When could quantum computers threaten Bitcoin?

Google researchers estimate a quantum computer capable of breaking Bitcoin's cryptography could emerge as early as 2029. This is based on current qubit scaling trajectories. However, most cryptographers place the realistic threat window at 2030–2035 for a fault-tolerant quantum system at the required scale.

By Connie · Last reviewed: April 2026 — pricing & tools verified · This article contains affiliate links. We may earn a commission at no extra cost to you if you sign up through our links.

April 6, 2026 · Happycapy Team · 7 min read

Google: Quantum Computer Could Break Bitcoin in 9 Minutes — Timeline and What It Means (2026)

Q: Can a quantum computer break Bitcoin?

According to Google researchers, a sufficiently powerful quantum computer could break Bitcoin's ECDSA-256 cryptography in under 9 minutes. The threat is real but requires a fault-tolerant quantum computer with millions of qubits. Current quantum computers have thousands of noisy qubits and cannot yet perform this attack. The threat window is estimated at 2029–2035.

Q: What is post-quantum cryptography?

Post-quantum cryptography (PQC) refers to cryptographic algorithms that are secure against attacks from quantum computers. NIST finalized its first PQC standards in 2024, including CRYSTALS-Kyber for key encapsulation and CRYSTALS-Dilithium for digital signatures. Bitcoin and most blockchain systems would need to migrate to these standards before a capable quantum computer emerges.

Q: Is AI making crypto less secure?

Yes, in a different way from quantum computing. Ledger CTO Charles Guillemet warned in April 2026 that AI is making crypto hacks cheaper and faster — not by breaking cryptography, but by automating vulnerability discovery and exploit development. AI tools allow attacks that once took months to be completed in seconds. AI-generated code is also creating insecure systems that are harder to audit.

TL;DR

Google researchers found a sufficiently powerful quantum computer could crack Bitcoin's ECDSA-256 cryptography in under 9 minutes. Such a computer could exist as early as 2029. Separately, Ledger's CTO warned that AI — not quantum — is already making crypto hacks dramatically cheaper and faster right now. Both threats require different defenses.

The Google Research Finding

Google researchers published findings showing that a fault-tolerant quantum computer with sufficient qubits could break Bitcoin's elliptic curve digital signature algorithm (ECDSA-256) in under 9 minutes. This is the cryptographic algorithm that secures private keys and transaction signatures on the Bitcoin network.

The finding is not new in theory — quantum's ability to break public-key cryptography has been known since Shor's algorithm was published in 1994. What is new is Google's updated timeline estimate: such a computer could emerge as early as 2029, based on current qubit scaling trajectories from their Willow chip and subsequent hardware generations.

Important context: Current quantum computers have thousands of noisy, error-prone qubits. Breaking Bitcoin requires millions of fault-tolerant logical qubits. The threat is real but not imminent in 2026. The concern is whether Bitcoin and other cryptographic systems will complete their migration to post-quantum standards before capable hardware arrives.

Quantum Threat Timeline for Bitcoin

2024

NIST finalizes first post-quantum cryptography (PQC) standards: CRYSTALS-Kyber and CRYSTALS-Dilithium.

2025

Google's Willow chip demonstrates quantum error correction below threshold. Scaling roadmap accelerates.

2026 (now)

Google researchers model the attack — 9 minutes to break ECDSA-256. No current system can do this. Hardware gap remains large.

2029 (earliest)

Google's aggressive estimate for when a capable system could exist. Most cryptographers say 2030–2035 is more realistic.

2030–2035

Window where Bitcoin and major blockchain networks need PQC migration complete to remain secure.

The Separate AI Threat: Faster, Cheaper Hacks Right Now

While quantum is a long-horizon risk, AI is accelerating crypto attacks today. Ledger CTO Charles Guillemet warned in April 2026 that AI tools have broken the economics of cybersecurity in the opposite direction from defenders — making attacks dramatically easier.

