Bitcoin Quantum Risk Rises as Google Lowers Qubit Threshold

Google research reduces quantum requirements for Bitcoin attack

Google’s Quantum AI team published a new whitepaper outlining how future quantum computers could solve the elliptic curve cryptography used in Bitcoin more efficiently than earlier projections suggested.

The study estimates that an attack could be executed using roughly 1,200 to 1,450 logical qubits and fewer than 500,000 physical qubits. This represents a major reduction compared to earlier assumptions that required millions of qubits.

The findings were shared as part of a responsible disclosure effort, emphasizing that no such quantum machine currently exists. The research focuses on future risk rather than an immediate threat.

Why Bitcoin’s cryptography is now under closer scrutiny

Bitcoin’s security relies on the elliptic curve discrete logarithm problem, which protects private keys and transaction signatures. Under classical computing, this problem is considered infeasible to solve.

However, quantum computers using Shor’s algorithm could theoretically break this system. Previous estimates placed this risk far into the future due to hardware limitations.

Google’s updated analysis changes that assumption. By optimizing quantum circuits and factoring in realistic error correction, the research shows that the required resources may be significantly lower than expected.

This does not mean Bitcoin is currently vulnerable, but it shifts the timeline discussion from distant theory to something that may require active preparation within the next decade.

What the research actually reveals

The most notable finding is not just the reduced qubit requirement, but the identification of existing exposure on the Bitcoin network.

According to the paper, around 6.9 million BTC are held in wallets where public keys have already been revealed on-chain. These funds are potentially vulnerable to a “store now, decrypt later” strategy, where attackers collect data today and wait for quantum capabilities to catch up.

The research outlines two optimized attack paths using Shor’s algorithm, both capable of solving Bitcoin’s cryptographic scheme within minutes on a sufficiently advanced quantum computer.

For live transactions, the attack window is narrow but still feasible under certain assumptions. The study estimates a success probability of around 41 percent within a typical transaction confirmation window.

Importantly, Bitcoin’s proof-of-work mechanism is not affected by this class of quantum attack. The risk is limited to signatures and key security, not the integrity of the blockchain itself.

A shift in how the industry views quantum timelines

This development changes how seriously the industry must treat quantum risk.

The combination of lower hardware requirements and the large amount of already exposed Bitcoin creates a clearer target surface. Instead of needing to break the entire system, an attacker could focus on vulnerable wallets with known public keys.

The implications extend beyond Bitcoin. Similar cryptographic schemes are widely used across Ethereum, Layer 2 networks, and many other blockchain systems.

At the same time, the involvement of Google adds weight to the discussion. This is not a purely academic scenario but a practical analysis from a team actively working on quantum hardware.

Limits, assumptions, and real-world constraints

Despite the alarming headline, several constraints remain.

No quantum computer today is capable of executing this attack. Building a machine with hundreds of thousands of stable physical qubits remains a major engineering challenge.

The research also assumes continued progress in quantum error correction and hardware scaling. Delays in these areas could push timelines further out.

There are also mitigation strategies already available. Users can avoid address reuse and move funds to addresses where public keys are not exposed until spending.

In addition, transitioning to post-quantum cryptography is possible but complex. It would require coordination across developers, wallets, exchanges, and users, making it a slow process rather than an immediate fix.