How a quantum computer can be used to actually steal your bitcoin in '9 minutes'
Key Takeaways
Bitcoin’s security model: Relies on elliptic curve cryptography (ECC), specifically the secp256k1 curve, which makes deriving private keys from public keys practically impossible for classical computers.
Shor’s algorithm: A quantum algorithm that can efficiently solve the elliptic curve discrete logarithm problem, allowing a quantum computer to reverse ECC and extract private keys.
Google’s recent paper (April 2026):
Reduced the estimated qubit requirement from millions to fewer than 500,000.
Demonstrated quantum circuits that could break Bitcoin’s ECC using ~1,200–1,450 logical qubits and tens of millions of Toffoli gates.
Introduced a nine-minute attack window: once a public key is exposed, a quantum computer could derive the private key in about nine minutes.
Mempool attack risk: Because Bitcoin block confirmation averages 10 minutes, attackers could potentially front-run transactions with a ~41% success chance if they finish within nine minutes.
At-rest vulnerability: Around 6.9 million BTC (roughly one-third of supply) are in wallets where public keys are already exposed on the blockchain, making them permanently vulnerable to quantum attacks once hardware is capable.
Taproot upgrade (2021): Changed how public keys are revealed, but coins in older addresses remain exposed once spent.
⚖️ Implications
Bitcoin is safe today because no quantum computer powerful enough exists yet.
The timeline for risk has shortened significantly due to Google’s findings.
Future-proofing Bitcoin against quantum threats may require protocol changes, such as new cryptographic schemes or hard forks.
