English
Back
Open Account
深潮 TechFlow
wrote a column · Apr 10 12:01

Cracking Bitcoin private keys in 9 minutes? A survival guide for blockchains under quantum threats

Written by Changan, Biteye Content Team
A recent paper from Google's Quantum AI team shows that a fault-tolerant quantum computer with 500,000 qubits could theoretically crack Bitcoin private keys in just nine minutes, threatening approximately 6.9 million Bitcoins whose public keys have been exposed. Although current technology is still 446 times away from this goal and it is estimated to be achievable around 2029, this is no longer far-fetched science fiction. The Bitcoin community is advancing anti-quantum upgrade solutions such as BIP-360 and SPHINCS+. Regular users do not need to panic for now but should check address formats (avoid long-term use of Taproot addresses starting with bc1p), develop the habit of 'one address, one transaction,' and stay updated on wallet manufacturers' future updates.
On March 31, 2026, an ordinary Monday, the crypto world suddenly exploded.
Google's Quantum AI team published a paper stating that a quantum computer would only need nine minutes to crack Bitcoin private keys, while the average confirmation time for one block in Bitcoin is ten minutes.
Some called it alarmist, others said it was still a distant reality, but this warning came from Google.
Can quantum computers really crack Bitcoin? Is the threat real or exaggerated? What should ordinary people do? This article attempts to clarify the matter.
The general consensus in the industry was that if one were to crack Bitcoin’s encryption algorithm, a quantum computer would require millions of qubits. That number seemed absurdly large, so everyone assumed it was at least decades away. But Google’s paper brought that number down to less than 500,000—a sudden 20-fold reduction.
The paper describes a specific attack scenario: when you initiate a Bitcoin transaction, your public key is briefly exposed on the network while waiting to be included in a block. This window averages ten minutes. According to Google’s estimates, a sufficiently powerful quantum computer can reverse-engineer your private key from your public key in about nine minutes, then forge a higher-fee transaction to intercept the funds before your original transaction is confirmed on-chain, with a success rate of about 41%.
Of course, the paper describes a fully error-corrected, fault-tolerant quantum computer. Google's own Willow processor has only 105 physical qubits, while the paper requires 500,000. There is a gap of 446 times between them, so a quantum computer capable of cracking BTC does not yet exist.
Google's own target is to complete the migration to post-quantum cryptography by 2029, a timeline that, in some ways, indicates when they believe the threat will become real.
But if such a machine is ever built, the cost of cracking Bitcoin would be much lower than you might think.
But before discussing what this means, we need to clarify one question: What exactly is a quantum computer?
Conventional computers process information using bits, and each bit has only two states: 0 or 1.
Any computation involves manipulating these 0s and 1s. A 256-bit private key implies 2²⁵⁶ possible combinations: even with all the computing power on Earth combined, brute-forcing it with a classical computer would take longer than the age of the universe, which is why Bitcoin has remained secure for the past 15 years.
Quantum computers use quantum bits (qubits), whose magic lies in superposition: they can be both 0 and 1 simultaneously. Eight qubits don't represent just one state but can simultaneously represent 256 states. The more qubits there are, the exponentially greater their parallel processing capability becomes.
But parallelism alone isn’t enough to threaten BTC; what truly poses a danger to cryptography is 'Shor’s Algorithm,' invented in 1994 by MIT mathematician Peter Shor. This algorithm is specifically designed to factor large integers and solve elliptic curve discrete logarithm problems, which happen to be the foundations of Bitcoin and Ethereum private key security.
For example: a traditional computer trying to find the exit in a maze is like testing one path at a time; a quantum computer equipped with Shor’s Algorithm is like someone giving you an overhead view of the maze, where you can see the exit immediately.
Bitcoin uses the ECDSA (Elliptic Curve Digital Signature Algorithm), operating on the secp256k1 curve. This system is impenetrable to classical computers, but Shor’s Algorithm can specifically break the mathematical structure of elliptic curves.
Written by Changan, Biteye content team TL;DR The latest paper from Google's Quantum AI team shows that a fault-tolerant quantum computer with 500,000 qubits could theoretically crack a Bitcoin private key in 9 minutes, threatening approximately 6.9 million Bitcoins with exposed public keys. Although current technology is still 446 times away from this goal and is not expected to be realized until around 2029, this is no longer distant science fiction. The Bitcoin community is advancing anti-quantum upgrade solutions such as BIP-360 and SPHINCS+. Regular users do not need to panic at the moment but should check address formats (avoid long-term use of Taproot addresses starting with bc1p), adopt the habit of 'one address, one transaction,' and stay updated on wallet vendors' subsequent updates. On Monday, March 31, 2026, an ordinary day, the crypto world suddenly exploded. Google’s Quantum AI team published a paper stating that a quantum computer could crack a Bitcoin private key in just 9 minutes, while the average confirmation time for a Bitcoin block is 10 minutes. Some called it alarmist, others said it was light-years away from reality, but this warning came from Google. Can quantum computers really crack Bitcoin? Is the threat real or exaggerated? What should ordinary people do? This article tries to clarify the matter. First, what exactly did Google’s paper say The industry’s previous consensus was that...
