Will quantum computing kill Bitcoin and mining? Is this an alarmist claim?

On March 31, 2026, Google’s subsidiary Google Quantum AI released a widely discussed white paper claiming that the resources needed for future quantum computers to crack Bitcoin encryption have been reduced by about 20 times compared to previous estimates. This study quickly sparked industry discussions, with headlines like “Quantum Computers Break Bitcoin in 9 Minutes” spreading in the market. But honestly, such panic occurs once or twice a year; this time, because of Google’s backing, it sounds particularly alarming.

We have systematically reviewed this 57-page paper and several key studies published simultaneously, to analyze the credibility of related claims, the current development stage of quantum computing, its actual impact on cryptocurrencies and mining, the associated risks, and whether they are truly imminent.

Reassessing the Technical Risks

Traditionally, Bitcoin’s security relies on a one-way mathematical relationship. When creating a wallet, the system generates a private key, and the public key is derived from it. When using Bitcoin, users need to prove they own the private key, but not reveal it directly; instead, they generate an encrypted signature that the network can verify. This mechanism is secure because modern computers would need billions of years to reverse-engineer the private key from the public key—specifically, cracking the elliptic curve digital signature algorithm (ECDSA) would take far longer than feasible, so blockchain cryptography has always been considered unbreakable.

But the advent of quantum computers breaks this rule. Their working principle is different: instead of checking keys one by one, they explore all possibilities simultaneously and use quantum interference effects to find the correct key. For example, a traditional computer is like someone trying keys one by one in a dark room, while a quantum computer is like having several master keys that can match all locks at once, more efficiently approaching the correct answer. Once quantum computers are powerful enough, attackers could quickly compute your private key from your exposed public key and then forge a transaction to transfer your Bitcoin to themselves. Such an attack, once it occurs, would be difficult to recover assets from due to the irreversible nature of blockchain transactions.

On March 31, 2026, Google Quantum AI, in collaboration with Stanford University and the Ethereum Foundation, published a 57-page white paper. The core of this paper is to evaluate the specific threat of quantum computing to elliptic curve digital signature algorithms (ECDSA). Most blockchains and cryptocurrencies use 256-bit elliptic curve cryptography based on the discrete logarithm problem (ECDLP-256) to protect wallets and transactions. The research team found that the quantum resources required to crack ECDLP-256 have been significantly reduced.

They designed a quantum circuit running Shor’s algorithm, specifically for deriving private keys from public keys. This circuit needs to run on a particular type of quantum computer—superconducting quantum architecture, which is the main research route for companies like Google and IBM. This technology features fast computation but requires extremely low temperatures to maintain qubit stability. Assuming hardware performance meets the standards of Google’s flagship quantum processor, this attack could be completed in a few minutes using fewer than 500k physical qubits. This number is about 20 times lower than previous estimates.

To better visualize this threat, the team simulated the cracking process. They integrated the circuit into real Bitcoin transaction environments and found that a theoretical quantum computer could reverse-engineer a public key to a private key in about 9 minutes, with a success rate of approximately 41%. The average block time for Bitcoin is 10 minutes. This means that over 32% to 35% of Bitcoin supply could be at risk of static attack once their public keys are exposed on-chain, and attackers could potentially intercept transactions before they are confirmed, stealing funds in real time. Although such advanced quantum computers have not yet appeared, this finding extends quantum attacks from “static asset harvesting” to “real-time transaction interception,” causing significant market anxiety.

At the same time, Google provided another key update: the company has moved its internal deadline for post-quantum cryptography (PQC) migration forward to 2029. Simply put, post-quantum cryptography involves replacing all current RSA and elliptic curve encryption systems with quantum-resistant algorithms. Before releasing this white paper, this was a long-term project. The U.S. National Institute of Standards and Technology (NIST) had set a timeline to phase out old algorithms by 2030 and fully disable them by 2035, with the industry generally believing there was about a decade to prepare. But Google’s latest progress in quantum hardware, quantum error correction, and quantum factorization estimation led them to conclude that the quantum threat is closer than previously thought, so they set their internal migration deadline significantly earlier, to 2029. This effectively compresses the industry’s preparation window and signals that quantum computing progress is faster than expected, requiring security upgrades to be prioritized. While this is a milestone study, media amplification has also heightened anxiety. How should we rationally view this impact?

Should We Be Worried?

1. Will quantum computing cause the entire Bitcoin network to fail?

There is a threat, but it mainly targets the signature security layer. Quantum computing does not directly affect the blockchain’s underlying structure or mining mechanisms. Its real threat lies in the digital signature process. Every Bitcoin transaction requires a private key signature to prove ownership. The network verifies whether the signature is correct. The potential of quantum computing is to derive the private key from the public key, enabling forgery.

This introduces two practical risks. One occurs during transaction initiation: when a transaction is broadcast but not yet included in a block, there’s a theoretical risk of front-running or replacement—known as “on-spend attack.” The other involves addresses whose public keys have already been exposed, such as wallets that have been inactive for a long time or addresses that are reused; these are more vulnerable because the attacker has more time and easier access.

