How Quantum Computers Could Break Crypto Security
In a recent blog post and accompanying whitepaper, Google Research announced that the number of physical qubits needed to break the cryptographic foundation of Bitcoin and most major blockchains has dropped by approximately 20 times compared to prior estimates.
- Quantum computers could fundamentally alter the foundations of crypto security.
- Google Research has significantly revised its estimates downward, with a 2029 target now on the table.
- The core risk is the potential breaking of elliptic curve cryptography through quantum technologies.
- Accounts and addresses with already-exposed public keys are most vulnerable.
- The industry has already begun transitioning toward post-quantum protection and new standards.
What Google Actually Found
Most blockchain technologies and cryptocurrencies rely on a mathematical problem known as the 256-bit elliptic curve discrete logarithm problem (ECDLP-256) to secure wallets and transactions. Solving it is what would allow an attacker to derive a private key from a public one, and with it, take full control of any wallet.
Until recently, the computational resources required to do that were considered safely out of reach for the foreseeable future. Google’s updated research changes that picture. Their team compiled two quantum circuits capable of attacking ECDLP-256: one using 1,200 logical qubits and 90 million Toffoli gates, and another using 1,450 logical qubits and 70 million. According to Google’s whitepaper, both could be executed on a superconducting quantum system with fewer than 500,000 physical qubits, in a matter of minutes.
The implications go beyond simply cracking dormant wallets. Google’s research shows that the reduced execution time is fast enough to operate within Bitcoin’s average block confirmation window of ten minutes. This opens the door to what researchers call “on-spend” attacks, quantum strikes that target a transaction while it is still waiting to be confirmed in the mempool, before it is ever written to the blockchain. In other words, the threat is not only to old, forgotten wallets. It extends to transactions happening right now.
Google added that while the time before such a machine exists still exceeds the time needed to complete an industry-wide migration, that margin is, in their words, “increasingly narrow.”
Why Crypto Is Particularly Exposed
To understand the vulnerability, it helps to understand how blockchain security actually works, and where it was never designed to defend against quantum-scale computation.
Every user on a blockchain holds two keys: a private key that authorizes transactions, and a public key that the network uses to verify them. The security of the entire system rests on one assumption: that deriving the private key from the public key is computationally impossible. That assumption holds true for classical computers. For a sufficiently advanced quantum machine, it may not.
This is not a new concern, but quantum computing works on fundamentally different principles that make it uniquely dangerous in this context. Where classical computers process information in bits – each a strict 0 or 1 – quantum machines use qubits that can exist as 0, 1, or a combination of both simultaneously, a property called superposition. Paired with quantum entanglement, which links particles so that a change in one instantly affects the other regardless of distance, and interference, which filters correct solutions by amplifying them and suppressing errors, quantum computers can attack certain mathematical problems, including the one protecting every crypto wallet, in ways classical systems simply cannot.
What makes the current moment particularly urgent is a threat that predates any working quantum computer: the “harvest now, decrypt later” strategy. Sophisticated adversaries, state actors among them, can collect and store encrypted blockchain data today, then decrypt it once quantum capability matures. The attack does not need to happen in real time. Part of the quantum risk, in that sense, is already materializing in the background right now, invisible and silent.
Who Is Most at Risk and When
Not every wallet faces equal exposure. In an interview series published by Citigroup, Ronit Ghose of the Citi Institute and Thomas Courage of the Ethereum Foundation drew a clear distinction: the most vulnerable addresses are those where the public key is already visible on the blockchain. This includes wallets that have reused addresses, older wallet formats from Bitcoin’s early years, and certain custodial and multi-signature arrangements.
Alex Thorn, Head of Research at Galaxy Digital, made a similar point in an interview with CoinDesk, cautioning against overstating the immediate danger. The majority of Bitcoin holdings, he argued, are not directly exposed under current quantum capabilities. However, according to research from Project Eleven, a quantum computing research initiative, approximately 7 million BTC fall into the vulnerable category where public keys are already exposed. At current valuations, that represents hundreds of billions of dollars sitting in wallets that a sufficiently advanced quantum computer could target first.