After understanding the principles of quantum computing, let's examine how it specifically threatens Bitcoin.
When creating a wallet, the system generates a private key, a random 256-bit number. The public key is derived from the private key, and the wallet address is derived from the public key. This chain can only be followed in one direction; knowing the private key allows you to calculate the public key, but not the other way around.
When you send Bitcoin, the private key is only used to generate a digital signature, which is broadcast along with the transaction to inform the entire network that the money was sent by you. The network verifies the signature as valid, the transaction is confirmed, and it is completed.
Shor’s algorithm could theoretically crack elliptic curve cryptography, the foundation of Bitcoin private key security. But no one takes this seriously because classical computers simply don’t have the computational power required to run this algorithm.
The issue is that quantum computers have indeed been advancing over the years. Once they become powerful enough, a quantum computer only needs to obtain your public key to reverse-engineer the private key, forge your signature, and transfer your funds.
Written by Changan, Biteye content team TL;DR The latest paper from Google's Quantum AI team shows that a fault-tolerant quantum computer with 500,000 qubits could theoretically crack a Bitcoin private key in 9 minutes, threatening approximately 6.9 million Bitcoins with exposed public keys. Although current technology is still 446 times away from this goal and is not expected to be realized until around 2029, this is no longer distant science fiction. The Bitcoin community is advancing anti-quantum upgrade solutions such as BIP-360 and SPHINCS+. Regular users do not need to panic at the moment but should check address formats (avoid long-term use of Taproot addresses starting with bc1p), adopt the habit of 'one address, one transaction,' and stay updated on wallet vendors' subsequent updates. On Monday, March 31, 2026, an ordinary day, the crypto world suddenly exploded. Google’s Quantum AI team published a paper stating that a quantum computer could crack a Bitcoin private key in just 9 minutes, while the average confirmation time for a Bitcoin block is 10 minutes. Some called it alarmist, others said it was light-years away from reality, but this warning came from Google. Can quantum computers really crack Bitcoin? Is the threat real or exaggerated? What should ordinary people do? This article tries to clarify the matter. First, what exactly did Google’s paper say The industry’s previous consensus was that...
This raises a critical question: has your public key already been exposed?
There are two scenarios for public key exposure.
The first scenario is long-term exposure, where the public key has been permanently written on the blockchain and can be read by quantum machines at any time. Two types of addresses fall into this category:
The original address format used by Satoshi Nakamoto and early miners, during which era public keys were stored in plaintext.
Addresses starting with bc1p, Taproot was originally intended to improve privacy and efficiency. However, by design, the public key is embedded in the address itself, which ironically makes it more vulnerable in the face of quantum threats.
The second type is short-term exposure. At the moment you send a transaction, the public key for traditional address formats remains hidden behind a hash while unspent, invisible to outsiders. But every time you make a transaction, the public key enters the mempool along with the transaction and becomes visible to the entire network before being included in a block. This window averages about 10 minutes.
This means that no matter how cautious you are during regular operations, as soon as you initiate a transaction, there's a possibility of being attacked.
Currently, around 6.9 million Bitcoins' public keys have been permanently exposed on-chain. Whether these coins are in personal wallets or hot wallets on exchanges, if the address belongs to one of the high-risk types or has ever sent a transaction, the public key has already been leaked.
Written by Changan, Biteye content team TL;DR The latest paper from Google's Quantum AI team shows that a fault-tolerant quantum computer with 500,000 qubits could theoretically crack a Bitcoin private key in 9 minutes, threatening approximately 6.9 million Bitcoins with exposed public keys. Although current technology is still 446 times away from this goal and is not expected to be realized until around 2029, this is no longer distant science fiction. The Bitcoin community is advancing anti-quantum upgrade solutions such as BIP-360 and SPHINCS+. Regular users do not need to panic at the moment but should check address formats (avoid long-term use of Taproot addresses starting with bc1p), adopt the habit of 'one address, one transaction,' and stay updated on wallet vendors' subsequent updates. On Monday, March 31, 2026, an ordinary day, the crypto world suddenly exploded. Google’s Quantum AI team published a paper stating that a quantum computer could crack a Bitcoin private key in just 9 minutes, while the average confirmation time for a Bitcoin block is 10 minutes. Some called it alarmist, others said it was light-years away from reality, but this warning came from Google. Can quantum computers really crack Bitcoin? Is the threat real or exaggerated? What should ordinary people do? This article tries to clarify the matter. First, what exactly did Google’s paper say The industry’s previous consensus was that...
