Google warns Taproot may make Bitcoin more vulnerable to quantum attacks than previously assumed.

Google Warns Quantum Threats to Bitcoin May Arrive Sooner Than Expected

Breaking Bitcoin with quantum computers might be easier than previously believed, and the network’s Taproot upgrade — designed to enhance privacy and transaction efficiency — could be partially responsible, according to Google’s Quantum AI team. In a Monday blog post and newly released whitepaper, the team highlighted that the computational power needed to compromise Bitcoin’s cryptography may be far lower than prior estimates suggested.

The research indicates that cracking the cryptography behind Bitcoin and Ethereum could require fewer than 500,000 physical qubits, a dramatic drop from the “millions” often cited in earlier studies. Google has previously flagged 2029 as a potential milestone for practical quantum systems, emphasizing that migration to quantum-resistant cryptography should occur beforehand. The new findings suggest the window for preparation may be narrower than investors realize.

Quantum computers leverage qubits rather than traditional bits, enabling them to solve certain complex problems much faster than classical machines — including the encryption that secures cryptocurrency wallets. Google outlined two potential attack methods, each needing roughly 1,200–1,450 high-quality qubits, far fewer than previous estimates and suggesting the gap between current technology and a feasible attack may be smaller than expected.

Rather than targeting older wallets, a quantum attacker could exploit transactions in real time. When bitcoin is sent, the sender’s public key is briefly exposed. A sufficiently fast quantum computer could calculate the corresponding private key and redirect the funds. Google’s model indicates that part of the computation could be pre-prepared, allowing an attack to be completed in roughly nine minutes — slightly faster than the typical 10-minute bitcoin confirmation time — giving an attacker about a 41% chance of intercepting the transfer. Faster networks like Ethereum would be less vulnerable to this specific method due to quicker confirmation times.

The whitepaper also notes that roughly 6.9 million BTC — about a third of the total supply — are stored in wallets where the public key has already been exposed, including 1.7 million from Bitcoin’s early years and additional funds affected by address reuse. This is significantly higher than prior estimates, such as CoinShares’ figure of 10,200 BTC considered concentrated enough to meaningfully impact markets if stolen.

Taproot, Bitcoin’s 2021 upgrade, plays a central role in this risk. While the upgrade improved privacy and transaction efficiency, it made public keys visible by default on the blockchain, removing a layer of protection inherent in older address formats. Google researchers suggest that this design choice may increase the number of wallets vulnerable to future quantum attacks.

To reduce the risk of misuse, Google has shared its findings using zero-knowledge proofs rather than step-by-step attack instructions. This allows others to verify the results without exposing methods that could be exploited maliciously.

For investors, the key takeaway isn’t that quantum computers are imminent threats to crypto, but that the timeline may be shorter and the potential risks broader than previously assumed.