Breaking Bitcoin with quantum may be easier than thought, with Taproot partly to blame, Google says

Breaking Bitcoin’s blockchain with quantum computers may not be as difficult as once thought, and Bitcoin’s Taproot technology, which enables more efficient, private transactions, may be partly to blame, Google’s Quantum AI team said Monday in a blog post and newly published whitepaper.

The team said the computing power required to break Bitcoin’s security may be far lower than previously assumed, raising fresh questions about how soon quantum threats could become a reality.

In a new whitepaper, researchers found that cracking the cryptography used by Bitcoin and Ethereum could require fewer than 500,000 physical quantum bits, or qubits, well below the “millions” often cited in recent years.

Google has previously pointed to 2029 as a potential milestone for useful quantum systems, saying migration needs to come before that, making the paper’s finding that attacks may require less computing power more significant.

Quantum computers use qubits instead of traditional bits and can solve certain problems much faster than today’s machines. One of those problems is breaking the type of encryption that protects crypto wallets.

Google said it designed two potential attack methods, each requiring roughly 1,200 to 1,450 high-quality qubits. That is a fraction of earlier estimates and suggests the gap between current technology and a viable attack may be smaller than investors think.

The research also outlines how such an attack could work in practice.

Rather than targeting old wallets, a quantum attacker could go after transactions in real time. When someone sends bitcoin, a piece of data called a public key is briefly revealed. A fast enough quantum computer could use that information to calculate the private key and redirect the funds.

Under Google’s model, a quantum system could prepare part of the calculation in advance, then complete the attack in about nine minutes once a transaction appears. Bitcoin transactions typically take around 10 minutes to confirm, giving an attacker roughly a 41% chance of beating the original transfer.

Other cryptocurrencies like Ethereum may be less exposed to this specific risk because they confirm transactions faster, leaving less time for an attack.

The paper also estimates that about 6.9 million bitcoin, roughly one-third of the total supply, already sit in wallets where the public key has been exposed in some way. That includes around 1.7 million bitcoin from the network’s early years, as well as funds affected by address reuse.

That figure is far higher than recent estimates from CoinShares, which argued that only about 10,200 bitcoin are concentrated enough to significantly move markets if stolen.

The Taproot problem

The findings also cast a new light on Taproot, Bitcoin’s 2021 upgrade. While Taproot improved privacy and efficiency, it also made public keys visible on the blockchain by default, removing a layer of protection used in older address formats.

Google’s researchers say that design choice could expand the number of wallets vulnerable to future quantum attacks.

Google is also changing how it shares sensitive security research. Rather than releasing the step-by-step details of how to break crypto systems, the team used a technique called a zero-knowledge proof to prove its findings are accurate without exposing the method itself. That allows others to verify the results while limiting the risk the research could be misused.

The takeaway for investors is not that quantum computers are about to break crypto, but that the timeline may be shorter, and the risks broader, than previously thought.