Google Research Warns Bitcoin’s Taproot Upgrade May Ease Quantum Attacks More Than Expected
March 31, 2026 – By Sam Reynolds, Edited by Omkar Godbole
Recent research from Google’s Quantum AI team has cast new light on the looming threat quantum computers pose to Bitcoin and other leading cryptocurrencies. Published in a blog post and an accompanying whitepaper released Monday, the findings suggest that breaking Bitcoin’s cryptography might require significantly fewer quantum computing resources than previously estimated, with Bitcoin’s 2021 Taproot upgrade partially responsible for expanding the vulnerability.
Quantum Threats Sooner Than Expected
Quantum computers employ qubits to process information in ways that classical computers cannot, enabling them to solve certain complex mathematical problems—like cracking cryptographic algorithms—much more efficiently. Prior estimates suggested that attacking cryptocurrencies like Bitcoin would require millions of physical qubits. However, Google’s new research indicates that fewer than 500,000 physical qubits may suffice to break the cryptographic protections on Bitcoin and Ethereum.
More specifically, Google devised two potential quantum attack models estimating practical attacks could be conducted with roughly 1,200 to 1,450 high-quality logical qubits. This is a substantially reduced requirement compared to prior assumptions and implies that the technological gap between current quantum computers and those capable of compromising Bitcoin’s security is narrower than many investors and experts believed.
Google had earlier identified 2029 as a potential milestone year for the development of practical quantum systems capable of challenging classical cryptography. These latest findings reinforce Google’s prior warnings that the cryptocurrency ecosystem should accelerate migration toward post-quantum secure algorithms well before that date.
How Quantum Attacks Could Target Bitcoin Transactions in Real Time
Perhaps more alarming than the reduced resource requirements is the detailed scenario Google describes for how a quantum attacker could hijack Bitcoin transactions in progress. When a Bitcoin transaction occurs, the sender’s public key momentarily becomes visible on the blockchain. A sufficiently powerful quantum computer could exploit this brief exposure to deduce the private key associated with the public key and redirect funds to the attacker’s own wallet.
According to Google’s model, a quantum system could precompute elements of the attack beforehand and then complete the private key calculation within about nine minutes once a transaction is broadcast. This timing is critical because Bitcoin block confirmations typically take around 10 minutes. Thus, an attacker’s success rate in beating transaction confirmations could be approximately 41%, posing a meaningful risk of theft during transaction finalization.
By comparison, cryptocurrencies such as Ethereum, which generally confirm transactions faster, present a shorter window for such quantum attacks, theoretically reducing their risk exposure to this specific vulnerability.
The Growing Pool of Quantum-Vulnerable Bitcoins
The research estimates that about 6.9 million bitcoins—roughly one-third of the total supply—currently reside in wallets with exposed public keys that could be targeted by quantum computers. This figure includes approximately 1.7 million bitcoins accumulated in Bitcoin’s early years as well as coins from reused addresses, whose public keys have been revealed during prior transactions.
Google’s estimate sharply contrasts with recent figures from CoinShares, which suggested only about 10,200 bitcoins were sufficiently concentrated in vulnerable wallets to pose a material market risk if stolen. This discrepancy underscores the urgency of reassessing existing cryptographic exposure within the Bitcoin network.
Taproot Upgrade: Benefits and Quantum Downsides
Bitcoin’s Taproot upgrade, activated in 2021 to improve privacy and transaction efficiency, inadvertently widened the set of wallets vulnerable to quantum attack. Unlike older Bitcoin address formats that hid public keys until coins were spent, Taproot makes public keys visible by default on the blockchain. This transparency removes a defensive layer that helped shield earlier wallets from quantum exposure.
The Google study highlights this design choice as a critical factor amplifying the quantum threat landscape and calls for the crypto industry to prioritize post-quantum cryptography migration sooner rather than later.
Responsible Disclosure and Next Steps
Notably, Google’s research team employed zero-knowledge proofs to validate their findings without revealing detailed step-by-step methods for mounting quantum attacks. This approach balances the need for scientific transparency with reducing the risk that malicious actors could misuse the information prematurely.
While the research stops short of signaling an immediate quantum crisis, it serves as a stark wake-up call that the timeline for quantum threats to cryptocurrencies like Bitcoin may be significantly shorter and more complex than once assumed. Investors, developers, and the broader crypto community must prepare accordingly to safeguard digital assets in a future dominated by quantum technology.
Key Points to Remember:
-
Practical quantum attacks on Bitcoin’s cryptography may require fewer than 500,000 physical qubits—much lower than the millions previously thought necessary.
-
Attacks targeting real-time Bitcoin transactions could potentially succeed within nine minutes, before confirmations finalize about 41% of the time.
-
Approximately 6.9 million bitcoins are estimated to reside in wallets vulnerable to quantum attacks due to exposed public keys.
-
Bitcoin’s Taproot upgrade, while enhancing privacy and efficiency, has led to more wallets being quantum-exposed by default.
-
Google urges earlier adoption of post-quantum cryptography standards to mitigate future risks.
About Google Quantum AI:
Google’s Quantum AI team is actively researching the capabilities and implications of quantum computing on cybersecurity and cryptography, aiming to pioneer safe and secure quantum technologies.
For continuous updates on cryptocurrency security and quantum developments, stay tuned to CoinDesk.
© 2026 CoinDesk, Inc. All rights reserved.