Google: Breaking Bitcoin Requires 20x Fewer Qubits Than Previously Estimated

Researchers at Google have concluded that a quantum computer may need fewer than 500,000 physical qubits to break the cryptographic protections of Bitcoin and Ethereum. This estimate is 20 times lower than previous projections, significantly shortening the timeline for when quantum threats could become practical.

The Research Behind the Numbers

Google's team assembled two circuits designed for testing on a superconducting cryptographically relevant quantum computer. The first used 1,200 logical qubits and 90 million Toffoli gates, while the second employed approximately 1,450 logical qubits and 70 million gates.

Under standard assumptions about hardware capabilities, the computations would take between 9 and 12 minutes. This window aligns with Bitcoin's block time of 10 minutes, theoretically enabling a so-called "on-spend attack" — a hypothetical threat where an attacker derives a private key from the public key exposed during a transaction.

Google stated that its goal is to draw attention to the issue and provide the cryptocurrency community with security recommendations while there is still time to prepare.

Why This Matters

A 20-fold reduction in the required quantum computing resources is a major wake-up call for the entire crypto industry. Previously, the quantum threat was perceived as a distant concern requiring millions of qubits. Google's new calculations shift the timeline closer to the current decade and raise urgent questions about migrating to post-quantum cryptography (PQC).

Ethereum Faces Greater Structural Risk

The researchers separately flagged a structural vulnerability in Ethereum. The account model of the second-largest cryptocurrency by market cap is susceptible to "at-rest attacks." Unlike Bitcoin, no time window is needed: once an Ethereum wallet sends a single transaction, its public key is permanently recorded on the blockchain. A quantum computer could derive the private key from that public key at any point in the future.

Google's experts described this as a systemic, unavoidable vulnerability that cannot be mitigated through user behavior alone — only through a network-wide transition to post-quantum cryptography.

According to the researchers' calculations, the 1,000 largest vulnerable addresses holding approximately 20.5 million ETH could be compromised in less than nine days.

Community Response and Forecasts

Co-author and Ethereum researcher Justin Drake said his confidence that the so-called Q-Day will arrive by 2032 has "strongly increased."

"Today is a monumentous day for quantum computing and cryptography. Two breakthrough papers just landed (links in next tweet). Both papers improve Shor's algorithm, infamous for cracking RSA and elliptic curve cryptography. The two results compound, optimising separate layers of…" — Justin Drake (@drakefjustin), original post

Drake estimated the probability of a quantum computer capable of recovering an ECDSA secp256k1 private key from a public key by 2032 at a minimum of 10%. He acknowledged that building a cryptographically significant quantum computer before 2030 still seems unlikely but stressed that preparation must begin now.

Recommendations and Industry Response

Google urged an accelerated transition to post-quantum cryptography, calling PQC a "proven path" to security that would strengthen trust in the long-term viability of the digital economy.

Short-term recommendations include:

• Avoiding reuse of vulnerable addresses
• Potential measures regarding lost or inaccessible coins

The Ethereum Foundation has previously committed to protecting the network against quantum threats by 2029 through the implementation of four hard forks. Castle Island Ventures partner Nic Carter voiced support for the Ethereum team's efforts, while characterizing the Bitcoin community's approach to the looming problem as the least effective.