Key Takeaways
- New Google research indicates Bitcoin’s cryptographic protection could be compromised with under 500,000 qubits—dramatically fewer than prior projections
- Attack scenarios developed by the team would require just 1,200–1,450 high-performance qubits to execute
- Transaction hijacking could occur within a 9-minute window, barely beating Bitcoin’s average confirmation time
- The 2021 Taproot protocol enhancement inadvertently expanded vulnerability by exposing public keys by default
- Approximately 6.9 million Bitcoin currently exist in addresses with publicly visible keys
A groundbreaking study released this week by Google’s Quantum AI division reveals that compromising Bitcoin’s cryptographic defenses may require substantially less computational power than industry experts have long assumed. The findings represent a significant departure from conventional wisdom about quantum computing threats.
The research team’s analysis suggests that breaching the cryptographic safeguards that protect Google and Ethereum wallets could potentially be accomplished with fewer than 500,000 physical quantum bits. This stands in stark contrast to earlier scholarly estimates that placed the requirement in the multi-million qubit range.
According to the whitepaper, two distinct attack pathways have been developed, each demanding approximately 1,200 to 1,450 premium-quality qubits—a mere fraction of previous theoretical requirements.
Quantum bits, or qubits, form the fundamental computing units of quantum machines. These advanced systems possess the capability to process certain computational challenges exponentially faster than classical computers, including the decryption algorithms that secure cryptocurrency wallets.
Google has historically identified 2029 as a target year for practical quantum computing capabilities. This latest research indicates the technological gap between current quantum systems and viable attack mechanisms may be narrower than the crypto community has anticipated.
The study outlines a real-world attack scenario exploiting transaction mechanics. During Bitcoin transfers, public key information becomes temporarily visible on the blockchain network.
A sufficiently powerful quantum system could leverage this brief exposure to derive the corresponding private key and intercept the funds. According to Google’s attack model, substantial portions of the calculation can be pre-computed.
The final computational phase could theoretically be completed within approximately nine minutes after a transaction enters the mempool. Since Bitcoin transactions generally require around 10 minutes for network confirmation, this creates a critical vulnerability window.
The Race Against Confirmation Time
This tight timeframe would provide a quantum adversary with roughly a 41% probability of successfully front-running legitimate transactions. Alternative blockchain networks like Ethereum may face reduced exposure due to their faster confirmation protocols.
The research team specifically highlighted Bitcoin’s Taproot upgrade, implemented in 2021, as a contributing factor to expanded vulnerability. While Taproot delivered improvements in transaction privacy and network efficiency, it simultaneously made public keys visible by default in new-format addresses.
Legacy Bitcoin address structures incorporated an additional cryptographic layer that concealed public keys until funds were actively spent. The Taproot implementation eliminated this protective barrier for wallets adopting the updated address format.
Bitcoin Already Exposed
The whitepaper calculates that approximately 6.9 million Bitcoin currently reside in wallets where public keys have been exposed. This represents roughly one-third of Bitcoin’s entire circulating supply.
Of this total, about 1.7 million Bitcoin originate from the cryptocurrency’s earliest operational period. The remaining exposed coins result from address reuse practices and Taproot-enabled wallets.
This assessment significantly exceeds a recent CoinShares analysis, which concluded that only approximately 10,200 Bitcoin were sufficiently concentrated to create market disruption if compromised.
Google adopted an unconventional disclosure approach for these findings. Rather than publishing complete attack methodologies, the research team employed zero-knowledge proof techniques to validate their conclusions without revealing exploitable implementation details.
While emphasizing that quantum-based cryptocurrency attacks remain beyond current technological capabilities, Google is advocating for accelerated adoption of post-quantum cryptographic security standards across the blockchain industry.
