Google just warned the world: your crypto wallet and digital locker may not be safe for long. On March 25, 2026, Google announced it will fully switch to quantum-safe encryption by the end of 2029 — years earlier than planned — because quantum computers could soon break the security protecting Bitcoin, Ethereum, and most digital assets.
On March 25, 2026, Google issued a measured but urgent warning: the quantum computing era capable of breaking today’s encryption may arrive sooner than many expected. In its blog post “Quantum frontiers may be closer than they appear,” the company announced it is accelerating its full migration to post-quantum cryptography (PQC) across all products and services, targeting completion by the end of 2029.
This ambitious internal deadline years ahead of NIST’s 2035 benchmark and the NSA’s 2031 target for national security systems carries special weight. It comes from Google Quantum AI, the same team building scalable quantum hardware while simultaneously hardening global digital infrastructure against the threats those machines will pose.
Just days later, on March 30–31, 2026, Google Quantum AI released a 57-page whitepaper titled “Securing Elliptic Curve Cryptocurrencies against Quantum Vulnerabilities.” Co-authored with Justin Drake of the Ethereum Foundation and Stanford cryptographer Dan Boneh, the paper provides updated resource estimates showing that breaking the elliptic curve cryptography (ECC) protecting Bitcoin, Ethereum, and most blockchains could require far fewer resources than previously thought.
The Three Drivers Behind Google’s Accelerated Timeline
Google pointed to three converging factors for advancing its deadline:
- Rapid progress in quantum hardware: Specifically, the performance of the Willow chip.
- Breakthroughs in quantum error correction: Exemplified by the Willow chip’s demonstration of exponential error suppression as systems scale.
- Revised, more efficient implementations of Shor’s algorithm for solving discrete logarithms.
The company’s updated threat model now prioritizes migration for authentication services and digital signatures. It explicitly recognizes that “Store-Now-Decrypt-Later” (SNDL) attacks already pose a present risk, while signature forgery becomes a near-future threat once cryptographically relevant quantum computers (CRQCs) emerge.
How Quantum Computers Threaten Wallets and Digital Lockers
Modern digital security and nearly all cryptocurrencies relies heavily on public-key cryptography, particularly Elliptic Curve Cryptography (ECC/ECDSA) using the secp256k1 curve. A wallet’s private key signs transactions and proves ownership. The public key (or its hash) is revealed on-chain when spending from an address.
Shor’s algorithm solves the underlying discrete logarithm problem efficiently. The Google whitepaper details two optimized quantum circuits for the 256-bit elliptic curve discrete logarithm problem (ECDLP-256):
- One using ≤ 1,200 logical qubits and ≤ 90 million Toffoli gates.
- Another using ≤ 1,450 logical qubits and ≤ 70 million Toffoli gates.
On a superconducting architecture consistent with Google’s processors, these translate to fewer than 500,000 physical qubits with execution times measured in minutes an approximately 20-fold reduction from earlier estimates. To disclose responsibly, the team published a zero-knowledge (ZK) proof verifying the circuits.
Practical risks for crypto wallets include:
- Exposed addresses: Spent outputs, reused addresses, and older Pay-to-Public-Key scripts reveal public keys. Analysis indicates approximately 6.7 million BTC (roughly 32% of supply) sit in such vulnerable positions.
- Real-time mempool attacks: An attacker monitoring the mempool could crack a revealed public key and broadcast a competing transaction in roughly nine minutes—fast enough to hijack funds before Bitcoin’s average 10-minute block time is reached.
- Hierarchical deterministic (HD) wallets: Sharing an extended public key (xpub) allows derivation of multiple private keys from a single compromise.
- Backups and seeds in digital lockers: Encrypted wallet seed phrases or private keys stored in cloud vaults become harvestable today for future decryption.
Digital lockers and encrypted cloud storage face the same core issue. Many rely on RSA or ECC for key exchange. Any data encrypted today with these algorithms and stored at rest is subject to SNDL harvesting. Symmetric encryption like AES-256 remains far more resilient.
Not Panic — But Prudent Preparation
Google stresses that no CRQC capable of these attacks exists today. However, the compressed timelines and ongoing data-harvesting activities by nation-states make early migration essential. The crypto community has shown a range of reactions, but Google and its co-authors recommend proactive steps, including reducing address reuse and transitioning to PQC signatures.
Actionable Steps Today
Google is leading by example, integrating NIST-standardized algorithms such as ML-DSA for digital signatures into Android 17, Chrome, and Cloud services.
Individuals and organizations should:
- Avoid address reuse in crypto wallets and move funds from legacy or spent addresses to fresh, never-reused ones.
- Audit digital lockers and backups for encryption schemes; prioritize providers actively adopting hybrid (classical + post-quantum) cryptography.
- Use hardware wallets and best practices that minimize unnecessary public key or xpub exposure.
- Monitor blockchain projects implementing quantum-resistant signatures and contribute to crypto-agility efforts.
The Bigger Picture
Google’s 2029 deadline is significant because the company sits at the intersection of building useful quantum computers and protecting the world’s digital infrastructure from them. As the blog post notes, “As a pioneer in both quantum and PQC, it’s our responsibility to lead by example.”
The quantum frontier is no longer a distant theoretical concern it is becoming an engineering and risk-management reality. For the millions relying on cryptocurrency wallets and digital lockers, the message is clear: today’s cryptographic foundations have a known expiration date. Those who begin upgrading now will secure their assets in the post-quantum world.