Pointwise Summary
- Google’s Quantum AI lab has shown that the quantum resources necessary to breach ECDSA-256, which is utilized by Bitcoin and Ethereum, are 20 times fewer than previously thought.
- They utilized an ‘on spend’ attack in which they compute the private key from the public key presented in the mempool and estimate the time taken as 9 minutes.
- When a user initiates a transaction, the public key is revealed. An attacker can use their quantum computers to initiate a false transaction before the original is included in the block.
- The 6.9 million BTC, about 33% of the supply, held in early P2PK addresses or reused wallets are considered ‘sitting ducks’ for immediate attack.
- The researchers urge an immediate move to Post-Quantum Cryptography to avoid systemic failure.
In-Depth Title: The ‘Mempool Race’ – How Google’s 500,000 Qubit Discovery in Elliptic Curve Cryptography Threatens Live Bitcoin Transactions
A new research paper titled “Securing Elliptic Curve Cryptocurrencies against Quantum Vulnerabilities” has sent shockwaves through the digital asset space. The new paper, released by Google Quantum AI on March 30, 2026, offers the most accurate theorem to date for defeating 256-bit elliptic curve cryptography (secp256k1) used in the largest blockchains in the world.
The crux of this attack is a narrow window of opportunity, which is the time before a transaction is confirmed in a block after it has been sent. In the case of Bitcoin, this ‘waiting room’ typically takes ten minutes on average. Google researchers, led by Ryan Babbush and Hartmut Neven, were able to show with their quantum computer that a machine with 1,200 logical qubits, or 500,000 physical qubits in a low-error configuration, would be capable of solving a discrete logarithm in nine minutes.
This creates a ‘race condition’ in which a quantum attacker can monitor the mempool for high-value transactions. Once a transaction is identified, the attacker can obtain the sender’s public key and use Shor’s algorithm to obtain the private key, then send a new transaction with a significantly higher fee. As miners favor transactions with a higher fee, the attacker’s fraudulent transaction is likely to be included in the next block, effectively ‘stealing’ the funds before the original sender’s transaction is ever processed.
‘We have moved from an if’ to a ‘how fast’ scenario,’ said a Seattle-based technology expert in response to the release. ‘The 20-fold reduction in required qubits means that the engineering hurdles are falling much faster than the 2030 or 2040 timelines many analysts previously predicted.’
While current quantum computers like IBM’s Heron and Google’s Willow chip do not yet have the 500,000 qubits necessary for this hack, the roadmap has become alarmingly clear. The research has shown that once a ‘fast-clock’ quantum computer is achieved, even single-use addresses, which were previously thought safe due to hashed public keys, will be susceptible during a brief time when they are spent.
Market Impact and the $600 Billion Cryptographic Countdown
The market reaction to the Google whitepaper release has been swift. The value of Bitcoin (BTC) plummeted significantly below the $68,000 mark due to the release of the whitepaper. However, the value of BTC has stabilized once again due to technical leads from the Bitcoin Core team informing users that work on a soft fork for post-quantum signatures is already underway.
The risk of an ‘at-rest’ attack is also a cause for concern. Around 1.7 million BTC are from the ‘Satoshi era’ and are stored in a Pay-to-Public-Key (P2PK) address where the public key is over 15 years old. This is the first batch of coins that will be targeted by any entity that is able to achieve a ‘Cryptographically Relevant Quantum Computer’ (CRQC).
Unlike an ‘on-spend’ attack that needs to be carried out quickly, an ‘at-rest’ attack will take longer to execute over a period of days or weeks. However, the ‘on-spend’ mempool attack is the actual threat to the use of Bitcoin as a medium of exchange.
Also Read: Q-Day Countdown: Google Sets 2029 Post-Quantum Deadline as Bitcoin Security Faces New Scrutiny
Frequently Asked Questions
Is my Bitcoin safe right now?
Yes. The most advanced quantum computers available today have only a few hundred or thousands of physical qubits. It will take several years before we can build a machine that can perform the 500,000 physical qubits required for the mempool attack that Google has described.
Can’t Bitcoin simply be updated?
Yes. The Bitcoin community is already discussing BIP-360, among other solutions, to add quantum-resistant digital signatures such as SPHINCS+ or Crystals-Dilithium. However, such changes require a consensus among all nodes on the network. They will likely require moving your money to new ‘quantum-safe’ address types.
Why is the mempool the biggest risk?
Most modern Bitcoin addresses are of the type ‘P2PKH’ or ‘SegWit,’ which means that the public key is not revealed until you try to spend the money. If a quantum computer can crack the key in less than ten minutes, it can steal your money in the time between your ‘reveal’ and the ‘confirmation’ of the block.
What about Satoshi’s 1.1 million Bitcoins?
The majority of Satoshi’s coins are stored in P2PK addresses. These do not conceal the public key. Therefore, as soon as a sufficiently powerful quantum computer is switched on, these coins will be spent by the first person who runs Shor’s algorithm on them, however long it takes.
Does this affect Ethereum and other coins?
Ethereum is actually in a worse position than Bitcoin in some respects due to its longer block times (12 seconds). While a 9-minute attack will not work on a single Ethereum block, the Google research points out that as quantum computers become faster, the ‘window’ for any blockchain that uses ECDSA continues to close.
Disclaimer: BFM Times acts as a source of information for knowledge purposes and does not claim to be a financial advisor. Kindly consult your financial advisor before investing.
