Is Bitcoin Really in Danger Because of Quantum Computers?
Asli Dincer Asar5 min read·Just now--
This week, two research papers changed the conversation. Here’s what actually happened and what it means.
Nine minutes.
That’s how long it could take a sufficiently powerful quantum computer to steal a Bitcoin transaction in progress, according to new research published by Google’s Quantum AI team this week. Not years from now, not in some vague hypothetical future. Just nine minutes, in a window that happens to be just barely shorter than Bitcoin’s standard block confirmation time.
It’s the kind of number that makes you stop scrolling.
But before you do anything drastic with your wallet, it’s worth slowing down and asking the obvious question: what does that actually mean?
First, a quick background on how Bitcoin gets hacked (and why it normally can’t)
Bitcoin’s security relies on something called elliptic curve cryptography, or ECC. The short version: when you send a Bitcoin transaction, your wallet uses a private key to generate a public key, and that public key is broadcast to the network. You can easily go from private key to public key, but going backwards is supposed to be computationally impossible.
The reason it’s impossible for today’s computers is that solving the underlying math problem would take more processing power than exists on Earth, running for longer than the universe has existed. Classical computers just can’t do it fast enough to matter.
Quantum computers are different. Instead of regular bits (the classic 0 or 1) they use qubits, which can exist in multiple states at once. This allows them to run a particular algorithm called Shor’s algorithm, which can solve the kind of math problem that protects Bitcoin much, much faster than any regular machine.
The day when a quantum computer becomes powerful enough to actually do this is what researchers call Q-Day.
What happened this week
Two papers came out almost at the same time, and together they made Q-Day sound a lot less hypothetical.
The first came from Google. Their Quantum AI team published research showing that a quantum computer could break Bitcoin’s encryption using fewer than 500,000 physical qubits. That sounds like a lot, but earlier estimates had put the number in the millions. Google effectively cut the requirement by a factor of twenty.
More specifically, the researchers showed that once a Bitcoin transaction is broadcast and a private key is briefly exposed on-chain, a quantum attacker could derive that private key in about nine minutes. Since Bitcoin’s block confirmation typically takes around ten minutes, that leaves a narrow but real window for theft.
The second paper, from researchers at Caltech working with a startup called Oratomic, went even further. By proposing a new type of error-correction architecture using what they call “optical tweezers” (lasers that physically move individual atoms), they argued that a functional crypto attack could be pulled off with as few as 10,000 to 20,000 qubits. That’s not millions. That’s not even hundreds of thousands. And they suggested a machine at this scale could theoretically exist before 2030.
Bitcoin security researcher Justin Drake, responding to the research, estimated at least a 10% chance that a cryptography-breaking quantum computer could emerge by 2032.
Why Bitcoin might be more exposed than you’d think
Here’s where it gets interesting, and where a decision Bitcoin made in 2021 comes back to bite it.
Bitcoin’s Taproot upgrade, activated in November 2021, was meant to improve privacy and efficiency. One of its side effects, though, was exposing public keys by default on the blockchain. Earlier transaction types had kept those keys hidden until the moment of spending. Taproot quietly removed that protection.
Google’s research identified roughly 6.9 million BTC already sitting in addresses where public keys have been exposed, including approximately 1.7 million from Bitcoin’s earliest years. Some of those early addresses almost certainly belong to Satoshi Nakamoto, Bitcoin’s pseudonymous creator, who has never moved them.
Bitcoin and Ethereum also face this threat very differently. Ethereum has been moving fast. The Ethereum Foundation published a quantum-resilience roadmap with a multi-fork migration plan, and ten client teams are already running weekly test networks to prepare. Bitcoin has nothing comparable in place.
The difference comes down to how each network makes decisions. Ethereum has a relatively coordinated development process. Bitcoin is more decentralized, which is usually a feature, but it makes large-scale protocol changes slow and hard to agree on.
The counterargument: Don’t panic yet
Changpeng Zhao, better known as CZ and the founder of Binance, addressed the research this week with his usual calm. His argument: crypto has dealt with security threats before, and it will deal with this one too. Algorithms change. Standards get replaced. This is not new.
What makes this harder, he acknowledged, is scale. “It’s hard to organize upgrades in a decentralized world,” he wrote. “There will likely be many debates on which algorithm to use, resulting in some forks.”
Researchers speaking to Decrypt made a similar point from a different angle. If a cryptographically relevant quantum computer did emerge, the first targets wouldn’t be Bitcoin at all. They’d be the traditional financial system: banks, custodians, payment networks sitting on trillions in assets. Crypto is negligible by comparison, and would probably have plenty of warning before becoming a primary target.
Lucas Schweiger, a digital asset researcher at Sygnum, put it plainly: “Quantum computing does not threaten existing blockchains or public key cryptography today, and the signature schemes in use will almost certainly be replaced long before quantum computers become powerful enough to break them.”
There’s also a point worth noting from crypto venture capitalist Luke Martin, who dug up what he believes is the only public comment Satoshi ever made about quantum risk. Back in 2010, Satoshi wrote on BitcoinTalk: ‘If it happens gradually, we can still transition to something stronger.
So where does that leave us?
The trajectory is hard to ignore. Estimated qubit requirements for breaking Bitcoin’s encryption have fallen roughly five orders of magnitude over the past two decades, from about a billion qubits in 2012 to the 10,000 suggested by Caltech this week. Each new breakthrough shortens the timeline a little more.
The post-quantum cryptographic tools already exist. NIST, the US standards body, has already standardized alternatives to elliptic curve cryptography. The math is not the problem.
The problem is coordination. Unlike regular software, Bitcoin can’t just be patched remotely. Migrating to post-quantum cryptography requires protocol-level changes, community consensus, and a hard fork. It’s the crypto equivalent of convincing everyone to move to a new city at the same time.
These are still theoretical claims, and no quantum computer capable of breaking Bitcoin’s encryption exists today. But the research is real, the trajectory is real, and the conversation is worth having.
