Google's quantum computing team just dropped a paper that the crypto world has been dreading for years, and the headline number is hard to ignore: a sufficiently powerful quantum computer could, in theory, crack a live Bitcoin transaction in roughly nine minutes.

The research, published on March 30, estimates that breaking the 256-bit elliptic curve cryptography (ECDLP-256) that protects Bitcoin wallets would require fewer than 500,000 physical qubits - about 20 times fewer than previous estimates. That's a significant downward revision, and it changes the timeline for when this threat becomes a real concern.

How the Attack Would Actually Work

Bitcoin's encryption protects wallets by keeping private keys hidden from public keys. Under normal conditions, no known classical computer can reverse-engineer a private key from a public key in any realistic timeframe. Quantum computers operating with Shor's algorithm, however, can crack elliptic curve cryptography much faster.

The specific attack described in the paper targets real-time transactions rather than old dormant wallets. When a Bitcoin transaction is broadcast to the network, the sender's public key is briefly exposed for roughly 10 minutes before the transaction confirms. The paper estimates that a quantum attacker who has pre-computed the necessary setup steps could exploit that window with about a 41% chance of success in under nine minutes.

That's not a guaranteed crack - it's a probabilistic attack during a narrow exposure window. But 41% odds with a nine-minute timer is a very different threat profile than what most people have been planning around.

Who's Most at Risk

Approximately 6.9 million Bitcoin are already considered vulnerable to a longer, slower quantum attack - including roughly 1.7 million coins from the Satoshi era. These older wallets reuse addresses or have exposed public keys, which means there's no time-pressure window needed; a quantum computer would just need enough qubits and time.

Ironically, Bitcoin's Taproot upgrade - introduced in 2021 to improve privacy and efficiency - may have made things worse. By exposing public keys by default in certain transaction types, Taproot expanded the pool of wallets exposed to real-time quantum attacks. That wasn't the intent, but it's now a documented risk in Google's own research.

Ethereum is actually less exposed to the nine-minute attack because ETH transactions confirm much faster, leaving a shorter window for a quantum attacker to work within.

Where Things Actually Stand

Here's the important context: this threat is not imminent. No quantum computer today comes close to 500,000 useful physical qubits with the error correction needed to run Shor's algorithm against live Bitcoin transactions. Google's own Willow chip, the most advanced publicly known quantum processor, operates at a far smaller scale than what the paper describes as necessary.

Google has been working on post-quantum cryptography (PQC) migration since 2016 and set a 2029 target for completing its own migration. The research was conducted using zero-knowledge methods specifically to avoid providing a usable attack recipe to bad actors.

The Bitcoin community has been aware of quantum risk for years, and several post-quantum signature schemes exist that could, in principle, replace the current ECDSA standard. What this paper does is sharpen the urgency. The qubit requirement is now lower than expected, the timeline may be tighter than people assumed, and the Taproot complication is newly documented.

Whether the ecosystem moves fast enough to address this before a capable quantum computer exists is the real open question - and right now, the answer is unclear.

------- 
Author: Adam Lee 
Asia News Desk / Breaking Crypto News

The Liquid exchange and NiceHash mining are among those affected by a scam that ended with GoDaddy employees giving their passwords over to the malicious actors.  GoDaddy is one of the most popular services to register .com's and other popular domain name extensions.

Liquid's CEO Mike Kayamori says they used those employees access to partially breach the site's infrastructure, change their DNS records, and take possession of several internal email accounts. They also believe they downloaded copies of several 'important documents'.

The company recommended that its users change passwords and take additional security measures to prevent leakage of their data . He added that he had controlled the attack before hackers had access to his clients' accounts and assets.

The staff at Liquid noticed this on November 15th, just 4 days later the crypto mining service NiceHash also reported it was the victim of a security breach.

The company said that after detecting unauthorized changes to the configuration of its web domain registered with GoDaddy, it decided to freeze all client funds for 24 hours, a move that seems to have worked in protecting all funds.

Additional Companies Involved May Be Staying Silent...

No company in the crypto space wants their name connected to any type of security breach, and cyber security expert Brian Krebs's report shows there may be more crypto companies with GoDaddy domains, showing the same altered information as the confirmed victims.

This includes Bibox, Celsius, and Wirex - none have announced any issues, and none are responding to requests for comments.

GoDaddy spokesperson Dan Race says that the company identified the unauthorized changes to its customers' domains, and immediately blocked the accounts and reversed the changes.

------- 
Author: Adam Lee 
Asia News Desk