A paper co-signed by an Ethereum Foundation researcher has reignited quantum alarmism – but the engineering realities tell a very different story.
The Google Quantum AI team has published a paper estimating that fewer than 500,000 physical qubits – roughly 20 times fewer than previous projections – would be needed to break the elliptic curve cryptography used by Bitcoin. The media ran with headlines like “Bitcoin cracked in 9 minutes“. It’s worth examining who signed the paper, what it actually says, and how far it sits from reality.
Among the study’s authors are Google researchers Ryan Babbush and Hartmut Neven, but also Justin Drake. Drake identifies himself in the paper as a “Bitcoin security researcher” – a rather creative credential for someone who works for the Ethereum Foundation. Drake himself, in his comment thread on the paper, let slip that “Bitcoin PoW is cooked” – that Bitcoin’s Proof-of-Work is finished. That’s a statement that betrays more of a narrative agenda than impartial scientific analysis, especially given that the paper itself acknowledges that Grover’s algorithm-based attacks on Bitcoin mining remain impractical for decades to come.
Drake is also the architect of the Ethereum Foundation’s post-quantum roadmap, launched one week before the paper’s publication via the portal pq.ethereum.org, with eight years of declared research, weekly devnets, and $2 million in research prizes. He is simultaneously co-author of the study quantifying the threat and designer of the proposed solution on Ethereum’s side. The conflict of interest is structural.
Giacomo Zucco – president of Plan ₿ Network, an early bitcoiner and, crucially, a physicist – is among the most forceful voices dismantling the quantum FUD narrative. In a series of posts published in the hours following the paper, Zucco put the numbers in perspective: “A single logical qubit with a sufficiently low error rate to pose a practical problem for secp256k1 has no credible engineering roadmap to exist. Let alone 1,200 of those qubits in coherence.”
https://x.com/giacomozucco/status/2039029248762024162?s=20
His forecast: by 2029, and even more so by 2027, taproot UTXOs with exposed public keys will be perfectly safe. When a user asked about the probability of a quantum computer posing a threat before 2030, Zucco’s answer was: “0.001%”. He said he would be willing to bet on that prediction, provided a trustless mechanism for doing so could be found.
The reality is this: today there are approximately 96 entangled logical qubits. The coherence gap relative to what would be needed to execute the attack described in the paper is around 100,000 times. Meanwhile, BIP-360 – the proposal for a quantum-resistant address format – is already live on testnet. As summarized in TFTC’s analysis: the protocol will be ready before the computers are.
https://x.com/TFTC21/status/2038979991350722861?s=20
Paradoxically, the real risk tied to the quantum narrative is not the quantum computer itself. As Zucco noted in a previous interview with Atlas21 on the sidelines of the Plan ₿ Forum in Lugano, quantum FUD is at best useless and at worst actively harmful. If government bodies or foundations with specific interests managed to push for the replacement of current cryptographic algorithms with newer, less battle-tested and potentially compromised “quantum-safe” algorithms, the damage would be real. Adding new algorithms in parallel to existing ones is prudent. Replacing them under the pressure of an artificially constructed emergency “would look like an operation orchestrated by three-letter government agencies“, in Zucco’s words.
Bitfinex analysts offered an aligned reading: quantum computing is an engineering challenge, but in its current form it is far from being an existential threat. Peter Todd, a Bitcoin Core contributor, noted that quantum computers capable of breaking modern cryptography simply do not exist.
The question worth asking is not whether Bitcoin will survive quantum computing. It is: “Who benefits from building an apocalyptic narrative around non-existent machines, non-replicable estimates, and papers co-signed by parties with clear conflicts of interest?” The answer lies in the signatures at the bottom of the document.
