Overview
- The Google Quantum AI whitepaper, published Tuesday, estimates Shor‑style attacks on secp256k1 could run with about 1,200–1,450 logical qubits and fewer than 500,000 physical qubits, a drop of roughly 20x from earlier public figures.
- Researchers model a live “on‑spend” theft where a fast‑clock machine derives a private key in about nine minutes after a transaction reveals its public key, giving roughly a 41% chance to beat Bitcoin’s 10‑minute block time.
- Bitcoin exposure is large today, with about 6.7–6.9 million BTC tied to address types that reveal public keys and more than 1.7 million BTC still in legacy Pay‑to‑Public‑Key outputs, while Taproot’s key‑path design increases on‑chain key exposure when coins are spent.
- Ethereum faces broader at‑rest risks across accounts, admin keys and validator stake, including estimates for 20.5 million ETH in top accounts, about 2.5 million ETH behind admin keys, and roughly 37 million ETH in BLS‑based consensus stake, even as its 12‑second blocks make on‑spend attacks harder.
- Google withheld attack circuits, used a zero‑knowledge proof to validate resource claims, and said it informed U.S. authorities; no machine can run these attacks today, but Google’s 2029 migration target and industry guidance urge PQC adoption, end of address reuse, and coordinated wallet and protocol upgrades.