Recent research from Caltech and Google Quantum AI has sharply lowered the estimated quantum resources needed to break the elliptic-curve signatures that protect Bitcoin. The new findings move the threat from a distant theoretical concern to a much more immediate planning issue for the network and its participants.
Both papers argue that earlier assumptions about the scale of a successful quantum attack are now outdated. What once appeared to require millions of qubits is now being re-evaluated under newer assumptions about error correction, hardware design, and the practical execution of Shor-style attacks.
Quantum requirements are falling faster than expected
The Caltech research, tied to work involving the startup Oratomic, focused on neutral-atom error correction and outlined a path toward fault-tolerant systems using roughly 10,000 to 20,000 logical or reconfigurable qubits. That work suggests neutral-atom architectures may become viable for serious cryptographic attacks with fewer resources than many earlier models assumed.
One estimate cited in the research indicated that a machine with around 26,000 qubits could break ECC-256 in roughly 10 days. That projection does not imply an active exploit today, but it does compress the timeline for when exposed Bitcoin keys could become vulnerable.
Google’s whitepaper pushed the implications further on the superconducting side. Its analysis concluded that a superconducting machine with fewer than about 500,000 physical qubits could, under its assumptions, break elliptic-curve protections in minutes, representing about a twentyfold reduction from previous superconducting estimates.
Bitcoin still has time, but not unlimited time
The immediate consequence is not that Bitcoin is currently broken, but that the margin for preparation is shrinking. Addresses that reveal public keys remain the most exposed, and that risk becomes more important if quantum capability arrives before the network adopts broader post-quantum protections.
Bitcoin developers have already explored mitigations, including proposals such as BIP-360 and Pay-to-Merkle-Root-style formats that keep public keys hidden until spending. Those measures help reduce exposure, but they do not yet replace ECDSA with a quantum-resistant signature system.
That leaves the ecosystem facing a slow and difficult transition. Any meaningful migration will require years of coordination among developers, miners, exchanges, custodians, and large holders, creating a period in which legacy addresses may carry asymmetric risk.
The market impact could arrive before the technical break
The research also raises a broader market question: how quickly investors begin pricing quantum risk before an actual breakthrough occurs. A credible shorter-term threat could affect custody practices, shift hedging behavior, and change the way traders price long-dated risk across spot, futures, and options markets.
That pressure is likely to be strongest for institutions with large cold-storage balances or operational exposure to older wallet formats. For those participants, the problem is no longer just cryptographic theory but the practical challenge of migrating funds safely without disrupting liquidity, treasury operations, or client flows.
Google’s own 2029 target for moving its infrastructure to post-quantum cryptography adds weight to the sense of urgency. When a large technology operator sets a public migration timeline, it signals that preparation is no longer optional background work but an active strategic priority.
For Bitcoin and the wider market, the message is increasingly clear. The key task now is not predicting the exact arrival of a quantum-capable machine, but accelerating audits, reducing key exposure, and building migration paths before the window narrows further.
