Google's quantum paper sounds the alarm: $600 billion in assets face risks

Byline: Blockchain Knights

A new paper jointly released by Google’s Quantum AI along with multiple parties has significantly lowered the hardware barrier for breaking the elliptic-curve cryptography used for Bitcoin and Ethereum. Quantum security risks that have long remained unresolved are now formally moving toward the market. Based on current market prices, the size of the affected crypto assets exceeds $600 billion.

The paper states that breaking the 256-bit elliptic-curve discrete logarithm problem requires only 1,200–1,450 logical qubits and 70 million–90 million Toffoli gates. For the corresponding superconducting quantum computers, fewer than 500,000 physical qubits are needed. The break can be completed in a matter of minutes, reducing the previously estimated hardware requirements by about 20 times.

Google emphasized that no such machines exist yet. However, an Ethereum Foundation researcher said confidence in the 2032 “Quantum Day” (when quantum computers have a 10% probability of cracking private keys) has increased substantially.

Google also disclosed that it has worked with the U.S. government to use zero-knowledge proofs to estimate external verification resources, while avoiding disclosure of attack details.

Bitcoin’s quantum risk is concentrated in transaction attacks and the security of holdings. The paper simulated attacks during the spending period. With a quantum computer, private keys can be derived in 9 minutes. That is close to Bitcoin’s 10-minute average block production time, with a theft success rate of nearly 41%.

More severely, about 6.7 million Bitcoin (about $444 billion, 32% of total market value) are held in addresses vulnerable to attack. Of these, 1.7 million (about $112.6 billion) are protected only by older script standards, 2.3 million (about $152.3 billion) are dormant and still vulnerable via various mechanisms, and some are unable to be migrated due to being abandoned or lost.

In addition, although the Taproot protocol improves privacy, it reintroduces quantum weaknesses by embedding the public key directly into the script. In the near term, the key risk focus is on signatures rather than mining.

Ethereum’s quantum risk, meanwhile, runs across accounts, smart contracts, and infrastructure. Because Ethereum produces blocks every 12 seconds, processes transactions quickly, and relies on private mempools, the difficulty of real-time transaction attacks is higher.

The core risk is a static attack: fast quantum computers could compromise the first 1,000 Ethereum accounts within 9 days (about $41.5 billion), and within 15 hours could break 70 core contract accounts (about $5.1 billion).

Even more worth worrying about are the $200 billion in stablecoins and tokenized assets on Ethereum. If keys held by issuers, bridge operators, and so on are compromised, it could trigger crises such as money supply expansion and fund freezes.

In addition, the $30.4 billion worth of ETH in L2s and protocol value, and the $74.9 billion worth of ETH in consensus stake, are also facing threats due to vulnerabilities and signature risks.

However, the industry already has post-quantum cryptography tools available. But migration will take several years and requires protocol upgrades and changes to wallet behavior, in order to reduce public-key leakage and key reuse.

For the crypto market, quantum risk has moved from theory to reality. Bitcoin needs to deal with pressure on the settlement window, while Ethereum must protect its large contract and tokenized ecosystem. Immediately advancing post-quantum encryption migration is the urgent task facing the industry today.