On the day the Google paper was released, CZ @cz_binance responded on Twitter: No need to panic; upgrading cryptocurrencies to quantum-resistant algorithms will solve the problem. The threat is real, but the industry is capable of responding.
Vitalik Buterin @VitalikButerin’s stance is much more cautious. He has been warning about this issue for a long time and provided an estimate: There's a 20% chance of a truly attack-capable quantum computer emerging before 2030.
Both individuals agree that the threat is real, though they differ in their assessment of its urgency. Long before this paper, the Bitcoin developer community had not ignored the issue, and currently, four directions are being seriously discussed.
Written by Changan, Biteye content team TL;DR The latest paper from Google's Quantum AI team shows that a fault-tolerant quantum computer with 500,000 qubits could theoretically crack a Bitcoin private key in 9 minutes, threatening approximately 6.9 million Bitcoins with exposed public keys. Although current technology is still 446 times away from this goal and is not expected to be realized until around 2029, this is no longer distant science fiction. The Bitcoin community is advancing anti-quantum upgrade solutions such as BIP-360 and SPHINCS+. Regular users do not need to panic at the moment but should check address formats (avoid long-term use of Taproot addresses starting with bc1p), adopt the habit of 'one address, one transaction,' and stay updated on wallet vendors' subsequent updates. On Monday, March 31, 2026, an ordinary day, the crypto world suddenly exploded. Google’s Quantum AI team published a paper stating that a quantum computer could crack a Bitcoin private key in just 9 minutes, while the average confirmation time for a Bitcoin block is 10 minutes. Some called it alarmist, others said it was light-years away from reality, but this warning came from Google. Can quantum computers really crack Bitcoin? Is the threat real or exaggerated? What should ordinary people do? This article tries to clarify the matter. First, what exactly did Google’s paper say The industry’s previous consensus was that...
BIP-360, also known as Pay-to-Merkle-Root. Current Bitcoin addresses permanently write the public key onto the blockchain. BIP-360 proposes completely removing the public key from the transaction structure and replacing it with a Merkle root. Quantum machines would have no public key to analyze, making attacks impossible.
This solution is already running on BTQ Technologies’ testnet, with over 50 miners participating and handling more than 200,000 blocks. However, it must be clarified that BIP-360 only protects newly generated coins; the 1.7 million coins whose public keys have already been exposed remain an issue.
SPHINCS+: Officially named SLH-DSA, it is a hash-based post-quantum signature scheme. The logic is straightforward: since Shor's algorithm specifically targets elliptic curves, replace elliptic curves with hash functions for signing.
This scheme was standardized by NIST in August 2024. The challenge lies in the signature size: Bitcoin’s current ECDSA signatures are only 64 bytes, whereas SPHINCS+ signatures exceed 8KB, increasing the size more than a hundredfold, which would significantly raise transaction fees and block space requirements.
To address this, developers have proposed optimization schemes such as SHRIMPS and SHRINCS, aiming to compress the signature size without compromising security.
Commit/reveal scheme: Proposed by Tadge Dryja, co-founder of the Lightning Network, this solution addresses the short-term exposure risk in the mempool. It splits a transaction into two phases:
In the first phase, a hash fingerprint is submitted, containing no transaction information but simply leaving a timestamp on the chain.
In the second phase, the real transaction is broadcasted, revealing the public key at this point. Even if a quantum attacker intercepts the public key in the second phase and calculates the private key, any forged transaction will be rejected by the network due to the absence of a corresponding pre-commitment record from the first phase. The trade-off is that each transaction requires an additional step, slightly increasing costs.
This is seen by the community as a transitional solution to be used until a more complete quantum-resistant system is established.
Hourglass V2: Proposed by developer Hunter Beast, this scheme specifically addresses the 1.7 million old addresses whose public keys have been permanently exposed. The logic behind this proposal is pessimistic but realistic: since these addresses’ public keys can no longer be hidden, once quantum machines become powerful enough, those coins will eventually be stolen.
