A 57-page Google Quantum AI whitepaper released Monday maps five ways a quantum computer could attack Ethereum โ€” in detail and with named dollar figures. Co-authored with Ethereum Foundation researcher Justin Drake and Stanford cryptographer Dan Boneh, the paper estimates combined exposure across the five vectors exceeds $100 billion.

The Five Attack Vectors

Exposed wallets. Unlike Bitcoin, Ethereum users cannot hide their public key behind a hash after spending. Every address that has ever sent a transaction has its key permanently visible on-chain. Google estimates the top 1,000 Ethereum wallets by balance hold roughly 20.5 million ETH โ€” all exposed. A quantum computer cracking one key every nine minutes could work through all 1,000 in under nine days.

DeFi admin keys. At least 70 major smart contracts carry admin keys visible on-chain, controlling approximately 2.5 million ETH directly. More concerning: those same keys govern minting authority for stablecoins like USDT and USDC. Google estimates roughly $200 billion in stablecoins and tokenized assets on Ethereum depend on vulnerable admin keys โ€” a single crack could enable unlimited token minting.

Layer 2 bridge funds. Most L2 networks rely on Ethereum's base-layer cryptography, none of which is quantum-resistant. The paper estimates at least 15 million ETH across major L2s and cross-chain bridges is exposed. StarkNet, which uses hash-function-based cryptography instead of elliptic curves, is the only major exception.

Staking system takeover. Ethereum's validator signature scheme is considered vulnerable. With approximately 37 million ETH staked, compromising one-third of validators prevents transaction finalization; two-thirds enables rewriting chain history. Staking concentration in large pools like Lido, at roughly 20%, shortens the attack timeline.

One-time ceremony exploit. Ethereum's data availability system uses a cryptographic setup ceremony that generated a secret number โ€” intended to be destroyed. Google says a quantum computer could recover it from public data. Once recovered, it becomes a permanent software tool that can forge data verification proofs indefinitely without needing ongoing quantum access.

Context

Ethereum's 12-second block times reduce exposure to real-time transaction theft compared to Bitcoin's 10-minute blocks. The Ethereum Foundation's post-quantum roadmap, backed by eight years of research and active weekly devnets, targets a quantum-resistant base layer by 2029. However, the paper notes that upgrading Ethereum's base layer does not automatically protect the thousands of already-deployed smart contracts, bridges, and L2 systems โ€” each would need to independently rotate keys and upgrade code.