Google Quantum Research Warns: Hackers Can Break Bitcoin in 9 Minutes, with Attack Efficiency Increased by 20 Times

A newly released white paper from Google Quantum AI shows that a quantum computer with about 500,000 qubits could, in theory, crack Bitcoin’s elliptic curve digital signature algorithm (ECDSA) within 9 minutes. The number of qubits required is about 20 times lower than earlier industry estimates.

Research Core Breakthrough: Why 9 Minutes Is a Critical Threat Milestone

Previously, the cryptography community widely estimated that cracking Bitcoin’s ECDSA encryption would require millions of qubits, making quantum attacks more like a far-future thought experiment. Through algorithmic optimization, Google’s new research compresses this threshold to less than 500,000 qubits, boosting attack efficiency by about 20 times—this is the most disruptive core conclusion of the study.

The threat logic behind this discovery is rooted in a race against time. It typically takes an average of 10 minutes for a Bitcoin transaction to go from broadcast to being confirmed in a new block. If a quantum computer can derive the private key from the public key exposed by the transaction within 9 minutes, a hacker could complete the theft before the transaction is confirmed. The theoretical success rate of this attack scenario is about 41%.

Which Bitcoins Face the Highest Risk: Public Key Exposure Is the Core Vulnerability

Not all Bitcoin holdings face the same level of risk; the risk level mainly depends on whether the public key has been exposed on-chain:

Legacy P2PK format addresses: Public keys are directly shown on the blockchain for addresses created in the early days, making these the highest-risk holdings

Addresses that have already been used in transactions: Each time a transfer is initiated, the transaction signature exposes public key information as well, so these addresses face the risk of future private keys being derived through quantum computation

2.3 million Bitcoins with high-risk holdings: The study indicates that approximately 2.3 million Bitcoins stored in legacy addresses currently face the highest risk

Modern SegWit single-use addresses: For addresses that have never sent transactions, their public keys have not yet been exposed, making them the lowest-risk option

Defense Deadline in 2029: Real Challenges for the Post-Quantum Migration

Google sets the final deadline for “cryptographic relevance” in 2029, meaning that quantum computers are expected to reach a level of computing power sufficient to pose a practical threat around this time—clearly earlier than some initial industry estimates.

Post-quantum cryptography (PQC) is the currently recognized industry response: these algorithms are based on mathematical problems that a quantum computer cannot solve quickly, and they can remain secure in the quantum era. However, upgrading the Bitcoin network to support post-quantum algorithms faces major real-world obstacles. Bitcoin is highly decentralized; any protocol-level upgrade requires broad consensus among miners, developers, and holders. Historically, every major upgrade has taken years. The industry is under a double time pressure: rapid acceleration in quantum technology evolution versus lengthy community decision cycles.

Frequently Asked Questions

Does this study mean Bitcoin is no longer secure right now?

No. The study clearly states that there is currently no quantum computer in the world that could carry out this kind of attack. Bitcoin remains secure at this stage. What the study changes is the assessment timeline for “when the quantum threat might arrive,” not a declaration that current security has been compromised. Google places the milestone at 2029, meaning the industry has about three years to prepare defenses.

Which Bitcoin holders should take protective actions first?

The highest risk is for Bitcoins stored in legacy P2PK format addresses or addresses that have been used in transactions, because the public keys of these addresses are permanently and publicly exposed on the blockchain. The study estimates that about 2.3 million Bitcoins fall into this high-risk category. The recommended protective measure is to move funds to newly created modern addresses (such as Taproot format) to reduce public key exposure risk before post-quantum defenses are fully in place.

Can post-quantum cryptography completely eliminate the threat from quantum hackers?

Post-quantum cryptography (PQC) is the leading technical response path today, and its algorithm design makes it difficult for quantum computers’ computational advantages to be leveraged. If the Bitcoin network successfully completes a PQC upgrade, even if a quantum computer’s computing power reaches the 500,000-qubit scale described in Google’s research, it still would not be able to crack signatures using existing methods. However, the deployment timeline for the technical upgrade depends on how quickly consensus forms within the Bitcoin community—this is a variable that is more difficult to predict than pure technology alone.