Google Quantum AI Says Bitcoin Can Be Cracked in 9 Minutes With 41% Success Rate

— By Tony Rabbit in Markets

Google Quantum AI Says Bitcoin Can Be Cracked in 9 Minutes With 41% Success Rate

Google Quantum AI research reveals Bitcoin encryption can be broken with fewer than 500,000 physical qubits in just 9 minutes, with a 41% success rate. 6.9 million BTC potentially at risk, with Taproot upgrade expanding vulnerability surface.

Google's Quantum AI team dropped a bombshell on the crypto industry Monday, publishing a whitepaper that dramatically lowers the estimated computing power needed to break Bitcoin's encryption. The research suggests a quantum attack could succeed in just nine minutes - faster than a typical Bitcoin block confirmation - with a 41% success rate.

The findings challenge the long-held assumption that quantum threats to Bitcoin are decades away and raise urgent questions about the timeline for upgrading the network's cryptography.

<500K
Physical Qubits Needed
9 Min
Attack Duration
6.9M BTC
Potentially At Risk

The 500,000 Qubit Breakthrough

Previous estimates suggested that cracking Bitcoin's ECDSA (Elliptic Curve Digital Signature Algorithm) encryption would require millions of physical qubits - a threshold so far beyond current technology that most experts dismissed the threat as theoretical for decades to come.

Google's new research shatters that assumption. The Quantum AI team found that fewer than 500,000 physical qubits could be sufficient - a roughly 20x reduction from prior estimates. The team designed two potential attack vectors requiring just 1,200 to 1,450 high-quality logical qubits.

For context, Google's current Willow quantum chip has 105 qubits. While still far from the 500,000 threshold, the gap has narrowed dramatically. Google has flagged 2029 as a key milestone for useful quantum systems, making this research more than academic.

Why This Matters
The jump from "millions of qubits" to "under 500,000" is not incremental - it compresses the threat timeline from "maybe 2040" to "possibly before 2030." Google's own roadmap targets useful quantum computing by 2029, meaning the threat could materialize within the upgrade timeline of a notoriously slow-moving protocol like Bitcoin.

How the 9-Minute Attack Works

The most alarming finding is the practical attack scenario Google describes. Rather than targeting old wallets with brute-force methods, the attack exploits a real-time vulnerability during Bitcoin transactions.

Here's the sequence:

  1. Transaction broadcast - When someone sends Bitcoin, the transaction is broadcast to the network, and the sender's public key is briefly exposed
  2. Pre-computation - A quantum attacker would prepare part of the calculation in advance, ready to deploy the moment a target transaction appears
  3. Key extraction - Using the exposed public key, the quantum computer calculates the corresponding private key in approximately 9 minutes
  4. Fund redirection - With the private key in hand, the attacker signs a competing transaction redirecting the Bitcoin to their own address

Since Bitcoin block confirmations take approximately 10 minutes on average, a 9-minute attack creates a race condition. Google's model gives the attacker a 41% success rate - essentially succeeding roughly 2 out of every 5 attempts.

Network Avg Block Time Quantum Attack Risk
Bitcoin ~10 minutes High (41% success window)
Ethereum ~12 seconds Lower (faster confirmation)
Solana ~400ms Minimal (near-instant finality)

6.9 Million Bitcoin Already Exposed

The whitepaper estimates that approximately 6.9 million BTC - roughly one-third of the total 21 million supply - currently sit in wallets where the public key has already been exposed on the blockchain. This includes:

  • ~1.7 million BTC from Bitcoin's early years (pay-to-public-key format)
  • Millions more from address reuse - any address that has sent a transaction has its public key permanently visible on-chain
  • Taproot addresses - the 2021 upgrade makes public keys visible by default

This figure is significantly higher than a February 2026 CoinShares estimate that suggested only about 10,200 BTC were concentrated enough to significantly move markets if stolen.

The Taproot Problem

Bitcoin's 2021 Taproot upgrade, designed to improve transaction privacy and efficiency, inadvertently expanded the attack surface. Taproot made public keys visible on the blockchain by default - removing a protective layer that older address formats (P2PKH) provided by hashing the public key behind an additional layer of encryption.

In older Bitcoin addresses, the public key is only revealed when you spend from the address. With Taproot, the key is embedded in the address format itself, meaning funds sitting in Taproot wallets have their public keys permanently exposed.

Address Format Vulnerability Comparison
  • P2PKH (Legacy): Public key hidden until first spend - safer against quantum if never reused
  • P2SH (SegWit): Public key hidden behind hash - similar protection to Legacy
  • P2TR (Taproot): Public key visible by default - exposed to future quantum attacks
  • Reused addresses: Any format - public key exposed after first transaction

Google's Responsible Disclosure Approach

In an unusual move for security research, Google chose not to publish the step-by-step attack methodology. Instead, the team used a zero-knowledge proof to demonstrate the validity of their findings without exposing the specific techniques that could be replicated.

This approach allows other researchers and cryptographers to verify the results independently while limiting the risk that the research could be weaponized as quantum technology matures.

The 2029 Deadline

Google has previously identified 2029 as a critical milestone for practical quantum computing. The company is already preparing its own infrastructure for a post-quantum world - Android 17 uses quantum-resistant signatures, and Chrome browser supports post-quantum key exchange.

For Bitcoin, the challenge is far greater. The network is famously slow to adopt protocol changes, requiring broad consensus among miners, node operators, and developers. A migration to quantum-resistant cryptography (post-quantum signatures) would be one of the most significant protocol upgrades in Bitcoin's history.

Ethereum co-founder Vitalik Buterin has already pushed for quantum-resistant measures, backing EIP-8141, an upgrade designed to strengthen privacy and quantum resistance on Ethereum.

What This Means for Crypto Investors

The immediate risk is not that quantum computers will break Bitcoin tomorrow. Google's Willow chip has 105 qubits - still far from the 500,000 threshold. But the research changes the conversation in several important ways:

  • The timeline has compressed - From "maybe 2040+" to "possibly before 2030"
  • The qubit bar is lower - 20x less computing power needed than previously thought
  • More BTC is exposed - 6.9M BTC at risk vs. previous estimates of ~10K
  • Bitcoin's upgrade path is unclear - No consensus on post-quantum migration yet
  • Faster chains are safer - Ethereum and Solana's quicker confirmation times offer natural protection
Practical Steps for Bitcoin Holders
While quantum attacks are not imminent, best practices include: avoid reusing addresses, consider moving long-term holdings to fresh P2PKH (Legacy) addresses that have never transacted, and stay informed on Bitcoin Improvement Proposals (BIPs) related to post-quantum cryptography. If you hold significant Bitcoin, monitor the quantum computing space and be prepared to move funds when post-quantum address formats become available.

The quantum threat to crypto is no longer a distant theoretical risk. Google's research has put a concrete number on the challenge - fewer than 500,000 qubits, possibly achievable within the next 3-5 years. Whether Bitcoin's governance process can respond fast enough remains the open question.