New research from Google’s quantum AI division shows the cryptography securing blockchains like Bitcoin and Ethereum is vulnerable to attack with far fewer resources than previously understood, accelerating the timeline for a transition to quantum-resistant standards.
"My confidence in Q-Day by 2032 has shot up significantly," said Ethereum researcher Justin Drake, a co-author on the Google paper. "IMO there's at least a 10% chance that by 2032 a quantum computer recovers a private key from an exposed public key."
The paper details a massive leap in quantum decryption algorithms, estimating that breaking the 256-bit elliptic curve cryptography (ECDLP-256) that protects most crypto wallets requires fewer than 500,000 physical qubits, a 20-fold reduction from prior estimates. The researchers calculate that such a machine could derive a Bitcoin private key in just nine minutes, opening the door for "on-spend" attacks where a transaction is intercepted and its funds stolen before being confirmed on the blockchain.
The findings challenge the long-held assumption that a quantum threat was decades away, prompting Google to set a 2029 deadline for its own services to migrate to post-quantum cryptography (PQC). For crypto, the research suggests the timeline for "Q-Day"—the moment a quantum computer breaks blockchain encryption—has moved significantly closer, forcing a difficult conversation about network upgrades.
Ethereum's "At-Rest" Vulnerability
While Bitcoin's primary quantum risk involves attacks on in-flight transactions, Google's researchers warned that Ethereum’s account model is “structurally prone to at-rest attacks” that do not require precise timing. Once an Ethereum account makes a transaction, its public key is permanently visible on-chain, giving a quantum attacker unlimited time to derive the private key.
The report estimates that the 1,000 wealthiest exposed Ethereum accounts, holding approximately 20.5 million ETH, could be cracked in fewer than nine days with a capable quantum computer. The vulnerability extends to smart contract code and layer-2 networks, creating systemic risks that can only be fixed through a coordinated, protocol-wide transition to PQC.
A Tale of Two Roadmaps
The accelerated threat has highlighted a stark divergence in preparedness between the two largest blockchain networks. The Ethereum Foundation has been actively working on a post-quantum transition for eight years, recently publishing a detailed roadmap that includes specific milestones across four upcoming hard forks.
In contrast, Bitcoin’s decentralized governance model has struggled to produce a coordinated response. While proposals exist, there is no consensus on a path forward. Prominent Bitcoin advocate Nic Carter called Ethereum’s approach "best in class" while labeling Bitcoin’s as "worst in class," warning that the network was choosing to "deny, gaslight, gatekeep, bury heads in sand." Carter urged developers to bake cryptographic mutability into the network, arguing that elliptic curve cryptography is now on the brink of obsolescence.
Google’s findings serve as a direct challenge to that silence. By publishing specific resource estimates and timelines, the company that builds the quantum computers has signaled that the threat is no longer theoretical. For networks like Bitcoin, the question is no longer if a migration is needed, but whether its governance can act before it’s too late.
This article is for informational purposes only and does not constitute investment advice.
