For years, the quantum threat to cryptocurrency has been treated as a distant problem, something for a future generation of developers to worry about. However, Google just made a strong argument that the timeline may need to move up considerably.
Google’s Quantum AI division published a whitepaper Tuesday, outlining an estimates for how much computing power a quantum machine would actually need to crack the encryption protecting most crypto wallets today. The answer is significantly less than previously thought, and the implications for the industry are hard to ignore.
The math behind the warning
To understand what’s at stake, some brief context helps. Most crypto wallets, including Bitcoin and Ethereum, rely on a security standard called 256-bit Elliptic Curve Cryptography, or ECC. This is the mathematical lock that protects private keys. Breaking it requires solving what cryptographers call the elliptic curve discrete logarithm problem, a calculation so complex that today’s conventional computers couldn’t crack it in any practical timeframe.
Quantum computers, however, work differently. They can, in theory, run an algorithm known as Shor’s algorithm that approaches this kind of math from an entirely different angle, one that shrinks the problem dramatically.
Google‘s new whitepaper presents updated estimates of the computing resources needed to break 256-bit ECC. The team compiled two quantum circuits implementing Shor’s algorithm: one using fewer than 1,200 logical qubits and 90 million Toffoli gates, and another using fewer than 1,450 logical qubits and 70 million gates.
Both circuits, they estimate, could run on a quantum machine with fewer than 500,000 physical qubits, and complete the attack in just a few minutes. That figure represents roughly a 20-fold reduction in the number of physical qubits previously thought necessary, a substantial improvement in cracking efficiency by any measure.
To put that in perspective: a logical qubit is an error-corrected version of a physical qubit, made up of hundreds of physical qubits working together to reduce mistakes.
Haseeb Qureshi, managing partner at crypto venture firm Dragonfly, noted that this kind of efficiency gain effectively compresses the timeline for when real-world quantum attacks on crypto wallets become feasible, pointing to around 2029 as the window the industry should be preparing for.
Although the stakes are not abstract. An estimated 6.8 million Bitcoin, worth approximately $470 billion at current prices, are held in wallet address types considered vulnerable to quantum attacks. Roughly 35 percent of Bitcoin’s total supply sits in exposed address formats.
How Google disclosed this and why it matters
What’s arguably just as notable as the findings themselves is how Google chose to share them. Rather than publishing the actual quantum circuits, which would essentially hand potential bad actors a blueprint, the team used a cryptographic method called a zero-knowledge proof to verify their results.
A zero-knowledge proof allows a third party to confirm that a claim is true without the original party revealing the underlying data used to reach that conclusion. In other words, the research can be independently verified without the attack method being publicly exposed.
Google said it also engaged with the US government ahead of publication, framing the disclosure approach as a model it hopes other research teams will adopt going forward.
The solution Google is pushing is called Post-Quantum Cryptography, or PQC, a new generation of encryption algorithms designed to remain secure even against quantum-capable machines.
Google has been working on PQC migration since 2016 and is now formally targeting 2029 for completing that transition across its own products. The company is calling on the cryptocurrency industry to follow suit, citing Coinbase, the Stanford Institute for Blockchain Research, and the Ethereum Foundation as partners already working toward that goal.
The Ethereum Foundation’s teams are separately targeting 2029 for quantum-resistant upgrades at the protocol level. That alignment doesn’t seem like a coincidence, it reflects a growing consensus that the window for preparation is narrowing.
For reference, the US National Institute of Standards and Technology’s own guidance calls for phasing out vulnerable algorithms after 2030 and banning them entirely after 2035. Google’s 2029 target lands a full year before that deprecation milestone, a signal that the company believes waiting until the last moment carries real risk.
The message from Google is essentially that: the machines that could theoretically empty crypto wallets are becoming real, faster than most people in the industry have been willing to admit.