Google quantum computing paper says Ethereum is at risk; media reported it as Bitcoin.

$1 BITCOIN · # ETHEREUM · # QUANTUM

The white paper specifically calls out a protocol vulnerability in Ethereum, but the headlines are all about “Bitcoin going to zero” ——

This isn’t a technical problem; it’s a traffic problem.

We brought in a former Google quantum AI researcher and a Bitcoin Core contributor. In Palo Alto, we’ll take this paper apart to see what the media actually missed.

Alan Walker (Silicon Valley investor) ·

Tony Liu (former Google quantum AI researcher) ·

Aaron Chang (Bitcoin Core contributor)

// 4/3/2026 · UNIVERSITY AVE, PALO ALTO · 10:52 AM Tony just finished a group meeting at the Google campus and hasn’t even taken off his jacket yet. Aaron stared at his phone screen — a certain financial media outlet push: “Bitcoin 2029 zero countdown.” Alan glanced at it, pushed his coffee cup to the center of the table, and said: All right. Today, you two explain it to me clearly— Whether this is actually a wolf — and where the media is lying.

01 First, that “nine minutes”

Alan Walker:

Tony, start with the most basic number: how many qubits does Google’s best quantum chip have right now?

Tony Liu · former Google quantum AI researcher:

The Willow chip has 105 physical qubits.

The paper’s own quality is very high; Babbush and Neven led the effort, and technically it truly advances the boundary of resource estimation.

Alan Walker:

So how many does the white paper say it takes to crack Bitcoin?

Tony Liu · former Google quantum AI researcher:

Most optimistic estimate: in a superconducting architecture, at least 500k physical qubits.

And this is still assuming the premise that quantum error correction has already been solved perfectly.

Alan Walker:

So Google’s own most advanced chip is nearly 5,000 times short of the threshold required by the paper.

That’s like me having a bicycle, publishing a paper that says if there were a perfect airplane, it could travel from Beijing to Shanghai in nine minutes—then the media headline writes “Nine minutes from Beijing to Shanghai becomes real” — No one asks where that airplane is.

Aaron Chang· Bitcoin Core contributor:

And there’s another layer: those 500k qubits are the number required assuming perfect error correction.

Now, the error rate of superconducting qubits is 10⁻³. To build a reliable logical qubit, you’d consume roughly 1,000 physical qubits for error correction.

This is an engineering problem. The paper doesn’t solve it; it only assumes it’s already been solved.

02 The other half the media missed: who the white paper truly targets

Alan Walker:

I read through the white paper.

There’s one detail that none of the reports mention — the specific concerns about Ethereum in the paper are far more severe than those about Bitcoin.

Aaron, you take this—this is your most familiar area.

Aaron Chang· Bitcoin Core contributor:

Yes, that’s the most overlooked part of the white paper. First, let’s talk about the attack window ——

The logic of a “time-of-use attack”:

The attacker must complete the quantum cracking and broadcast a forged transaction before your transaction is confirmed.

Bitcoin has a 10-minute block time, the maximum window. Ethereum has 12 seconds, Solana has 400 milliseconds.

If quantum machines really can complete the crack within nine minutes, that’s a huge challenge for Ethereum and nearly physically impossible for Solana.

Bitcoin, on the other hand, because it has the longest block time, is the most “quantum-resistant” of the three.

Tony Liu · former Google quantum AI researcher:

And then there’s the difference in the account model.

With Bitcoin’s P2PKH addresses, if they’ve never been used to send a transaction, the public key isn’t exposed — the attacker doesn’t even have a starting point to begin calculating.

In Ethereum’s account model, the public key is long-term publicly available, giving attackers ample offline computation time.

Alan Walker:

Anything else? The white paper must have more than just these places calling out Ethereum, right?

Aaron Chang· Bitcoin Core contributor:

The white paper also specifically mentions two risks unique to Ethereum:

First, the data availability sampling mechanism (DAS) —

A core component of Ethereum’s scaling roadmap. The white paper believes it has a “setup-phase attack” vulnerability, where an attacker can pre-generate a reusable backdoor.

Second, a privacy protocol like Tornado Cash — also listed as a high-risk target for setup-phase attacks.

