Crack Bitcoin in 9 Minutes'—What Google's Quantum Paper Really Means

If you've ever sent bitcoin, there's a 10-minute window standing between your funds and a theoretical attacker. Google's quantum AI team just published research suggesting that window may one day shrink to nine minutes—and for roughly one-third of all bitcoin ever mined, there's no window at all.

How the Nine Minutes Actually Works

To understand the threat, you need to understand what happens when you send bitcoin.

Every transaction is signed with a private key—a secret number that proves ownership. That signature exposes your public key, which gets broadcast to the network and sits in a waiting area called the mempool until a miner picks it up. Average confirmation time: 10 minutes.

The private key and public key are mathematically linked through something called the elliptic curve discrete logarithm problem. Classical computers can't reverse that math in any practical timeframe. But Google's paper found that a future quantum machine running Shor's algorithm could be pre-loaded with the computationally heavy work in advance. Once your public key appears in the mempool, it would need just nine minutes to finish deriving your private key.

That's a 41% chance of stealing your funds before your transaction confirms—like a thief who spent weeks building a universal safe-cracker and only needs a few final adjustments when your safe appears.

The catch: this attack requires a quantum computer with fewer than 500,000 physical qubits. Today's most advanced processors sit around 1,000. We're not there yet.

The Quieter, More Immediate Problem

Sponsored

Advertise with Us

[email protected]

Sponsored

The nine-minute race is alarming. But the larger risk is already sitting still.

An estimated 6.9 million BTC—roughly a third of total supply—sits in wallets where the public key is permanently and openly visible on the blockchain. No time pressure required. A sufficiently powerful quantum computer could work through these exposed keys at leisure, one by one.

Two groups are most exposed. First: early bitcoin addresses using a format called pay-to-public-key, where the public key is visible by design. Some researchers believe a portion of Satoshi Nakamoto's estimated 1 million BTC falls into this category. Second: any wallet that has ever reused an address—spending from a reused address reveals the public key for all remaining funds in that wallet.

Worse, Bitcoin's 2021 Taproot upgrade—designed to improve efficiency and privacy—inadvertently expanded this vulnerable pool. Taproot exposes public keys on-chain by default, meaning newer wallets using this format are also in the crosshairs of a future quantum attacker.

The Network Survives. But Does Ownership?

Here's what quantum computing doesn't break: bitcoin mining. The SHA-256 algorithm that powers block production can't be meaningfully accelerated by current quantum approaches. Blocks keep coming. The ledger keeps running.

What breaks is the ownership guarantee. The entire value proposition of bitcoin rests on the idea that only you can move your coins. If a quantum computer can derive private keys from public keys, that guarantee evaporates for anyone with an exposed address. Institutional confidence in the network's security model would take a serious hit alongside individual holders.

The fix exists. Post-quantum cryptography replaces the vulnerable math with algorithms designed to resist quantum attacks. Ethereum has been building toward that migration for eight years. Bitcoin hasn't started.

That gap matters. Bitcoin's decentralized governance means any protocol change requires broad consensus across millions of stakeholders—miners, developers, exchanges, and holders. That's not a technical problem. It's a political one. And political problems take time that a cryptographic deadline doesn't always allow.

For investors, the calculus is worth examining. Coins held in modern, single-use SegWit or Bech32 addresses with unexposed public keys carry far less quantum risk than older or reused addresses. Knowing what type of address your holdings sit in—and whether your exchange has disclosed its cold wallet practices—is no longer just a technical curiosity.