• Bitcoin News
• General
• Markets

Breaking Bitcoin with quantum may be easier than thought, with Taproot partly to blame, Google says

The findings suggest attackers could one day steal bitcoin mid-transaction, challenging assumptions that the threat is decades away.

Melinda 2 weeks ago 6 minutes read 0 comments

Markets

Share

Share this article

Breaking Bitcoin with quantum may be easier than thought, with Taproot partly to blame, Google says

The findings suggest attackers could one day steal bitcoin mid-transaction, challenging assumptions that the threat is decades away.

By Sam Reynolds|Edited by Omkar Godbole

Mar 31, 2026, 4:57 a.m.

Make preferred on

What to know:

• Google researchers say breaking Bitcoin and Ethereum’s cryptography may require fewer than 500,000 physical qubits and roughly 1,200–1,450 high-quality qubits for practical attacks, far below earlier estimates in the millions.
• The paper warns that real-time quantum attacks could hijack in-flight Bitcoin transactions in about nine minutes, potentially beating confirmation about 41% of the time and putting some 6.9 million already-exposed bitcoin at risk.
• Bitcoin’s Taproot upgrade, which makes public keys visible by default, may widen the pool of vulnerable wallets, prompting Google to urge earlier post-quantum migration even as it stresses that quantum attacks are not yet imminent.

Breaking Bitcoin’s blockchain with quantum computers may not be as difficult as once thought, and Bitcoin’s Taproot technology, which enables more efficient, private transactions, may be partly to blame, Google’s Quantum AI team said Monday in a blog post and newly published whitepaper.

The team said the computing power required to break Bitcoin’s security may be far lower than previously assumed, raising fresh questions about how soon quantum threats could become a reality.

In a new whitepaper, researchers found that cracking the cryptography used by Bitcoin and Ethereum could require fewer than 500,000 physical quantum bits, or qubits, well below the “millions” often cited in recent years.

Google has previously pointed to 2029 as a potential milestone for useful quantum systems, saying migration needs to come before that, making the paper’s finding that attacks may require less computing power more significant.

Quantum computers use qubits instead of traditional bits and can solve certain problems much faster than today’s machines. One of those problems is breaking the type of encryption that protects crypto wallets.

Google said it designed two potential attack methods, each requiring roughly 1,200 to 1,450 high-quality qubits. That is a fraction of earlier estimates and suggests the gap between current technology and a viable attack may be smaller than investors think.

The research also outlines how such an attack could work in practice.

Rather than targeting old wallets, a quantum attacker could go after transactions in real time. When someone sends bitcoin, a piece of data called a public key is briefly revealed. A fast enough quantum computer could use that information to calculate the private key and redirect the funds.

Under Google’s model, a quantum system could prepare part of the calculation in advance, then complete the attack in about nine minutes once a transaction appears. Bitcoin transactions typically take around 10 minutes to confirm, giving an attacker roughly a 41% chance of beating the original transfer.

Other cryptocurrencies like Ethereum may be less exposed to this specific risk because they confirm transactions faster, leaving less time for an attack.

The paper also estimates that about 6.9 million bitcoin, roughly one-third of the total supply, already sit in wallets where the public key has been exposed in some way. That includes around 1.7 million bitcoin from the network’s early years, as well as funds affected by address reuse.

That figure is far higher than recent estimates from CoinShares, which argued that only about 10,200 bitcoin are concentrated enough to significantly move markets if stolen.