These two risks have nothing to do with Bitcoin at all.

Alan Walker:

So the white paper’s conclusion is actually:

Bitcoin — long block times, no long-term exposure of public keys, a simpler protocol, relatively the safest.

Ethereum — public keys exposed by the account model, DAS has a protocol-level vulnerability, higher risk.

But the headlines are “Bitcoin is finished.”

This isn’t a technical problem; it’s a traffic problem.

Bitcoin has the largest market cap and the loudest name, so the top headlines follow. Who has higher risk has nothing to do with it.

03 Bitcoin isn’t a dead target

Alan Walker:

Even if the hardware gap is real, that gap is shrinking.

Is the Bitcoin community seriously addressing it, or is everyone just pretending to sleep?

Aaron Chang· Bitcoin Core contributor:

No one’s pretending to sleep.

After NIST standardized post-quantum cryptography algorithms in 2024 —

CRYSTALS-Kyber and CRYSTALS-Dilithium.

Work on a BIP draft in Bitcoin Core about post-quantum signature schemes is also moving forward. It’s just that there’s no traffic—so the media doesn’t cover it.

Alan Walker:

The truly dangerous scenario is “the quantum computer hits the required capability without anyone noticing.”

Tony, how realistic is that?

Tony Liu · former Google quantum AI researcher:

Basically not realistic.

Every breakthrough in quantum computing is highly public — papers, press conferences, media worldwide.

No institution can quietly build a machine with 500,000 qubits and have the entire world not notice.

The signal always arrives before the threat does.

Alan Walker:

That also explains why the paper’s author, Justin Drake, says “at least a 10% probability between 2032 and …” rather than “will certainly crack it.”

A 10% tail risk gets translated by the media into an end-of-days certainty.

That’s information distortion, not a technical conclusion.

“My confidence in achieving quantum computing by 2032 has significantly increased; by then, there is at least a 10% probability that quantum computers can recover private keys from leaked public keys.”

— Justin Drake, Ethereum Foundation, co-author of the white paper, posted on the X platform

04 Why did Google publish this paper

Alan Walker:

On the day the paper was released, Alphabet was up 5%, and quantum computing stocks surged across the board.

Was this paper an academic contribution, or a market event engineered with intention?

Tony Liu · former Google quantum AI researcher:

I don’t doubt the scientific rigor of the paper.

But there’s one thing worth noting:

Before publishing, they “communicated with the U.S. government” — that’s extremely rare for an academic paper.

Google itself clearly knows this isn’t just an academic paper.

Alan Walker:

The benefit chain is very clear: quantum hardware companies, post-quantum cryptography solution vendors, migration consulting firms, Alphabet itself.

Reports from stakeholders always tend to amplify the threat and shrink the threshold.

That’s normal. But you need to know that this filter exists.

Aaron Chang· Bitcoin Core contributor:

From the Bitcoin community’s perspective, this paper is actually a valuable input —

It gives us a clearer time framework to push the prioritization of post-quantum upgrades.

Panic will fade, but the technical problems are real, and the preparations that need to be made should be made.

05 Where did the Ethereum community go

Alan Walker:

I noticed a rather absurd detail:

One of the co-authors of the white paper is Justin Drake — someone from the Ethereum Foundation.

He participated in writing a paper pointing out that Ethereum has quantum vulnerabilities.

What was the Ethereum community’s reaction? Essentially silence.

The reaction from external media was: Bitcoin is over.

The information transmission path itself is the most absurd part of this whole farce.

Aaron Chang· Bitcoin Core contributor:

Inside the Ethereum community there is tension, but it didn’t break out into external media.

Quantum vulnerabilities in the DAS mechanism aren’t small matters; that’s core infrastructure for Ethereum’s scaling roadmap—fixing it pulls everything in its wake.

Ethereum’s post-quantum migration is about one order of magnitude more complex than Bitcoin’s:

Smart contracts, account abstraction, and various Layer 2 solutions all need coordination. This isn’t a problem you can solve by swapping to a different signature algorithm.

Tony Liu · former Google quantum AI researcher:

From an engineering perspective, this is straightforward: Bitcoin’s protocol is extremely simple, and swapping signature algorithms is relatively direct.