As for timing, the Citigroup interviews and the broader expert consensus had previously pointed to the 2030–2035 window as the likely moment of material risk. Google’s revised figures and 2029 migration target compress that range. Most remaining challenges, researchers note, are engineering problems rather than scientific ones, which means progress could accelerate faster than models predict.
That uncertainty is already registering in financial markets. In January, Christopher Wood, global head of equity strategy at investment bank Jefferies, eliminated a 10% Bitcoin allocation from his model portfolio, citing quantum computing risks. It was a concrete, high-profile signal that the threat has moved from theoretical discussion into portfolio-level decision-making.
What the Industry Is Doing and Whether It Will Be Enough
The response is real, but the scale of what is required is significant.
Google has been working toward post-quantum readiness since 2016, alongside other major players including Coinbaseand the Ethereum Foundation. The Ethereum Foundation is already developing new cryptographic signature schemes designed to resist quantum attacks, and updated standards are beginning to be implemented gradually across the ecosystem.
The goal is not merely to bolt on additional security, but to build what engineers call crypto-agility – the ability to swap out cryptographic algorithms quickly and cleanly when needed, without triggering network instability. That design philosophy is the difference between a one-time patch and a system built to adapt.
In practice, the transition will happen in layers. Validators and infrastructure operators, who manage the largest concentrations of funds, will bear the earliest and heaviest burden, as they will need to upgrade first. Wallets and applications will follow, and for most end users the experience should ideally resemble a standard software update rather than a technical overhaul.
The complications, however, are real. Post-quantum cryptographic methods require significantly more data and computational resources than the systems they replace. Work is ongoing to reduce this overhead through signature aggregation, more efficient verification processes, and offloading certain operations off-chain. For validators in particular, more substantial hardware investment will likely be required.
According to experts from both the Citigroup interview series and the broader research community, a full transition across major blockchains will take five to seven years. The technology itself is not the hardest part. Coordinating thousands of independent validators, developers, wallet providers, exchanges, and users – all of whom must move in roughly the same direction at roughly the same time – is.
There is one further complication that goes beyond the technical. The fear of quantum attacks, researchers warn, has the potential to influence crypto markets well before any actual attack occurs. A credible report, a notable announcement, or even a well-publicized proof-of-concept could trigger significant volatility. This means developers are thinking not only about how to secure their systems, but about how to communicate progress clearly enough to prevent panic from outpacing preparation.
The Bottom Line
Quantum computers cannot break crypto security today. That much is still true. But Google’s research makes clear that the assumption of a comfortable, distant timeline no longer holds. A 20-fold reduction in required qubits, the specter of real-time on-spend attacks, a 2029 migration target, and the quiet work of harvest-now-decrypt-later collection paint a picture of a threat that is not arriving all at once, it is arriving in pieces, and some of those pieces are already here.
The crypto industry is not standing still. The Ethereum Foundation, Coinbase, Google, and others are actively building the next generation of cryptographic standards. But the window between “enough time to prepare” and “too late to matter” is narrower than it has ever been, and it is narrowing further with each new research paper published.
Christopher Wood’s decision to cut Bitcoin from his portfolio may prove to have been early. It may also prove to have been prescient. The difference will depend almost entirely on how quickly, and how seriously, the industry moves in the next three years.
The information provided in this article is for educational purposes only and does not constitute financial, investment, or trading advice. Coindoo.com does not endorse or recommend any specific investment strategy or cryptocurrency. Always conduct your own research and consult with a licensed financial advisor before making any investment decisions.
Kosta joined the team in 2021 and quickly established himself with his thirst for knowledge, incredible dedication, and analytical thinking. He not only covers a wide range of current topics, but also writes excellent reviews, PR articles, and educational materials. His articles are also quoted by other news agencies.
