Google’s latest research delivers a clear warning: the cryptography securing today’s cryptocurrencies is not future-proof. Advances in quantum computing are accelerating, and the resources needed to break core encryption (elliptic curve cryptography) are far lower than previously thought.
This isn’t a distant, theoretical risk anymore. It’s a strategic, time-bound challenge.
What’s changed?
- 20x efficiency gain: Google shows that cracking crypto encryption could require ~20 times fewer quantum resources than earlier estimates.
- Minutes, not years: In some scenarios, a sufficiently advanced quantum computer could derive private keys in minutes.
- Lower hardware threshold: Attacks may be possible with hundreds of thousands (not millions) of qubits.
What this really means is that the timeline to “Q-Day” (when quantum breaks crypto) is compressing. Where are the vulnerabilities? Google identifies three core attack vectors:
- At-rest attacks
- Target dormant wallets with exposed public keys
- Millions of old Bitcoin/Ethereum holdings are at risk
- On-spend attacks
- Intercept transactions in real time
- Crack keys during the brief window before confirmation
- Protocol-level weaknesses
- Smart contracts, proof-of-stake systems, and data layers expand the attack surface
In short: the more complex and programmable the system, the larger the quantum attack surface and here’s the interesting twist. Google doesn’t just publish vulnerabilities. Instead, it uses zero-knowledge proofs to prove the attack is feasible and avoid revealing the exact “how-to”. This balances transparency with security, setting a new standard for disclosing systemic risks.
The real issue is crypto governance, not just cryptography and the hardest problem isn’t technical, it’s economic and political. What happens to lost or dormant coins if they become vulnerable? Do we preserve immutability, or protect network stability? Who decides? As Google and I noted the other day, the industry will face “unprecedented decisions” about ownership and recovery.
So, what’s the call to action? Google’s message is blunt: migrate to Post-Quantum Cryptography (PQC); do it now, not later; and coordinate across ecosystems (Bitcoin, Ethereum, exchanges, wallets). They’re effectively saying that if you wait until quantum arrives, it’s already too late.
But they would say that as they’re selling quantum.
Nevertheless, I’ve been talking quantum breaking crypto for years – you can’t build an intelligent financial system on cryptography that’s about to be broken – and quantum doesn’t just threaten crypto. It threatens trust in digital value itself.
The bottom line is crypto is secure today, but not guaranteed tomorrow; quantum progress is accelerating faster than expected; and the industry must shift to quantum-resistant foundations regardless. The race is no longer to do digital. It’s the race to post-quantum security.
If this is of interest to you, I’ve written a lot more about it:
How quantum will change everything (including banking, money and security)
Are you fit to lead your bank if you don’t understand tech?
Quantum computing: a threat or opportunity?
Chris M Skinner
Chris Skinner is best known as an independent commentator on the financial markets through his blog, TheFinanser.com, as author of the bestselling book Digital Bank, and Chair of the European networking forum the Financial Services Club. He has been voted one of the most influential people in banking by The Financial Brand (as well as one of the best blogs), a FinTech Titan (Next Bank), one of the Fintech Leaders you need to follow (City AM, Deluxe and Jax Finance), as well as one of the Top 40 most influential people in financial technology by the Wall Street Journal's Financial News. To learn more click here...