6.9 million bitcoins may be cracked. The countdown to the "Quantum Doomsday" in 2029 has begun. Bank cards and social accounts are also at risk.
An alarm about password security is ringing in the encryption world and the technology field.
At the end of March 2026, a white paper released by Google's Quantum AI team revealed that a powerful enough quantum computer could, in theory, crack the underlying encryption of Bitcoin with only one-twentieth of the resources previously estimated. The time required for the crack could even be shortened to about 9 minutes.
Currently, approximately 6.9 million Bitcoins (about one-third of the total supply) are at direct risk because their public keys have been permanently exposed on the blockchain.
Previously, Google has significantly advanced the deadline for emergency preparations for "Quantum Doomsday (Q-Day)" to 2029.
The so-called "Quantum Doomsday" refers to the moment when a quantum computer can crack public-key cryptographic algorithms. At that time, almost all passwords used in daily life, such as those for bank cards and social media accounts, will be at risk, and the password foundation we rely on will be shaken.
Google's Groundbreaking Research: Quantum Computing Can Break Bitcoin in 9 Minutes
Report from Google's Quantum AI team. Image source: Google's official website
A report titled "Protecting Elliptic Curve Cryptocurrencies from Quantum Vulnerabilities: Resource Estimation and Mitigation Measures" released by Google's Quantum AI team on March 30, 2026, pointed out that a quantum computer with 500,000 qubits could crack the Elliptic Curve Cryptography (ECC) algorithm on which Bitcoin relies, and the required computing resources are only one-twentieth of the previous estimate.
The Google report provided a specific attack scenario: When a Bitcoin transaction is broadcast to the network and waits for confirmation in the "mempool", an attacker can use a quantum computer to launch an attack. The average confirmation time for a Bitcoin transaction is about 10 minutes, and Google's research found that under specific conditions, the process of a quantum computer deriving a private key from a public key only takes about 9 minutes. In this race against the transaction confirmation time, the attacker will have about a 41% chance of stealing the private key before the transaction is officially recorded and "intercepting" the funds.
Most cryptocurrencies, including Bitcoin and Ethereum, use Elliptic Curve Cryptography as their basic cryptographic algorithm. Under this algorithm, the time required to exhaust all possible keys far exceeds the lifespan of the universe.
However, when a quantum computer cracks Bitcoin, it does not try the keys one by one. Instead, it explores all possibilities simultaneously and filters out the correct answer through interference.
Long Guilu, the deputy director of the Beijing Academy of Quantum Information Sciences and a professor at Tsinghua University, said in an interview with a reporter from NBD (hereinafter referred to as the NBD reporter) that the fundamental difference between a quantum computer and a classical computer lies in the "super parallelism" of quantum computing.
For example, in a classical computer, 3 bits have 8 possible states, from 000 to 111, but it can only represent one state at a time. In a quantum computer, 3 qubits can represent these 8 states simultaneously. Therefore, one calculation is equivalent to calculating all 8 states at the same time. If there are 4 bits, there are 16 states. As the number of bits increases, this computing power grows exponentially.
The Google report also revealed another more direct and urgent threat. The research pointed out that currently, approximately 6.9 million Bitcoins (about one-third of the total supply at that time) are stored in wallets whose public keys have been permanently exposed on the blockchain, including 1.1 million Bitcoins belonging to Satoshi Nakamoto, the founder of Bitcoin.
For this part of the assets, once a powerful enough quantum computer is developed, the attacker will not need to engage in a 9-minute "race". Instead, they can crack these exposed public keys and steal the funds at any time and at ease.
Industry Dispute: Is "Quantum Doomsday" Imminent or Still a Decade Away?
After Google's research report was released, Brian Armstrong, the CEO of cryptocurrency exchange Coinbase, responded within a few hours, saying that he would "personally invest time" to enhance Bitcoin's resistance to quantum attacks and that this issue "must be resolved as soon as possible."
Chris Tam, the president and innovation director of quantum technology company BTQ Technologies, said that if the threat of quantum computing becomes a reality, it could pose the "biggest threat" to Bitcoin and other major digital assets. "If investors know that the tokens they hold today will be stolen tomorrow or transferred out of their accounts without permission, the value of cryptocurrencies will obviously be adversely affected."
As early as January 2026, Christopher Wood, the global equity strategy director of well - known investment bank Jefferies, made a bold decision: He removed 10% of the Bitcoin allocation from his "Greed & Fear" model investment portfolio. He clearly regarded quantum computing as a potential risk to Bitcoin. He then re - allocated this part of the funds to 5% physical gold and 5% gold mining stocks.