Hourglass V2 does not aim to prevent theft from old addresses but instead limits the number of Bitcoin that can be transferred from such addresses to one per block, similar to banks imposing daily withdrawal limits during a bank run.
This proposal has sparked significant controversy because there is a principle in the Bitcoin community: no one has the right to interfere with your Bitcoin. Even such a limited restriction is considered by many to be overstepping boundaries.
This is not the first time Bitcoin has faced pressure to upgrade. The block size debate that lasted for years ended up splitting into Bitcoin Cash in 2017. The Taproot upgrade in 2021 took nearly four years from proposal to activation. Every time, the community has to go through lengthy arguments, tug-of-war, and compromises to move any initiative forward. The response to quantum threats will likely follow the same path.
After all this discussion, what can ordinary users do?
The answer isn't as complicated as you might think. Quantum computers can't crack your Bitcoin today, but there are a few things you can start paying attention to now.
Written by Changan, Biteye content team TL;DR The latest paper from Google's Quantum AI team shows that a fault-tolerant quantum computer with 500,000 qubits could theoretically crack a Bitcoin private key in 9 minutes, threatening approximately 6.9 million Bitcoins with exposed public keys. Although current technology is still 446 times away from this goal and is not expected to be realized until around 2029, this is no longer distant science fiction. The Bitcoin community is advancing anti-quantum upgrade solutions such as BIP-360 and SPHINCS+. Regular users do not need to panic at the moment but should check address formats (avoid long-term use of Taproot addresses starting with bc1p), adopt the habit of 'one address, one transaction,' and stay updated on wallet vendors' subsequent updates. On Monday, March 31, 2026, an ordinary day, the crypto world suddenly exploded. Google’s Quantum AI team published a paper stating that a quantum computer could crack a Bitcoin private key in just 9 minutes, while the average confirmation time for a Bitcoin block is 10 minutes. Some called it alarmist, others said it was light-years away from reality, but this warning came from Google. Can quantum computers really crack Bitcoin? Is the threat real or exaggerated? What should ordinary people do? This article tries to clarify the matter. First, what exactly did Google’s paper say The industry’s previous consensus was that...
Check your address format
Open your wallet and check what your receiving address starts with. Addresses beginning with bc1p are Taproot addresses where public keys are embedded by default within the address itself, making them a high-risk format due to long-term exposure. If your assets are stored in such an address and have never been moved, the risk remains theoretical for now, but it’s worth keeping an eye on future developments regarding BIP-360.
SegWit addresses starting with bc1q and traditional addresses starting with 1 still keep their public keys protected by hash if they’ve never been spent, making them relatively safe. However, once you've sent a transaction, the public key becomes permanently exposed on the blockchain.
Develop good address hygiene habits
Try not to repeatedly receive funds or make transfers using the same address. Every time you send a transaction, the public key gets exposed, and used addresses lose their hash protection. Most modern wallets automatically generate new addresses after each receipt of funds, so just leave this feature enabled.
Keep an eye on updates to your wallet software
Hardware wallet manufacturers like Ledger and Trezor will play a crucial role in quantum-resistant upgrades. Once BIP-360 or post-quantum signature schemes are activated on the mainnet, wallets will need to simultaneously support new address formats and signature algorithms. On the user's end, this process might simply involve updating the firmware, but it could also require migrating assets from old addresses to new format addresses. What you can do now is ensure that the wallet you use comes from a vendor with the capability for continuous updates, and stay informed.
Assets held on exchanges
Exchanges don't require user intervention, as their teams handle technical upgrades. Coinbase has already established a Quantum Advisory Board, and major exchanges will follow suit under regulatory pressure. For assets stored in reputable large exchanges, the quantum upgrade will be seamless and transparent for you.
The claim that 'quantum computers will crack Bitcoin' has been circulating for many years. Each time it surfaces, it gets mocked, and then nothing happens. Over time, people have come to assume it's a case of crying wolf.
This time, the warning comes from Google. Bitcoin developers are already seriously preparing countermeasures, and Ethereum's roadmap is also progressing. However, this matter has always remained theoretical—whether quantum computers can truly break Bitcoin's encryption algorithm remains uncertain, and no one can provide a definitive answer at this point.
Google says by 2029, others say it will take decades, and some argue it will never happen. Only time will tell the answer to this question.
Advancements in quantum computing have never been linear. The last major breakthrough occurred at an unexpected moment, and the next one might as well.
Risk Disclaimer: The above content only represents the author's view. It does not represent any position or investment advice of Futu. Futu makes no representation or warranty.Read more
Thumbs Up
1
17K Views
Report
Comments
Write a Comment...
1