To breach the security of Bitcoin and Ethereum, a quantum computer may need fewer than 500,000 physical qubits, which is 20 times lower than previous estimates. This conclusion was reached by Google researchers.
The specialists tested two circuits on a superconducting, cryptographically relevant quantum computer. One used 1,200 logical qubits and 90 million Toffoli gates, while the other employed about 1,450 logical qubits and 70 million gates.
According to the company’s estimates, under standard assumptions about hardware capabilities, the calculations would take between nine and 12 minutes. This timeframe aligns with Bitcoin's block time (10 minutes), making a "on-spend attack"—a hypothetical threat where an attacker decrypts a private key from a public one revealed during a transaction—possible.
“We want to draw attention to this issue and provide the cryptocurrency community with recommendations to enhance security and stability while there’s still time,” Google stated.
Additional Challenges for Ethereum
Researchers also warned that the account model in the second-largest cryptocurrency is structurally vulnerable to "at-rest attacks." Unlike Bitcoin, this threat does not require a time window.
Once an Ethereum wallet sends a transaction, its public key remains on the blockchain. An attacker with a quantum computer can compute the private key from the public one at any time.
“This is a systemic, unavoidable vulnerability that cannot be mitigated by user behavior without a network-wide transition to post-quantum cryptography (PQC),” experts stated.
Google calculated that the 1,000 most vulnerable addresses (holding approximately 20.5 million ETH) could be hacked in less than nine days.
Co-author of the study and Ethereum researcher Justin Drake commented on the findings, stating that his confidence in the arrival of what’s termed Q-Day by 2032 has “significantly increased.”
Today is a momentous day for quantum computing and cryptography. Two breakthrough papers just landed (links in next tweet). Both papers improve Shor's algorithm, infamous for cracking RSA and elliptic curve cryptography. The two results compound, optimizing separate layers of…
— Justin Drake (@drakefjustin) March 31, 2026
“I estimate the probability that a quantum computer capable of recovering the ECDSA secp256k1 private key from the public key will emerge by 2032 at least 10%. While the creation of a cryptographically significant quantum computer by 2030 still seems unlikely, we must start preparing for this scenario now,” he wrote.
Google also urged a swift transition to post-quantum cryptography. Researchers described PQC as a “proven path” to security that will bolster trust in the long-term viability of the digital economy.
Among the short-term recommendations are avoiding the reuse of vulnerable addresses and considering measures regarding lost coins.
It’s worth noting that the Ethereum Foundation promised to protect the network from quantum threats by 2029. Developers will implement four hard forks.
Castle Island Ventures partner Nic Carter supported the team's efforts, noting that the least effective approach to the looming issue is the response from the Bitcoin community.