Did the Bitcoin quantum threat arrive early? Google simulates a 9-minute hijacking of funds—6.9 million BTC could be in danger

Google says the number of qubits required to break Bitcoin—or even fewer than 500,000—is enough. Taproot increases exposure risk, with around 6.9 million BTC facing potential threats.

The day quantum computers threaten Bitcoin may arrive sooner than everyone expects. On Monday, Google’s Quantum AI team published a blog post and a white paper stating that the computing power required to crack Bitcoin is far lower than previously estimated. And “Taproot,” the major Bitcoin technology upgrade originally intended to improve privacy and efficiency, has—somehow—increased the number of wallets exposed to risk.

Quantum threats sound the alarm early

For the past few years, both academia and industry have generally believed that breaking the cryptographic systems of Bitcoin and Ethereum would require at least “millions” of qubits (Qubits, the basic unit of computation in quantum computers). However, Google researchers overturned this claim, saying the number of qubits actually needed may be fewer than 500,000.

Previously, Google had pointed out that 2029 could be an important milestone when quantum computers begin to have practical capabilities, and urged the crypto industry to complete a post-quantum migration before then.

Unlike traditional computers that use bits, quantum computers leverage the characteristics of qubits to gain an overwhelming speed advantage when solving certain complex problems—for example, breaking the algorithms that protect cryptographic wallets. The Google team said they have designed two potential attack modes, each requiring roughly 1,200 to 1,450 “high-quality qubits” to carry out an attack—far below earlier estimates.

“9 minutes” to intercept transactions

Google’s research also simulated real-world attack scenarios, where hackers don’t even need to target old wallets, but instead directly focus on “ongoing” live transactions. When users send Bitcoin, “public key” data is briefly exposed. If the quantum computer’s computing speed is fast enough, it can use this public key to work backward and derive the “private key,” thereby stealing the funds.

In Google’s model simulations, the quantum system can prepare part of the computations in advance. Once the transaction appears, it can complete the attack in just 9 minutes. Given that Bitcoin typically takes about 10 minutes to confirm a transaction, this means attackers have up to a 41% chance of successfully “snatching” the funds before the transaction is confirmed.

By contrast, other cryptocurrencies such as Ether have faster transaction confirmation times, leaving hackers less time to carry out an attack. As a result, the level of exposure under this type of attack is relatively lower.

Nearly one-third of Bitcoin in crisis

More troubling is that the report estimates that currently about 6.9 million Bitcoins—roughly one-third of total supply—are stored in wallets whose public-key information has already been exposed. This includes 1.7 million Bitcoins from the early network development stage, as well as assets facing risk due to “reusing addresses.”

This figure is far higher than estimates previously made by the digital asset management firm CoinShares. CoinShares previously believed that only about 10,200 Bitcoins in the market are in a highly concentrated and high-risk state that is vulnerable to attack.

Made by Taproot, undone by Taproot?

The research also raised new questions about Bitcoin’s 2021 Taproot upgrade. While Taproot improves privacy and efficiency, it also exposes public keys by default on the blockchain, removing a layer of protection from the address format used in the older version. Google researchers said this design could cause a large increase in the number of wallets that are vulnerable to future quantum attacks.

To keep this research from turning into a “hacker’s handbook,” the Google team did not publish detailed steps for cracking the cryptographic system. Instead, they cleverly used “zero-knowledge proofs” to verify the accuracy of their research results to the outside world, thereby reducing the risk of malicious misuse.

For investors at large, this report’s takeaway for global investors is not meant to scare people that “a quantum computer will destroy the crypto world tomorrow,” but rather serves as a deafening warning: as quantum threats press in step by step, the time left for the crypto industry to build protective defenses is likely far shorter than we imagine, and the range of potential risks is broader than we think.

• This article was republished with permission from: 《BlockBeats》
• Original title: 《Has the quantum threat arrived early? Google simulates a “9-minute theft of coins” scenario, with 6.9 million Bitcoins facing crisis》
• Original author: BlockBees’ Sister MEL