Bitcoin advocates seek post-quantum security solutions following Google’s significant research release.

Google’s revelation that breaking the cryptography of bitcoin requires 20 times fewer qubits than earlier estimates has prompted the most significant industry reaction to quantum threats since the introduction of the Willow chip in 2024. Below is an overview of how developers, investors, and researchers are responding.

Google (Getty Images)

Key points:

• Recent research from Google’s Quantum AI team has significantly reduced the estimated resources required for a quantum computer to compromise bitcoin and Ethereum wallet cryptography, indicating that such technology could emerge sooner than the mid-2030s.
• The study cautions that a sufficiently powerful quantum computer might be able to decrypt a bitcoin private key in approximately nine minutes once a public key is revealed, placing around one-third of all bitcoin—approximately 6.9 million coins—at increased risk, particularly following upgrades such as Taproot.
• Ethereum developers have already initiated a comprehensive post-quantum migration strategy, while influential figures are urging the Bitcoin community to hasten efforts on quantum-resistant upgrades due to concerns that state-sponsored entities could secretly develop and implement these capabilities.

Google has indicated to the crypto sector that the threat is more imminent than previously acknowledged. The sector is, for the first time, taking heed.

A whitepaper released late Monday by Google’s Quantum AI team revealed that breaking the 256-bit elliptic curve cryptography securing bitcoin and Ethereum wallets could necessitate fewer than 500,000 physical qubits (a unit of computation in quantum systems), representing a reduction of about 20 times from earlier estimates, which suggested a requirement in the millions.

The document also illustrated that a quantum computer could potentially breach bitcoin private keys in roughly nine minutes once a transaction reveals a public key, granting an attacker a 41% chance of surpassing bitcoin’s 10-minute confirmation window.

This research was received with considerable impact across digital crypto communities. Not because it asserts that quantum computers can currently breach bitcoin—they cannot—but due to the significant acceleration in the timeline for when they might be capable of doing so.

"We are no longer looking at mid-2030s; we could have quantum computers of this scale by the end of the decade," stated Haseeb Qureshi, managing partner at Dragonfly, on X. "All blockchains need a transition plan ASAP. Post-quantum is no longer a drill."

Qureshi highlighted a notable aspect in Google’s announcement. The team opted not to disclose the actual quantum circuits. Instead, they provided a zero-knowledge proof that confirms the existence of the circuits without revealing their workings. "This is quite unusual, indicating that Google considers this a serious matter," he remarked.

Justin Drake, a researcher at the Ethereum Foundation who joined the Google paper as a late co-author, expressed that his "confidence in q-day by 2032 has increased significantly," estimating at least a 10% probability that a quantum computer could derive a ‘secp256k1’ private key from an exposed public key by that timeframe.

Drake observed that the optimized quantum circuit consists of "just 100 million Toffoli gates, which is surprisingly shallow," and that on a superconducting platform, the total runtime would be around 1,000 seconds.

"Low-hanging fruit is still being picked, with at least one of the Google optimizations stemming from a surprisingly simple observation," Drake noted. "AI was not yet tasked to find optimizations."

While human researchers continue to uncover straightforward enhancements, the minimum number of qubits required has not yet been achieved. Drake indicated that logical qubit counts "could plausibly go under 1,000 soonish."

Today is a monumental day for quantum computing and cryptography. Two breakthrough papers just landed (links in next tweet). Both papers improve Shor’s algorithm, infamous for cracking RSA and elliptic curve cryptography. The two results compound, optimizing separate layers of…

— Justin Drake (@drakefjustin) March 31, 2026

Security engineer Conor Deegan, whose research was referenced in the Google paper, provided one of the most technically detailed responses. He highlighted a trend where the paper surfaces across various chains: quantum computation serves as a one-time expense that generates indefinitely reusable classical exploits.

Ethereum’s ‘KZG’ trusted setup, Zcash’s ‘Sapling’ protocol, and Litecoin’s ‘MimbleWimble’ all incorporate elliptic curve hardness into fixed public parameters that only need to be compromised once.

"Deploying new cryptographic infrastructure on ECDLP curves is now indefensible given these resource estimates," Deegan stated.

The paper estimates that approximately 6.9 million bitcoin, around one-third of the total supply, are held in wallets where public keys have already been disclosed. This includes 1.7 million BTC from the network’s early years, involving Satoshi Nakamoto’s (the enigmatic creator of the Bitcoin network) holdings, as well as additional funds impacted by address reuse.

CoinDesk reported earlier Monday that bitcoin’s 2021 Taproot upgrade, designed to facilitate more efficient, private transactions, also inadvertently exposed public keys on the blockchain by default, a technical decision that now presents a quantum risk.

This figure significantly exceeds CoinShares’ February estimate, which suggested that only about 10,200 BTC is concentrated enough to cause "appreciable market disruption" if compromised. Google’s methodology accounts for all exposed keys, not just larger balances.

The Bitcoin vs Ethereum divide

The responses reflected familiar divisions. Ethereum’s proactive measures received commendation, while Bitcoin’s lack of preparedness raised concerns.