However, not everyone believes that "Quantum Doomsday" is imminent.
A report released by Ark Invest a few weeks before Google's report (on March 12, 2026) pointed out that today's quantum computers are far from reaching the threshold to pose a threat in terms of computing power, and any meaningful breakthrough is likely to first affect the broader field of Internet security, not just Bitcoin.
"Currently, the focus of the discussion is still mainly on what is theoretically feasible, has extremely high engineering thresholds, and is not yet operable in reality," said Tian Kun, a researcher at Xinhe Huilian and an associate professor at the Business School of the University of Kent in the UK, in an interview with the NBD reporter. He pointed out that the industry generally does not think that "there will be an immediate collapse". The key bottleneck is that the real world still lacks large - scale, fault - tolerant quantum computers that can stably execute such complex attacks.
Tian Kun explained that in theory, Shor's algorithm (the algorithm mentioned in Google's paper) can crack elliptic curves, but to implement it in engineering, a series of strict conditions must be met simultaneously, such as high - quality physical qubits, a sufficient number of logical qubits, long - term effective quantum error correction, extremely low noise levels, and stable gate operations.
Google's paper also emphasized that currently, the largest quantum processor only has about 1,000 qubits, which is far from the estimated threshold of 500,000 physical qubits.
From Bank Cards to Social Media Accounts: The Existing Password System May Face a Full - Scale Crisis in 2029
Long Guilu. Image source: Tsinghua University's official website
Although the hardware conditions for the attack are not yet available, a key time node is emerging for the question of "when will the quantum threat become a reality": 2029.
Long Guilu believes that it "is very likely" that a quantum computer with the ability to crack passwords will appear in 2029. Because in addition to Google's method, a joint team including Tsinghua University proposed a quantum - classical fusion algorithm in 2022, and this algorithm only needs a few hundred qubits to achieve the effect of tens of thousands of qubits of other algorithms.
Long Guilu further emphasized to the NBD reporter that since this kind of ability is crucial for national security, national defense and other fields, even if it matures in the future, countries "may not publicly announce it."
He also pointed out that once quantum computing technology truly matures, it will inevitably impact the existing asymmetric public - key cryptosystem, including all social media accounts and bank card passwords used in daily life.
Response Measures: Password Upgrade and Quantum - Resistant Solutions
The threat brought by quantum computing is driving password upgrades globally.
In Long Guilu's view, there are currently two main paths to deal with quantum attacks. One is to design new classical cryptographic algorithms that can resist quantum computer attacks, namely Post - Quantum Cryptography (PQC).
In this field, the National Institute of Standards and Technology (NIST) in the United States is at the forefront. According to Long Guilu, NIST released the first three PQC standards in August 2025 and began to promote their use. Apple has adopted a quantum - resistant encryption solution in iMessage, and the U.S. National Security System (NSS) has also started the migration to PQC.
He also mentioned that China also began to publicly solicit Post - Quantum Cryptography solutions at the beginning of 2026 to accelerate the formulation of relevant standards.
The other is quantum communication technology. For example, the quantum key distribution technology of Academician Pan Jianwei's team and the quantum direct communication technology of Professor Long Guilu's team. The security of such solutions is based on the unique physical laws of quantum. When using quantum states to transmit information, if someone eavesdrops, the quantum state will be destroyed, so the eavesdropper actually cannot obtain effective information.
In addition, the Bitcoin community has begun to test a quantum - resistant solution called BIP - 360. As of March 2026, a technology company has successfully deployed the implementation of BIP - 360 on the Bitcoin test network, and more than 50 "miners" have participated. Coinbase, the largest cryptocurrency exchange in the United States, established a "Quantum Computing and Blockchain Independent Advisory Committee" in January 2026.
Regarding the current situation, Tian Kun summarized to the NBD reporter: "Quantum computing is no longer a distant science - fiction hazard for virtual currencies. It is a long - term technology migration problem that needs to be managed as a 'medium - term real - world risk'." He believes that although the risk has not materialized immediately, systematic migration must be carried out several years or even a decade in advance. The future development of blockchain technology will evolve around three paths: algorithm migration, protocol flexibility, and governance coordination, gradually upgrading the system from "quantum - vulnerable" to "quantum - migratable and quantum - upgradable".
This article is from the WeChat official account "NBD Headlines", written by Yue Chupeng and Zheng Yuhang, and published by 36Kr with authorization.