**Securing Elliptic Curve Cryptocurrencies Against Quantum Vulnerabilities — Babbush et al. (Google Quantum AI / Ethereum Foundation / Stanford), March 2026**
Core findings:
* Shor’s algorithm can break 256-bit ECDLP (the cryptographic basis of Bitcoin and Ethereum) On a superconducting architecture, this translates to fewer than 500,000 physical qubits and ~9 minutes of runtime.
**Roughly a 20× improvement over prior estimates.**
**Bitcoin vulnerabilities**
* ~1.7M BTC in P2PK scripts exposes public keys directly; ~6.9M BTC total are currently at-rest vulnerable
* P2TR (Taproot) reintroduced at-rest vulnerability; P2PKH/P2WPKH protect against at-rest attacks only if keys are never reused
* **Proof-of-Work consensus is not meaningfully threatened**
**Ethereum vulnerabilities**
* All accounts that have sent a transaction expose their public key permanently (Account Vulnerability)
* Admin keys controlling smart contracts, stablecoins (~$200B), and RWAs are at-rest vulnerable (Admin Vulnerability)
* L2 rollups and bridges using zkSNARKs inherit cryptographic vulnerabilities (Code Vulnerability); ~15M ETH at risk
* BLS12-381 validator signatures vulnerable; compromising 2/3 of validators would allow chain rewrite (Consensus Vulnerability)
* KZG trusted setup for blob data availability is susceptible to a one-time on-setup attack (Data Availability Vulnerability)
**Dormant assets problem**
* ~2.3M BTC inactive for 5+ years cannot be migrated via software updates; likely includes Satoshi-era coins
* Three community options: Do Nothing (quantum attackers eventually take them), Burn (protocol destroys them), Hourglass (rate-limits spending)
**Migration to Post-Quantum Cryptography (PQC)**
* PQC signatures (e.g. Falcon, ML-DSA) are 10–20× larger than ECDSA, creating bandwidth and consensus challenges for Bitcoin in particular Algorand (Falcon), QRL, Abelian, and Solana (experimental) are already deploying PQC
**Migration must begin immediately; the authors estimate the window is still open but narrowing fast**
*The quantum threat to cryptocurrency is closer than commonly assumed, affects active transactions (not only dormant holdings), and requires urgent PQC migration across all major blockchains.*
2 Comments
**Securing Elliptic Curve Cryptocurrencies Against Quantum Vulnerabilities — Babbush et al. (Google Quantum AI / Ethereum Foundation / Stanford), March 2026**
Core findings:
* Shor’s algorithm can break 256-bit ECDLP (the cryptographic basis of Bitcoin and Ethereum) On a superconducting architecture, this translates to fewer than 500,000 physical qubits and ~9 minutes of runtime.
**Roughly a 20× improvement over prior estimates.**
**Bitcoin vulnerabilities**
* ~1.7M BTC in P2PK scripts exposes public keys directly; ~6.9M BTC total are currently at-rest vulnerable
* P2TR (Taproot) reintroduced at-rest vulnerability; P2PKH/P2WPKH protect against at-rest attacks only if keys are never reused
* **Proof-of-Work consensus is not meaningfully threatened**
**Ethereum vulnerabilities**
* All accounts that have sent a transaction expose their public key permanently (Account Vulnerability)
* Admin keys controlling smart contracts, stablecoins (~$200B), and RWAs are at-rest vulnerable (Admin Vulnerability)
* L2 rollups and bridges using zkSNARKs inherit cryptographic vulnerabilities (Code Vulnerability); ~15M ETH at risk
* BLS12-381 validator signatures vulnerable; compromising 2/3 of validators would allow chain rewrite (Consensus Vulnerability)
* KZG trusted setup for blob data availability is susceptible to a one-time on-setup attack (Data Availability Vulnerability)
**Dormant assets problem**
* ~2.3M BTC inactive for 5+ years cannot be migrated via software updates; likely includes Satoshi-era coins
* Three community options: Do Nothing (quantum attackers eventually take them), Burn (protocol destroys them), Hourglass (rate-limits spending)
**Migration to Post-Quantum Cryptography (PQC)**
* PQC signatures (e.g. Falcon, ML-DSA) are 10–20× larger than ECDSA, creating bandwidth and consensus challenges for Bitcoin in particular Algorand (Falcon), QRL, Abelian, and Solana (experimental) are already deploying PQC
**Migration must begin immediately; the authors estimate the window is still open but narrowing fast**
*The quantum threat to cryptocurrency is closer than commonly assumed, affects active transactions (not only dormant holdings), and requires urgent PQC migration across all major blockchains.*
TLDR: ALGORAND