Bitcoin: Quantum Computers Could Steal Wallets in 9 Minutes, Study

A technical whitepaper from Google’s Quantum AI team, published March 2026, models how advances in quantum circuit design and algorithmic optimizations reduce the resources needed to attack elliptic‑curve signatures (ECDSA) used by Bitcoin. The paper estimates that, on certain superconducting architectures, fewer than 500,000 physical qubits could suffice and that a primed machine might derive a private key in roughly nine minutes.

The study describes an attack split into two phases: heavy offline precomputation that can be prepared in advance and a short online stage triggered when a target public key appears in the mempool. By precomputing independent components, the quantum device can shorten the live computation and, in the authors’ model, achieve an estimated ~41% chance of completing the key derivation before a typical Bitcoin block confirms. The paper also notes protocol changes such as Taproot increase the set of addresses that expose public keys, enlarging the vulnerable pool.

In practical terms today the threat is limited because available quantum processors are far smaller and noisier than the machines modeled. Google itself deploys chips with only a few hundred qubits at best, but the revised resource estimates are materially lower than earlier 2019 projections and therefore compress the Q‑Day timeline. Crucially, Bitcoin’s average block interval (~10 minutes) defines a narrow race window; the paper’s ~9‑minute figure illustrates why some attack scenarios cannot be dismissed as purely theoretical.

From a broader economic and technical perspective, the paper underscores that post‑quantum preparedness affects not only cryptocurrency custody but global internet security. Google mentions internal migration targets to post‑quantum cryptography and lists collaborations with academic and industry partners, signaling cross‑sector concern. For Bitcoin specifically, mitigation options include avoiding address reuse, wider adoption of multi‑signature schemes, and research into post‑quantum signature primitives.

Market observers and security experts advise measured action: custodial services and exchanges should accelerate cryptographic audits, developers should prioritize protocol‑level mitigations, and long‑term holders should consider address hygiene. The coming years will hinge on both hardware progress and the pace at which software ecosystems adopt quantum‑resistant solutions; until then the Google study serves as an urgent technical wake‑up call rather than an immediate operational collapse scenario.