. They further assert that Grover-based attacks on Bitcoin mining remain impractical for decades, keeping the near-term focus squarely on signatures rather than proof of work. As a result, Bitcoin faces two distinct problems: the risk of live transactions if a future fast-clock machine can reliably break keys within the settlement window, and the substantial stock of older or exposed coins that could become fixed targets in a post-quantum world.

MORE FROM COINTIMES

Maryland Man Charged in $50 Million Uranium Finance Hack

Jonathan Spalletta faces charges for hacking Uranium Finance, draining $50 million and raising security concerns in DeFi. His case highlights vulnerabilities in the sector.

On the other hand, Ethereum's quantum risks manifest differently. The paper suggests that early fast-clock quantum computers are unlikely to launch the same kind of on-spend attack as they would in Bitcoin, primarily because Ethereum produces blocks in deterministic 12-second slots and processes most transactions in under a minute. Ethereum's architecture already relies heavily on private mempools, which adds a layer of complexity to potential quantum attacks. However, the primary quantum threat lies in at-rest attacks against long-lived accounts and the systems attached to them, posing significant risks for Ethereum’s rich ecosystem.

The paper estimates that a fast-clock attacker could crack the 1,000 highest-net-worth Ethereum accounts, which together hold about 20.5 million ETH, in less than nine days. At a recent ETH price of approximately $2,023.46, this sum equates to around $41.5 billion. Among the top 500 contract accounts by ETH balance, the paper indicates that at least 70 accounts holding about 2.5 million ETH are exposed through administrative keys. This bucket is worth about $5.1 billion at current prices, with a potential private-key derivation attack on those accounts taking less than 15 hours on a fast-clock machine.

The vulnerability of administrative keys is linked to about $200 billion in stablecoins and tokenized real-world assets on Ethereum. If compromised, these keys could enable arbitrary minting, false price feeds, drained liquidity pools, or frozen user funds, amplifying the systemic risk posed by quantum vulnerabilities. This stark reality emphasizes the need for robust security measures across Ethereum’s diverse array of applications, as the implications of a quantum attack could reverberate throughout the entire blockchain ecosystem.

Furthermore, the paper expands upon Ethereum's risk taxonomy, flagging approximately 15 million ETH in Layer 2 and protocol value exposed through code and data-availability vulnerabilities, which is roughly $30.4 billion at current prices. Additionally, about 37 million ETH in consensus stake is exposed due to BLS-signature-related risks, amounting to around $74.9 billion. These figures illustrate the broader infrastructural challenges facing Ethereum, highlighting that the quantum threat extends beyond individual wallet security to encompass the very framework that supports decentralized applications and financial instruments.

In light of these findings, the industry is left to ponder whether blockchains, wallets, exchanges, and tokenized-asset issuers can effectively migrate to more secure standards before the economics of quantum attacks shift irreversibly in favor of attackers. Charles Guillemet, the Chief Technology Officer (CTO) at Ledger, remarked, “The good news is that we already have the tools: Post Quantum Cryptography, now we need to migrate.” However, the Google paper warns that this migration process will take years, and the industry cannot afford to wait for perfect clarity on the exact arrival date of cryptographically relevant quantum computers. It will require both protocol work and changes in wallet behavior, including reducing public-key exposure and eliminating key reuse wherever possible.

The urgency for a proactive approach cannot be overstated. Vulnerable cryptocurrency communities need to transition to post-quantum cryptography without delay. For Bitcoin, this means a race against a settlement window that no longer appears comfortably wide. For Ethereum, it necessitates the protection of not just coins but also the much larger stack of contracts and tokenized claims now resting on the same vulnerable cryptographic foundations. As the quantum threat looms ever closer, the crypto community must prioritize security upgrades and innovative solutions to safeguard their assets against an evolving landscape of potential vulnerabilities.

In this rapidly evolving environment, the cryptocurrency sector faces an unprecedented challenge as it navigates the intersection of quantum computing and digital asset security. The implications of Google's findings extend beyond theoretical discussions, placing significant pressure on developers, institutions, and regulatory bodies to act swiftly and decisively. The stakes are high, and the clock is ticking. Failure to act could leave a substantial portion of the crypto economy exposed to a future that is not only possible but increasingly probable. The landscape of digital finance hinges on the ability to adapt to these emerging threats, and the urgency for collective action has never been more pronounced.