Here's what 'cracking' bitcoin in 9 minutes by quantum computers actually means

Tech Share Share this article Copy link X icon X (Twitter) LinkedIn Facebook Email Here's what 'cracking' bitcoin in 9 minutes by quantum computers actually means Google's quantum paper made headlines with that number. Here's what it means, what's actually at risk, and why 6.9 million bitcoin are more exposed than the rest. By Shaurya Malwa | Edited by Omkar Godbole Apr 4, 2026, 2:30 a.m. Make preferred on What to know : New research from Google's Quantum AI team suggests a future quantum computer could derive a bitcoin private key from a public key in about nine minutes, potentially allowing attackers to hijack transactions before they are confirmed. Roughly one-third of all bitcoin, including early coins and any held in addresses whose public keys have been exposed or reused, could be stolen at leisure by a sufficiently powerful quantum computer without the time pressure of a live transaction. While bitcoin's core mining process would continue to function, the ability to derive private keys from public keys would undermine the network's ownership guarantees, and unlike Ethereum, bitcoin has not yet begun migrating to post-quantum cryptography. Google's Quantum AI team said earlier this week that a future quantum computer could derive a bitcoin private key from a public key in roughly nine minutes. The number ricocheted across social media and spooked markets. But, what does it actually mean in practice? Let's start with how bitcoin transactions work. When you send bitcoin, your wallet signs the transaction with a private key, a secret number that proves you own the coins. That signature also reveals your public key, a shareable address, which gets broadcast to the network and sits in a waiting area called the mempool until a miner includes it in a block. On average, that confirmation takes about 10 minutes. Your private key and public key are linked by a math problem called the elliptic curve discrete logarithm problem. Classical computers can't reverse that math in any useful timeframe, while a sufficiently powerful future quantum computer running an algorithm called Shor's could. Here's where the nine minutes part comes in. Google's paper found that a quantum computer could be "primed" in advance by pre-computing the parts of the attack that don't depend on any specific public key. Once your public key appears in the mempool, the machine only needs about nine minutes to finish the job and derive your private key. Bitcoin's average confirmation time is 10 minutes. That gives the attacker a roughly 41% chance of deriving your key and redirecting your funds before the original transaction confirms. Think of it like a thief spending hours building a universal safe-cracking machine (pre-computation). The machine works for any safe, but each time a new safe appears, it only needs a few final adjustments — and that last step is what takes about nine minutes. That's the mempool attack. It's alarming but requires a quantum computer that doesn't exist yet. Google's paper estimates such a machine would need fewer than 500,000 physical qubits. Today's largest quantum processors have around 1,000. The bigger and more immediate concern is the 6.9 million bitcoin, roughly one-third of total supply, that already sit in wallets where the public key has been permanently exposed . This includes early bitcoin addresses from the network's first years that used a format called pay-to-public-key, where the public key is visible on the blockchain by default. It also includes any wallet that has reused an address, since spending from an address reveals the public key for all remaining funds. These coins don't need the nine-minute race. An attacker with a sufficiently powerful quantum computer could crack them at leisure, working through exposed keys one by one without any time pressure. Bitcoin's 2021 Taproot upgrade made this worse, as CoinDesk reported earlier Tuesday. Taproot changed how addresses work so that public keys are visible on-chain by default, inadvertently expanding the pool of wallets that would be vulnerable to a future quantum attack. The bitcoin network itself would keep running. Mining uses a different algorithm called SHA-256 that quantum computers can't meaningfully speed up with current approaches. Blocks would still be produced. The ledger would still exist. But if private keys can be derived from public keys, the ownership guarantees that make bitcoin valuable break down. Anyone with exposed keys is at risk of theft, and institutional trust in the network's security model collapses. The fix is post-quantum cryptography, which replaces the vulnerable math with algorithms that quantum computers can't crack. Ethereum has spent eight years building toward that migration. Bitcoin hasn't even started. More For You Encryption Supremacy: Zcash and Privacy in the Age of Scale By CoinDesk Research Mar 31, 2026 Commissioned by GenZcash Most crypto privacy models weaken as blockchain data grows. Encryption-based models like Zcash strengthen. CoinDesk Research maps the five privacy approaches and examines the widening gap. Why it matters : As blockchain adoption scales, the metadata available to machine learning models scales with it. Obfuscation-based privacy approaches are structurally degrading as a result. This report provides a comprehensive comparison of all five major crypto privacy architectures and a framework for evaluating which models remain durable as AI capabilities improve. View Full Report More For You How a Solana feature designed for convenience let attackers drain more than $270 million from Drift By Shaurya Malwa | Edited by Aoyon Ashraf Apr 2, 2026 The exploit did not involve a bug in Drift's code. It used "durable nonces," a legitimate Solana transaction feature, to pre-sign administrative transfers weeks before executing them, bypassing the protocol's multisig security in minutes. What to know : An attacker drained at least $270 million from the Drift Protocol on Solana by abusing a legitimate feature called 'durable nonces,' rather than exploiting a code bug or stolen keys. By securing two misleading approvals from Drift's five-member Security Council multisig, the attacker pre-signed transactions that remained valid for more... Read full story Latest Crypto News Schwab plans spot bitcoin, ether trading launch in first half of 2026 7 hours ago Circle under fire after $285 million Drift hack over inaction to freeze stolen USDC 7 hours ago What next as XRP rises to $1.33 but fails to break out 9 hours ago CoinDesk 20 performance update: Bitcoin (BTC) trades flat while altcoins rise 13 hours ago U.S. March jobs smash expectations, with 178,000 added 13 hours ago Ethereum Foundation stakes another $93 million ether, reaching its 70,000 ETH target 14 hours ago Top Stories The 'time pain' trap: why bitcoin’s bear market might need a few more months of ‘boring’ to hit a true floor Apr 2, 2026 CFTC sues Illinois, Arizona, Connecticut over states' sports prediction market efforts Apr 2, 2026 Coinbase wins initial bank regulator nod for trust charter, boosting custody push Apr 2, 2026 Naoris Protocol's quantum-resistant blockchain goes live as Bitcoin and Ethereum face 'Q-Day' threats 17 hours ago Bitcoin trims big loss, stocks erase 2% decline, as Iran signals cooperation on key shipping route Apr 2, 2026 How a Solana feature designed for convenience let attackers drain more than $270 million from Drift Apr 2, 2026