"You can think of q-day as Y2K but real," remarked a well-known crypto investor referred to as ‘McKenna,’ managing partner at Arete. "People should be grateful to the Ethereum Foundation for being early and leading this research. The troubling aspect is Bitcoin. The absence of urgency and the consensus issues regarding how to address vulnerable coins."

The Ethereum Foundation launched pq.ethereum.org last week, showcasing eight years of post-quantum research, over 10 client teams deploying weekly development networks, and a multi-fork migration strategy.

Drake, who was a co-author of the Google paper, is also part of that same Ethereum team—creating a direct link between the researchers assessing the threat and the developers constructing the defense.

Eli Ben-Sasson, co-founder of StarkWare, urged the Bitcoin community to "enhance initiatives like BIP 360," a proposal aimed at introducing quantum-resistant wallet formats that would allow for voluntary migration.

"Claiming that quantum computers are on the horizon is not FUD," Ben-Sasson asserted. "FUD is suggesting that Bitcoin cannot adapt. It can adapt. We just need to start working on these solutions today."

Bitcoin needs to prepare for the quantum era.
We must strengthen initiatives like BIP 360.
We need to invest more efforts in discovering innovative, effective solutions to ensure Bitcoin is post-quantum secure.

Stating that quantum computers are coming is not FUD. FUD is claiming… https://t.co/KqQ0RpXKbX

— Eli Ben-Sasson | Starknet.io (@EliBenSasson) March 31, 2026

Bitcoin advocate Bit Paine offered a balanced perspective. "I still think roughly 10 years is the more likely timeframe, but I assign an uncomfortably high probability that we could see something disruptive within five years. High enough that taking action within the next one to two years is advisable."

The element that altered his outlook was the "persistent non-linearities in QC progress and the veil of secrecy surrounding this research." When estimates of physical qubit requirements drop dramatically, he noted, "we may not have much time between ‘quantum is on a trajectory to disrupt bitcoin’ and ‘secp256k1 is compromised.’"

Paine introduced a national security aspect. "A CRQC could be created in stealth mode and emerge unexpectedly."

Google’s choice to utilize a zero-knowledge proof instead of publishing the circuits underscores this point. If the world’s leading quantum laboratory self-censors its own research for safety reasons, state entities with equivalent or superior capabilities are unlikely to disclose anything.

Drake reiterated this sentiment. "From now on, assume that state-of-the-art algorithms will be censored. A lack of academic publications would be a clear indication."

Why crypto?

Some voices in the industry questioned why Google directed its most comprehensive analysis towards crypto instead of banking or military systems. ETF analyst Eric Balchunas asked why Google would "expend this research time/money on crypto versus something of greater societal impact."

Nic Carter, a partner at Castle Island Ventures, provided an explanation: blockchains are the most vulnerable systems depending on the encryption that quantum computers can undermine. "Banks don’t fail because you reverse engineer a single key. Blockchains do," Carter observed. "They are inherently more fragile. Banks will upgrade regardless. There won’t be an attack surface there."

Binance co-founder Changpeng Zhao called for calm but acknowledged the practical challenges.

"All crypto has to do is transition to quantum-resistant algorithms. Therefore, there is no need to panic," Zhao noted. "In practice, there are some execution issues. Organizing upgrades in a decentralized environment is challenging."

Zhao also directly addressed the Satoshi question. If those coins are moved during a migration, "it suggests he is still around, which is intriguing to consider." If they remain untouched, he said, "it might be wiser to lock or effectively destroy those addresses to prevent them from falling into the hands of the first hacker who breaches it."

I noticed some individuals panicking or inquiring about the implications of quantum computing on crypto.
At a fundamental level, all crypto simply needs to upgrade to Quantum-Resistant (Post-Quantum) Algorithms. Thus, no need for panic. 😂

In practice, there are some execution challenges. It’s hard to…

— CZ 🔶 BNB (@cz_binance) March 31, 2026

The prevailing counterargument on crypto X was that quantum computing poses a threat to everything, not solely blockchains.

"If quantum disrupts Bitcoin, it also disrupts the entire global banking system, SWIFT transfers, stock exchanges, military communications, nuclear command systems, and every HTTPS website worldwide," stated crypto commentator Quinten Francois.

Elon Musk added a lighter touch, remarking that at least "if you forget the password to your wallet, it will be retrievable in the future."

The paper addresses this perspective directly. Centralized systems, from banks to military networks, can push software updates to their users. A decentralized blockchain cannot. The timeline for transitioning bitcoin’s infrastructure, encompassing user wallets, exchange support, and new address formats, could span five to ten years even after a consensus on a solution is reached.
Meanwhile, Google indicated it is collaborating with Coinbase, the Stanford Institute for Blockchain Research, and the Ethereum Foundation on responsible strategies for the transition.

The company framed its research not as an assault on crypto, but as a measure to "support the long-term sustainability of the cryptocurrency ecosystem."

The consensus from nearly all sectors of the industry is now unified. The threat is no longer hypothetical; action is required. The only remaining variable is whether the protocols that need to adapt will do so before the technology advances.

<>