Most of the online reaction to Google Quantum AI’s paper, released late Monday, focused on bitcoin. The nine-minute attack, a 41% theft probability and the 6.9 million in possibly exposed BTC.
Ethereum’s section received less attention. It deserves more.
The white paper, co-authored with Ethereum Foundation researcher Justin Drake and Stanford’s Dan Boneh, outlined five ways a quantum computer could attack Ethereum, each targeting a different part of the network.
The total exposure exceeds $100 billion in current prices, and knock-on effects could be far greater.
Wallets that can never hide
On bitcoin, your public key (the cryptographic identity tied to your money) can remain hidden behind a hash, a kind of digital fingerprint, until you spend. On Ethereum, the moment a user sends a transaction, their public key is permanently visible on the blockchain.
There is no way to rotate it without giving up the account completely. Google estimates that the top 1,000 Ethereum wallets by balance, holding around 20.5 million ETH, are exposed.
A quantum computer that cracks a key every nine minutes can work through all 1,000 in less than nine days.
The main keys to DeFi
Many smart contracts on Ethereum, the self-executing programs that drive lending, trading and stablecoin issuance, grant special privileges to a handful of administrator accounts. These administrators can pause the contract, upgrade its code, or move funds.
Google found at least 70 major contracts with admin keys visible on the chain, with around 2.5 million ETH. But the bigger risk is what these keys control beyond ETH.
Administrator accounts also control the minting authority for stablecoins like USDT and USDC, meaning a quantum attacker who cracks one can print unlimited tokens. The paper estimates that around $200 billion in stablecoins and tokenized assets on Ethereum depend on these vulnerable admin keys.
Forging even one could trigger a chain reaction across any lending market that accepts these tokens as collateral.
Layer 2s built on vulnerable math
Ethereum processes the bulk of its transactions through Layer 2 networks, separate systems like Arbitrum and Optimism that handle activity off the main chain and report back.
These L2s rely on Ethereum’s built-in cryptographic tools, none of which are quantum resistant. The paper estimates that at least 15 million ETH across major L2s and cross-chain bridges have been exposed.
Only StarkNet, which uses a different type of math based on hash functions rather than elliptic curves, is considered secure.
Attacking the betting system
Ethereum secures itself through proof-of-stake, where validators (network participants who unlock ETH as collateral) vote on which transactions are valid. These votes are authenticated using a digital signature scheme, which the paper considers vulnerable to quantum computers.
About 37 million ETH have been staked. If a hacker compromises a third of the validators, the network can no longer complete transactions. Two-thirds allows the attacker to rewrite the history of the chain.
The paper notes that if the effort is concentrated in large pools, such as Lido at around 20%, targeting a single provider’s infrastructure can dramatically shorten the attack timeline.
You only need to run the exploit once
This is the vector without precedent. Ethereum uses a system called Data Availability Sampling to verify that transaction data submitted by L2 networks actually exists. That system depended on a one-time setup ceremony that generated a secret number that had to be destroyed afterward.
A quantum computer could recover this secret from publicly available data. Once recovered, it becomes a permanent tool, a piece of normal software that can falsify data verification proofs forever without having to gain quantum access again.
Google describes this exploit as “potentially marketable”. Every L2 that depends on Ethereum’s blob data system will be affected.
Ethereum’s Edge and Its Limits
Drake, one of the paper’s co-authors, sits inside the Ethereum Foundation. The foundation launched a post-quantum research portal last week, backed by eight years of work, with test networks being shipped weekly, and a multi-fork upgrade roadmap targeting quantum-resistant cryptography by 2029.
Ethereum’s 12-second block times also make real-time transaction theft far more difficult than on bitcoin, where blocks take 10 minutes.
But the paper is clear that upgrading Ethereum’s base layer will not automatically fix the thousands of smart contracts already implemented on it. Each protocol, bridge and L2 must independently upgrade its own code and rotate its own keys. No single entity controls this process.
