-
Cryptocurrencies
-
Exchanges
-
Media
All languages
Cryptocurrencies
Exchanges
Media
Share
Author: Nian Nian Zhiyou, cryptocurrency research expert
In March 2026, the Google Quantum AI team jointly released a white paper with researchers from the Ethereum Foundation and Stanford University, specifically optimizing the secp256k1 elliptic curve used by Bitcoin and Ethereum, reducing the number of logical qubits required from thousands earlier to less than 1,200. Another path to optimize the number of gates requires about 1,450 logical qubits. The quantum circuit built by the team can reverse engineer a Bitcoin private key in about 9 minutes. As soon as the news came out, the currency circle was shocked.
Some self-media articles, such as "Shor's Algorithm Ushers in Historic Breakthrough: The Threshold for Quantum Computing to Crack Passwords Drops Sharply", compile relevant research and news media reports, and believe that quantum computing will soon crack the Bitcoin password, attracting widespread attention. However, this is not the case. This article attempts to analyze as follows:
Based on the current technological status of quantum computing, cryptography and blockchain, the risk of Bitcoin private keys being cracked by quantum computers in the next two to three years is extremely low and basically zero. Although the online article is basically true in quoting real research, there are serious misunderstandings of "parameter multiplication" and optimistic extrapolation of engineering implementation in the research conclusions. There is at least an order of magnitude scale gap and multiple uncrossed engineering gaps between all current quantum computers, including the most advanced systems, and the fault-tolerant quantum computers needed to break elliptic curve cryptography.
The four core studies quoted in the online article have been verified to be real, as detailed in the following table:

All the above-mentioned research will be published between 2025 and 2026. Among them, the CRYPTO 2025 paper has been peer-reviewed and is a top international cryptography conference paper. Its authority is beyond doubt.
The core misleading of the online article is that it deliberately confuses the two concepts of logical qubits and physical qubits.
Logical qubit: "Virtual" qubit after quantum error correction encoding, which is the actual calculation unit required by Shor's algorithm and does not contain physical noise
Physical qubit: The actual physical unit in quantum computer hardware, which is susceptible to environmental noise and requires a lot of redundancy to build a logical qubit
The 1,200 logical qubits proposed in the Google white paper will require approximately 500,000 physical qubits after error correction coding. The clock speed of the 10,000 physical qubits proposed by the Oratomic team is two to three orders of magnitude slower than the superconducting architecture. It takes about 10 days to crack an ECC-256, making it impossible to achieve a "9-minute hijack transaction."
The online article "multiplicatively superposed" the parameters of different architectures, different time windows, and different prerequisites, and came to the conclusion that "ten thousand-level physical qubits can be cracked" - using the analysis and comment language of StartBitcoin.org, this is a kind of "Frankenstein mathematics" that is completely untenable in engineering reality.

The current state-of-the-art quantum processors only have hundreds to low-thousand-level physical qubits, and their error rates are much higher than the fault tolerance level required to run Shor's algorithm. The current fault-tolerant neutral atom system only has about 500 qubits, which is still about 20 times short of the 10,000 required for the paper.
In addition, a key flaw in the "Chevignard scheme" mentioned in the online article was deliberately omitted: while reducing the number of logical qubits, this scheme increased the number of Toffoli gate operations by more than 1,000 times. This is equivalent to exchanging time for space, which greatly increases the requirements for the stability of quantum computers.
1. Concept confusion: Deliberately confusing "logical qubits" and "physical qubits" and using the former numbers to create panic
2. Parameter multiplication and superposition: Multiply the number of logical bits of the superconducting architecture and the error correction overhead of the neutral atom architecture, and draw the wrong conclusion of "ten thousand-level physical bits"
3. Selectively ignore running time: Although the neutral atomic architecture requires less physical bits, the cracking time is as long as 10 days, making it impossible to achieve "9-minute hijacked transactions"
4. Confusing existence and feasibility: The existence of theoretical research does not mean that the project is feasible, and the existence of algorithms does not mean that the hardware is in place
The number "9 minutes to crack Bitcoin" is conditionally valid at the level of theoretical physics, but its meaning is far narrower than the online article implies:
These 9 minutes are the time it takes for the quantum computer to complete the final calculation only for the exposed public key after it has completed all pre-calculations unrelated to the public key
This time is based on the assumption of microsecond gate operating speeds and only applies to superconducting architectures. The cracking time of the neutral atomic structure is calculated in days
To realize this theoretical capability, a fault-tolerant quantum computer with about 500,000 physical qubits needs to be built first - the current most advanced superconducting quantum processor only has about 1,000 physical qubits
The key point: "9 minutes" is a description of a single operation if the machine already exists, not a prediction of when the machine will be built. From 1,000 to 500,000, it is a 500-fold scale difference, not a gradual upgrade.
There is a significant temperature difference between the judgment of industry authorities and the doomsday narrative of online articles:
Bernstein (Wall Street Brokerage): Quantum risk should be regarded as a "medium- and long-term system upgrade cycle", and the cryptocurrency industry has a three-to-five-year window for post-quantum cryptography migration
Grayscale (Digital Asset Management Company): Quantum risks are "real but controllable" for Bitcoin, technical solutions already exist, and the real obstacle is community governance consensus
Fireblocks (institutional encryption custodian): The resource estimate in the Google white paper has dropped "≠Realistic attack capabilities are in place", and there are a large number of engineering challenges that have not been overcome
CoinDesk Analysis: Threats are mainly concentrated in old wallets and reused addresses that have exposed public keys. About 6.9 million Bitcoins are in such an exposed state, but this statistic only represents theoretical risk exposure and does not mean that the attack tools are ready
Although the risk of Bitcoin private keys being cracked in batches in the next two to three years is extremely low, the following practical risks deserve attention:
Approximately 6.9 million Bitcoins (approximately one-third of the total supply) are stored in addresses whose public keys have been permanently exposed, including early Pay-to-Public-Key format addresses and any reused addresses. Once quantum computers have the ability to crack in a longer period of time (such as 5-10 years later), these assets will face the risk of "silent cracking".
Google has set an internal deadline for migrating its own systems to 2029, significantly earlier than the 2033 required by the U.S. National Security Agency. The Bitcoin community’s post-quantum address proposal, BIP 360, is still under discussion, has yet to reach a consensus, and the migration process itself will take years.
If a superconducting quantum computer is built on a longer time scale (such as 5-10 years later), it may indeed pose a threat to active transactions on the chain - about 41% of the probability is completed before the transaction is confirmed, which will be a higher level of systemic risk.

Core Judgment: Theoretical breakthroughs in quantum computing are advancing faster than expected, and this trend is real. But "accelerating theoretical breakthroughs" does not mean "attack tools are ready." From 1,000 physical qubits to 500,000, from laboratory demonstrations to large-scale fault-tolerant operations, quantum computing still faces fundamental challenges in the three dimensions of physics, engineering, and cost. The real challenge facing the Bitcoin community is how to complete the system-level migration to quantum-resistant cryptography in a longer time window (about 5-10 years), rather than dealing with a non-existent quantum apocalypse in two or three years.