Quantum threats arrive early? Google simulates a “9-minute crypto hijacking” scenario, with 6.9 million BTC facing a crisis

The day quantum computers threaten Bitcoin could arrive sooner than everyone expects. On Monday, the Google Quantum AI team published a blog post and a white paper stating that the computational power needed to crack Bitcoin is far lower than previously estimated, and that the major Bitcoin technology upgrade “Taproot,” originally intended to improve privacy and efficiency, has instead exposed more wallets to risk. Quantum Threat Sounds the Alarm Early In the past few years, academia and industry have generally believed that breaking the cryptographic mechanisms protecting Bitcoin and Ethereum would require at least “millions” of qubits (Qubits, the most basic unit of computation in quantum computers). However, Google researchers have overturned this view, saying the number of qubits actually needed may be fewer than 500,000. Google had previously pointed out that 2029 could be an important milestone when quantum computers begin to have practical capabilities, and it urged the cryptocurrency industry to complete the post-quantum migration before then. Unlike traditional computers that use bits, quantum computers leverage the properties of qubits to have an overwhelming speed advantage when solving certain complex problems (for example, cracking the algorithms that protect encrypted crypto wallets). The Google team said they have designed 2 potential attack modes, each requiring roughly 1,200 to 1,450 “high-quality qubits” to carry out an attack—far below earlier estimates. “In 9 Minutes,” Intercept the Transaction The Google study also simulated real-world attack scenarios: the hacker doesn’t even need to attack an old wallet, but can directly target “in-progress” real-time transactions. When a user sends Bitcoin, the “public key” data is briefly exposed. If the quantum computer’s computing speed is high enough, it can use that public key to reverse-calculate the “private key,” thereby stealing the funds. In Google’s model simulations, the quantum system can pre-compute part of the work in advance. Once the transaction appears, it can complete the attack in as little as 9 minutes. Considering that Bitcoin typically takes about 10 minutes to confirm a transaction, this means the attacker has up to a 41% chance of successfully “snatching” the funds before the transaction is confirmed. By contrast, other cryptocurrencies such as Ether have faster transaction confirmation times, leaving hackers less time to operate, so the level of exposure under this kind of attack is relatively lower. Nearly One-Third of Bitcoin at Risk More worrying still, the report estimates that currently about 6.9 million bitcoins (about one-third of total supply) are stored in wallets whose public keys have already been exposed. This includes 1.7 million bitcoins from the early stages of network development, as well as assets facing risk due to “reusing addresses.” This data is far higher than estimates previously made by the digital asset management firm CoinShares. CoinShares previously believed that only about 10,200 bitcoins in the market are in a highly concentrated, high-risk state that is vulnerable to attack. Taproot Made It, Taproot Breaks It? The research also raised new questions about Bitcoin’s Taproot upgrade in 2021. While Taproot improves privacy and efficiency, it also leaves public keys exposed by default on the blockchain, removing a layer of protection from the address format used in earlier versions. Google researchers said this design could lead to a significant increase in the number of wallets that will be vulnerable to future quantum attacks. To ensure this study doesn’t turn into a “hacking manual” for criminals, the Google team did not publish detailed steps for cracking the cryptographic system. Instead, it cleverly used “zero-knowledge proofs” to externally verify the accuracy of its research results, thereby reducing the risk of malicious misuse.