Quantum Computer Could Break Bitcoin in 9 Minutes – What Does That Mean?

Google's new quantum research has made headlines worldwide. But what does it actually mean for Bitcoin – and who is truly at risk?

TL;DR

Google's quantum paper suggests that ECDSA encryption could be broken in about nine minutes with fewer than 500,000 physical qubits
An estimated 6.9 million bitcoin in old address formats are more exposed than the rest
Ethereum has a concrete multi-year transition plan; Monero is still in the research phase
Experts disagree on the timing, but the majority estimate 5–15 years until a real quantum threat scenario

What Google's Quantum Paper Actually Says

When a technology giant like Google publishes research stating that quantum computers could «break Bitcoin in nine minutes,» it's natural for alarm bells to ring. But according to CoinDesk, a closer reading of the research requires some important caveats.

Google's Quantum AI team estimates that a quantum-based system with between 1,200 and 1,450 logical qubits would be able to break the cryptographic standard secp256k1 – the same standard used in both Bitcoin and Ethereum – within minutes. Another figure from the same research environment indicates that fewer than 500,000 physical qubits would be enough to compromise ECDSA signatures in approximately nine minutes.

The problem is that no such machines exist today. There is a significant gap between current quantum capacity and what is required to practically threaten Bitcoin.

No quantum computer today is close to threatening Bitcoin – but preparations must start long before the threat is real.

Quantum Computer Could Break Bitcoin in 9 Minutes – What Does That Mean?

6.9 Million Bitcoin at Risk

Not all bitcoin are equally vulnerable. Older address types – so-called pay-to-public-key (P2PK) addresses – expose the public key directly on the blockchain. This means that a sufficiently powerful quantum computer could theoretically derive the private key and empty the wallet.

According to CoinDesk's review of the research material, an estimated 6.9 million bitcoin are stored in such addresses. Newer address formats, such as P2PKH and SegWit, do not expose the public key until a transaction is actually sent – providing a shorter attack window.

Ethereum Has a Plan – Monero Lags Behind

The Ethereum Foundation has reacted proactively. It has established a dedicated post-quantum team with a two-million-dollar budget and presented a detailed multi-year transition plan. Vitalik Buterin himself has stated that he estimates the probability of quantum computers breaking current cryptography by 2030 to be around 20 percent, with a midpoint estimate around 2040.

Specifically, Ethereum plans four major network upgrades – internally called «I,» «J,» «L,» and «M» – by 2029. These will gradually introduce quantum-resistant signatures and zero-knowledge proofs (zk-STARKs) across the network's various layers.

Monero is in a different situation. The cryptocurrency uses Ed25519-based cryptography, which is as vulnerable as Bitcoin's and Ethereum's solutions. Its privacy features – ring signatures, stealth addresses, and confidential transactions – make the transition technically more challenging, as post-quantum candidates typically generate much larger signatures and keys than today's 32-byte Ed25519 keys.

The Monero Research Lab (MRL) is actively working on solutions such as the Seraphis/Jamtis transaction protocol and FCMP++, but no complete, production-ready plan has been published. One proposal aims for July 2026 as the starting point for integrating quantum resistance into Monero's development roadmap.

How Much Time Do We Really Have?

Experts are not in agreement. The Ethereum Foundation's own quantum team estimates that cryptographically relevant quantum computers could emerge in 8–12 years, but emphasizes that the transition in decentralized networks takes a very long time – and that work must therefore start now.

Google itself has set 2029 as the goal for migrating its own infrastructure to post-quantum cryptography. This signal is taken seriously in crypto communities.

Perhaps the most underestimated threat is the «harvest now, decrypt later» scenario: state actors or others with sufficient resources could already today collect encrypted transaction data from the blockchain and wait until quantum capacity is good enough to decrypt them. For privacy coins like Monero, this is particularly concerning, as past transactions could, in principle, be retroactively revealed.

~500,000

Physical qubits needed to break ECDSA in 9 min

6.9 million

BTC in vulnerable address formats

No Panic – But No Passivity Either

The conclusion from research communities is clear: the threat is not immediate, but the transition to quantum-resistant cryptography is a multi-year process that requires early action. For Bitcoin, which lacks a central coordinating body like the Ethereum Foundation, the big questions remain about when and how any upgrade will be implemented.

For ordinary users, the recommendation is to avoid reusing addresses and to move funds from older P2PK addresses to newer formats – but it's worth emphasizing that this is about long-term risk management, not an imminent danger today.