$800 Billion+ Worth of BTC and ETH Assets Potentially at Risk from Quantum Advances

Today, Google Quantum AI published new research on the resources needed to break the elliptic curve cryptography (ECDSA/secp256k1) used by Bitcoin, Ethereum, and many other cryptocurrencies. The findings suggest the threat could materialize with significantly fewer quantum resources than previously estimated.
Key points from the paper:
A cryptographically relevant quantum computer might need fewer than 500,000 physical qubits (roughly 1,200–1,450 high-quality logical qubits) to solve the 256-bit elliptic curve discrete logarithm problem — a 20x reduction from earlier estimates that often cited millions of qubits.
In a real-time "on-spend" attack scenario, such a system could potentially derive a private key from a revealed public key in about 9 minutes. This is just under Bitcoin’s average 10-minute block time, creating a theoretical window where an attacker could hijack an in-flight transaction (with an estimated ~41% success rate in some models).
Previously, many assumed quantum attacks on crypto would take much longer (months or more), making transactions relatively safe in the short term. This changes the risk assessment for active spending.
Roughly one-third of Bitcoin’s supply (around 6.9 million BTC) sits in addresses where the public key has already been exposed at some point — including early P2PK outputs and reused addresses. These are more vulnerable to future "harvest now, decrypt later" or long-range attacks.
The research notes that Bitcoin’s Taproot upgrade may inadvertently make certain attacks slightly more efficient in some cases.
Important Context:
This is still a theoretical threat based on improved algorithms and hardware assumptions. No such quantum computer exists today — current systems are in the low thousands of noisy physical qubits. Practical, fault-tolerant machines capable of this scale are likely still years away (Google and others have separately flagged 2029 as a broader preparation milestone for post-quantum cryptography migration).
The crypto community has known about the long-term quantum risk for years. Solutions include migrating funds to quantum-resistant address formats where possible, and developing post-quantum signature schemes (some Ethereum efforts and Bitcoin discussions are already underway).
This is a reminder that the industry needs to continue proactive research into quantum-resistant upgrades — but it's not an immediate "crypto is doomed" scenario. Panic-selling or FUD isn't warranted; informed preparation is.
The original post used dramatic language ("really bad," "most scary part," "just 4 years before... not just FUD") for engagement. In reality, while the reduced qubit estimates narrow the timeline somewhat, experts still view a full-scale break as a medium-to-long-term challenge requiring significant engineering breakthroughs in error correction and scalability.