What Google actually said
Google did not say Bitcoin is finished tomorrow. That is the part a lot of people got wrong. What Google’s researchers actually said is much more serious, and much more useful.
The future quantum computer needed to break the kind of elliptic-curve cryptography used by Bitcoin may be far smaller than older estimates suggested. In Google’s new work, the attack on 256-bit elliptic-curve cryptography can be done with under 1,200 logical qubits in one version, and under some hardware assumptions it could take fewer than 500,000 physical qubits and only minutes to run. Google says that is roughly a 20x drop from earlier resource estimates.
That sounds scary, but let’s clarify. A physical qubit is the raw hardware part. A logical qubit is the cleaned-up, error-corrected version built from many raw qubits. So Google is not saying, “we can do this now.” Google is saying, “the machine you need in the future may be a lot less impossible than people thought.” Google also says it is now working on a 2029 timeline for post-quantum migration in its own systems, which shows this is not a joke topic even inside one of the companies building quantum machines.
Why this matters to Bitcoin
The weak spot is not “Bitcoin encryption” in the simple movie sense
When people say “quantum will crack Bitcoin encryption,” that is a rough shortcut, but it hides the real issue. Bitcoin mostly depends on digital signatures. Your private key is the secret that proves a coin is yours, and your public key is the visible math object the network uses to check that proof. Bitcoin transactions are built around public keys, signatures, and checks like OP_CHECKSIG, not around some giant locked box that gets “decrypted.”
A big enough quantum computer would not need to “hack the blockchain” or beat mining first. It could go after the math behind those signatures. If it can recover a private key from a public key fast enough, it can create a fake spend that looks real to the network. That is the nightmare.
Not every coin is equally exposed
This is where the story gets more practical. Some coins are more exposed than others because of how Bitcoin addresses and spending patterns work. Google’s whitepaper says roughly 6.9 million BTC across protocols are currently vulnerable because their keys are exposed or reused. It also points to about 2.3 million BTC in vulnerable dormant addresses that have not moved in at least five years. That includes a lot of very old coins and old address styles. What if they hack Satoshi’s old wallet?
Bitcoin’s own developer docs have warned for years that key reuse is bad for both privacy and security. If a public key stays hidden behind a hash until the moment you spend, that buys you some protection. If you reuse keys or use old formats where the public key is already out in the open, you give a future attacker a target that can sit there for years waiting to be hit.
What smart people seem to think
The careful view right now is not panic, and it is not denial either. Google’s message is basically this: the clock may be moving faster than we thought, so start planning now. The UK’s NCSC has also pushed organizations to start planning by 2028, move high-priority systems by 2031, and complete migration by 2035.
On the Bitcoin side, serious people are already arguing over what the right response should be. Some developers want a strong migration plan with deadlines, and even a future sunset for old signature types so people cannot keep delaying forever. Others agree the risk is real but say it would be reckless to start destroying old functionality too early, especially before there is hard proof that a cryptographically relevant quantum computer really exists. In other words, the smart disagreement is mostly about timing and method, not about whether quantum risk is a real subject.
That is probably the healthiest way to look at it. The danger is real enough to prepare for. The exact date is still uncertain enough that nobody honest should pretend to know the final countdown.
How Bitcoin would actually change
It starts with a proposal, not a press release
Bitcoin does not change because Google says so, and it does not change because one developer posts a clever thread. A real protocol change usually starts as a BIP, a Bitcoin Improvement Proposal. The author writes the idea down, explains the design, argues for it in public, and tries to build consensus. That part matters because Bitcoin is not run by one company. The technical design and the social agreement have to move together.
If the change touches consensus rules, the path is even harder. A soft fork normally needs clear miner signaling, and Bitcoin’s own BIP guidance says a supermajority around 95% is strongly recommended unless there is a strong reason to go lower. So yes, Bitcoin can change, but it changes slowly, because everyone has to trust the new rules.
The first step already being discussed is not the final fix
One of the main ideas now is BIP 360, called Pay-to-Merkle-Root, or P2MR. In other words, it is meant to remove Taproot’s quantum-vulnerable key-spend path while keeping most of the useful script-tree behavior. The goal is to reduce long exposure risk, meaning cases where a public key is exposed for a long time and gives an attacker all the time in the world to work on it.
But this is very important: BIP 360 is not full quantum immunity. The proposal itself says Bitcoin transactions are still generally vulnerable to short exposure attacks, meaning the attack window during spending, while a transaction is in the mempool waiting to confirm. For that, Bitcoin may eventually need full post-quantum signatures, not just a cleaner output type.
Can Bitcoin actually do it?
Yes, in principle. The crypto world is not waiting for magic. Post-quantum signature standards already exist. NIST finalized ML-DSA in 2024 and describes it as a digital signature standard believed to remain secure even against a large-scale quantum computer. So the math tools for a post-quantum world are real.
The hard part is not whether a post-quantum signature exists. The hard part is fitting it into Bitcoin without causing a mess. Bigger signatures can mean bigger transactions. Bigger transactions can mean higher fees and more pressure on block space. Wallets, exchanges, hardware devices, custodians, and multisig setups all need to be updated. That is why even people who agree on the danger still argue about the path.
There is also still a gap between today’s machines and the kind of machine Google is describing. IBM’s public roadmap for 2029 talks about 200 logical qubits, while Google’s new estimate for breaking this kind of cryptography is around 1,200 logical qubits. So this is a serious long-range engineering problem, but not a confirmed next-month disaster.
What would still stay vulnerable
Even if Bitcoin starts upgrading, old coins do not magically become safe on day one. The biggest weak points would still be old exposed keys, reused addresses, and dormant coins that never migrate. That is why the issue is bigger than code. It is also about user behavior, wallet design, and whether the ecosystem can get millions of people to move before they are forced to.
There is one more thing many people get wrong. The near-term quantum threat is not really Bitcoin mining. Google’s whitepaper says quantum attacks on Bitcoin’s proof-of-work are not something to worry about in the next several decades, and calls quantum mining more like science fiction than a concrete threat right now. The bigger issue is ownership and transaction signing.
The bottom line
Google did not say Bitcoin is doomed tomorrow. Google said the future machine needed to attack Bitcoin-style signatures may be closer than older estimates suggested, and that alone changes the conversation. Bitcoin can probably upgrade. But that upgrade will not be one clean switch. It will be years of proposals, arguments, wallet updates, testing, and slow coordination.
The threat is not immediate, but it is no longer easy to laugh off. The earlier Bitcoin starts building its bridge, the less chance it has of trying to build that bridge while the river is already rising.
Nothing in this market is guaranteed, and this space can change very fast. This is not financial advice. Always do your own research before making any move.
If you want more simple explainers on crypto, macro, and market structure, visit blog.millionero.com.
You can also trade spot and perpetual markets on Millionero.