Ethereum is a complex state machine; post-quantum migration requires the entire ecosystem to upgrade in sync.

These are two totally different kinds of engineering problems.

Alan Walker:

So the full story goes like this:

Ethereum Foundation researchers wrote a paper pointing out that Ethereum’s quantum vulnerabilities are more severe than Bitcoin’s.

The Ethereum community knows about it and discusses response measures internally.

External media looks at it and writes: “Bitcoin is finished.”

Retail investors see that headline and panic-sell Bitcoin.

Information is simplified, distorted, and simplified again at every propagation node.

By the time it reaches the push notification on your phone screen, it has almost nothing to do with the actual content of those 57 pages.

06 Are quantum computing stocks worth following

Alan Walker:

The last question the most concerned investors care about:

QBTS, IONQ, RGTI surged across the board because of this paper.

Is this行情 worth chasing?

Tony Liu · former Google quantum AI researcher:

In terms of technical relevance, these three are very different.

IonQ uses an ion-trap approach, DWave does annealing, and Rigetti uses superconductors.

The white paper’s attack model is based on a superconducting architecture. The most directly relevant technical match is Rigetti, but Rigetti’s commercial progress is the weakest among the three, and its market cap is also the smallest.

IONQ has the largest market cap, but its technical route is actually the least connected to this paper.

This is a sentiment-driven market, not a fundamentals-driven one.

Aaron Chang· Bitcoin Core contributor:

I care more about another benefit chain:

Post-quantum cryptography NIST standardization is already complete; now it’s the eve of large-scale commercial migration.

Every major financial institution, every government system, every cloud service provider — will need to do post-quantum migration assessments and implementation.

This market is more certain than quantum hardware itself —

The time window is now, not 2030.

Alan Walker:

My view is that you should completely separate two things:

When quantum computing hardware will reach the required capability is a highly uncertain decade-plus problem; in the short term, the part that surged due to the paper will likely retrace.

Whether post-quantum cryptography migration will happen is a deterministic “now in progress” situation: the standards are already set, and every system has to switch. Here, the service and software opportunities are far more real than chasing after high-price quantum hardware stocks.

Don’t mix up “quantum computers are coming” with “post-quantum cryptography migration has already begun,”

These are two different investment theses, with time horizons at least ten years apart.

Appendix · Review of Bitcoin’s prior “doomsday predictions”

Year

Doomsday prediction

Actual outcome

⚠ A risk that deserves real concern

In the white paper, there is a genuinely real risk that has been underestimated:

Early Bitcoin used P2PK format, with public keys directly exposed on-chain.

Dormant addresses from the Satoshi era face a higher risk than ordinary addresses when quantum computers become truly mature.

This is a policy issue that needs serious discussion —

But it’s completely different from the two ideas of “the entire Bitcoin market going to zero.”

07 Alan’s conclusion: a 57-page paper becomes one push, and every step is lying

This Google white paper is serious academic work, and the paper team didn’t lie.

But the systemic risks it truly targets are Ethereum’s account model, the DAS mechanism, and the privacy protocols—not Bitcoin.

Because Bitcoin has the biggest name and the highest market cap, it became the projection screen for all kinds of panic.

The Ethereum Foundation researcher who wrote the paper probably also didn’t expect that the final public-opinion result would be — Bitcoin is finished.

More importantly, you have to separate two things:

When quantum computing hardware will reach the required capability is an uncertainty problem of at least ten years.

Post-quantum cryptography migration has already begun; the standards landed in 2024, and this is now in progress.

The former determines when the threat will arrive; the latter determines whether your system is already prepared.

Panic mixes these two together, creating a doomsday narrative that is neither accurate nor actionable.

A 57-page academic paper gets compressed by the media into a single push, then reshared through朋友圈,

becoming “Bitcoin goes to zero in 2029.”

In this chain of communication, every step loses information and amplifies emotion.

The real risk has never been the one written in the paper; it’s that, without you ever reading the paper, a single push caused you to make an investment decision.

This article is for exchanging and discussing viewpoints and does not constitute any investment advice.

The characters are fictional, and the dialogue is a literary reenactment form.

Technical data sources are from publicly released academic literature (Babbush et al., 2026).