However, it’s important to emphasize that these risks are not universal for all Bitcoin or all users. They only exist during the few minutes when you initiate a transaction or if your address’s public key has been exposed historically. This is not an immediate systemic failure.

2. Will this threat arrive so quickly?

The “9-minute crack” premise assumes the creation of a fault-tolerant quantum computer with 500k physical qubits. Currently, Google’s most advanced chip, Willow, has only 105 qubits; IBM’s Condor has about 1,121 qubits. The estimated “quantum day” (Q-Day) for cracking Bitcoin by Ethereum Foundation researcher Justin Drake is around 2032, with only a 10% probability. So, it’s not an imminent crisis, but also not a risk that can be ignored entirely.

3. What is the biggest threat of quantum computing?

Bitcoin is not the most affected system; it’s just the most visible and easily understood example. The broader challenge posed by quantum computing is systemic: all internet infrastructure relying on public key cryptography—including banking systems, government communications, secure emails, software signatures, and identity verification—will face similar threats. This is why Google, NSA, and NIST have been pushing for post-quantum cryptography migration over the past decade. Once practical quantum computers capable of attacking real-world cryptography emerge, the impact will not be limited to cryptocurrencies but will threaten the entire digital trust infrastructure. Therefore, this is not a risk unique to Bitcoin but a systemic upgrade for global information security.

Quantum Mining: Imagination and Feasibility

On the same day Google published its paper, BTQ Technologies released a study titled “Kardashev Scale Quantum Computing for Bitcoin Mining,” quantifying the feasibility of quantum mining from physical and economic perspectives. The author, Pierre-Luc Dallaire-Demers, modeled all technical aspects involved in quantum mining—from hardware to algorithms—to estimate the actual costs of mining with quantum computers.

The results show that even under the most favorable assumptions, quantum mining would require about 10⁸ physical qubits and 10⁴ terawatts of power—roughly the output of a large national grid. Under Bitcoin’s difficulty level in January 2025, the resource requirement skyrockets to about 10²³ qubits and 10²⁵ watts—approaching the energy output of a star. In comparison, Bitcoin’s current total electricity consumption is about 13–25 gigawatts, far below the scale needed for quantum mining.

The study further notes that the theoretical speedup of Grover’s algorithm would be offset by various overheads in practical engineering, making quantum mining physically and economically unfeasible.

Google is not the only organization discussing this. Coinbase, the Ethereum Foundation, and Stanford’s Blockchain Research Center are also conducting related research. Ethereum researcher Justin Drake commented: “By 2032, there’s at least a 10% chance that quantum computers will recover secp256k1 ECDSA private keys from exposed public keys. While it still seems unlikely that cryptographically significant quantum computers will appear before 2030, it’s definitely time to start preparing.”

So, currently, we do not need to worry about quantum computing delivering a fatal blow to mining, as the resource requirements are far beyond rational economic considerations. No one would spend such enormous energy just to mine 3.125 Bitcoin in a block.

Cryptocurrencies Won’t Disappear, But They Need Upgrading

If quantum computing raises a problem, the industry has an answer: “Post-Quantum Cryptography” (PQC), which involves cryptographic algorithms resistant to quantum attacks. Specific approaches include introducing quantum-resistant signature algorithms, optimizing address structures to reduce public key exposure, and gradually upgrading protocols. Currently, NIST has completed standardization of post-quantum cryptography, with ML-DSA (lattice-based digital signature, FIPS 204) and SLH-DSA (hash-based stateless signatures, FIPS 205) as two core post-quantum signature schemes.

At the blockchain level, BIP 360 (Pay-to-Merkle-Root, P2MR) was officially included in Bitcoin Improvement Proposals (BIPs) early 2026. It addresses a transaction mode introduced by the 2021 Taproot upgrade. Taproot aimed to improve privacy and efficiency, but its “key-path spending” feature exposes public keys during transactions, potentially becoming a quantum attack target. BIP 360’s core idea is to remove this exposed public key path, changing transaction structures so that funds can be transferred without revealing the public key, thus reducing quantum risk exposure from the source.

For the cryptocurrency industry, upgrading the blockchain involves on-chain compatibility, wallet infrastructure, address systems, user migration costs, and community coordination—requiring participation from protocol layers, clients, wallets, exchanges, custodians, and ordinary users. It’s a complex process, but the industry has reached a consensus that such upgrades are necessary, and subsequent implementation will be a matter of execution and timing.

The Headline Is Impressive, But the Reality Is Not So Urgent

After dissecting these latest developments, it’s clear that the situation isn’t as alarming as it sounds. Human research into quantum computing is indeed accelerating toward practical reality, but we still have ample time to respond. Today’s Bitcoin is not a static system; it’s a network that has evolved over the past decade-plus. From script upgrades to Taproot, from privacy enhancements to scaling solutions, it’s constantly changing to balance security and efficiency.

The challenges posed by quantum computing may simply serve as another reason for future upgrades. The quantum clock is ticking. The good news is, we can hear its ticking—and still have time to react. In this era of continuous leaps in computational power, what we need to do is ensure that the trust mechanisms of the cryptographic world stay ahead of technological threats.