"Finding and exploiting vulnerabilities has become really, really easy," Guillemet said, "with costs going to zero." Tasks that once took months — reverse engineering smart contracts, finding implementation vulnerabilities, crafting exploits — can now be automated in seconds.

This follows $1.4 billion in crypto losses over the past year, including a $285 million drain from Solana-based Drift (attributed to suspected North Korean attackers using AI-assisted reconnaissance) and a $25 million loss from Resolv. Guillemet argued that AI-generated code in DeFi protocols is creating "insecure by design" systems that are harder to audit.

Threat	Timeline	Attack vector	Defense
Quantum computing	2029–2035	Break ECDSA-256, steal private keys	Post-quantum cryptography (CRYSTALS-Kyber)
AI-assisted hacking	Right now	Faster vuln discovery, automated exploits	Formal verification, hardware wallets, audits
AI-generated code bugs	Right now	Insecure smart contracts, DeFi protocols	Human code review, AI security scanning tools

What Needs to Happen Before 2029

For Bitcoin to survive the quantum era, the network needs to migrate its signature scheme. This is a hard problem — Bitcoin's decentralized governance makes protocol upgrades slow. The migration debate mirrors the block size wars of the 2010s, but with a harder deadline.

Bitcoin BIP for PQC signatures — a formal Bitcoin Improvement Proposal to adopt a quantum-resistant signature scheme (e.g., based on CRYSTALS-Dilithium or SPHINCS+).
Wallet migration — users must move funds from old ECDSA addresses to new PQC addresses before a capable quantum computer exists. Dormant wallets (including Satoshi's) are the hardest problem.
Miner and node consensus — the network requires overwhelming consensus to implement a signature change, historically the most contentious type of Bitcoin upgrade.

Ethereum and other major chains face the same migration challenge. Ethereum's roadmap has included quantum resistance discussions since 2022, with Vitalik Buterin proposing an emergency hard fork mechanism as a worst-case response option.

How AI Helps on Defense Too

AI is not purely a threat vector. Security teams are using AI agents to run continuous smart contract audits, model attack scenarios before deployment, and monitor mempool activity for suspicious patterns. AI-powered formal verification tools — which mathematically prove code correctness — are gaining adoption in high-stakes DeFi protocols.

Platforms like Happycapy let security researchers and developers build custom AI agent workflows for code review, vulnerability scanning, and threat modeling — putting AI defense capabilities in the hands of teams without dedicated security engineering headcount.

Build AI Security Workflows with Happycapy

Code review agents, threat modeling, audit summaries — build custom AI security workflows without writing backend code.

Try Happycapy Free

FAQ

Can a quantum computer break Bitcoin today?

No. Current quantum computers have thousands of error-prone qubits. Breaking Bitcoin requires millions of fault-tolerant logical qubits — a capability that does not yet exist. The threat window is estimated at 2029–2035.

What is the 9-minute figure based on?

Google researchers modeled the number of qubits and gate operations needed to run Shor's algorithm against Bitcoin's ECDSA-256. Their model, based on Willow-class hardware and projected scaling, found the attack time drops to under 9 minutes on a sufficiently powerful fault-tolerant system.

What is post-quantum cryptography?

Cryptographic algorithms mathematically resistant to quantum attacks. NIST finalized standards in 2024: CRYSTALS-Kyber (key exchange) and CRYSTALS-Dilithium (signatures). Bitcoin would need to adopt equivalent schemes before a capable quantum computer exists.

Is AI making crypto less secure right now?

Yes. Ledger's CTO confirmed in April 2026 that AI tools have dramatically lowered the cost and time required to discover and exploit vulnerabilities — contributing to over $1.4 billion in crypto losses over the past year. This is a present-day threat, separate from the quantum risk.

Sources

SharePost on X LinkedIn

—Was this helpful?

Get the best AI tools tips — weekly

Honest reviews, tutorials, and Happycapy tips. No spam.

Comments