Quantum computer could break Bitcoin cryptography in ~9 minutes, per Google—mempool and Taproot risks
A new Google-led research paper says a sufficiently powerful quantum computer could use Shor’s algorithm to reverse Bitcoin’s elliptic-curve cryptography. That would let an attacker derive a Bitcoin private key from a known public key—making theft possible.
Bitcoin ownership security relies on elliptic curve discrete logarithms. For traditional computers, reversing the public-to-private key mapping is effectively infeasible. Shor’s algorithm, however, solves the discrete log problem efficiently if the quantum machine has enough logical qubits and fault-tolerant capacity.
The paper estimates the practical threat window: about nine minutes to complete the “second half” of the attack once the system is precomputed and prepared. Since Bitcoin’s average block confirmation time is ~10 minutes, this enables a potential mempool race. If a victim broadcasts a transaction and their public key is visible in the mempool, a quantum attacker might have roughly a 41% chance of finishing before the transaction confirms—allowing front-running or fund diversion.
A larger concern is coins whose public keys are already exposed on-chain (“at rest” attacks). The article notes 6.9 million BTC (about one-third of supply) may be vulnerable without a race against the clock. It also highlights how Taproot (active since Nov 2021) affects key exposure for spent vs unspent outputs.
Overall, the findings do not claim quantum theft is imminent, because the required quantum hardware does not yet exist—but they tighten estimates of when the risk becomes operational and could influence trader sentiment around BTC security and long-dated tail risk.
Neutral
The article’s core is threat modelling: it explains how a future quantum computer could break Bitcoin public-key encryption via Shor’s algorithm, and it provides specific estimates (fewer qubits than earlier forecasts and an ~9-minute practical completion time for a prepared system). However, it does not establish that such a quantum computer exists today, so the immediate ability to attack is unproven.
For traders, this is mainly a sentiment and risk-premium story, not a near-term catalyst like an exchange hack or a regulatory shock. Historically, market reactions to “future tech risk” headlines have often been muted unless there is a clear, near-dated execution pathway. Comparable cases include past cryptography- or protocol-level concerns (e.g., post-quantum migration discussions) where price impacts were limited until concrete timelines or standards affected credible near-term adoption.
Short term: could slightly pressure BTC on headlines that raise perceived existential risk, and encourage hedging/less leverage among risk-sensitive traders. But the lack of actionable capability should cap sustained downside.
Long term: if hardware progress continues and more concrete demonstrations approach the paper’s thresholds, traders may price in higher tail risk for addresses with exposed public keys. That could increase demand for security-focused infrastructure and drive more attention toward wallet hygiene and Taproot-related design choices.
Net: likely neutral overall—elevating narrative risk without triggering immediate, verifiable sell pressure.