Most online reactions to Google’s Quantum AI paper, released Monday evening, focused on bitcoin. The nine-minute attack, a 41% probability of theft and the 6.9 million BTC possibly exposed.
The Ethereum section received less attention. It deserves more.
The white paper, co-authored with Ethereum Foundation researcher Justin Drake and Stanford’s Dan Boneh, describes five ways a quantum computer could attack Ethereum, each targeting a different part of the network.
The combined exposure exceeds $100 billion at current prices, and the impact could be much greater.
Wallets that can never hide
On Bitcoin, your public key (the cryptographic identity linked to your funds) can remain hidden behind a hash, a sort of digital fingerprint, until you spend. On Ethereum, as soon as a user sends a transaction, their public key is permanently visible on the blockchain.
There is no way to spin it without completely abandoning the account. Google estimates that the top 1,000 Ethereum wallets, holding approximately 20.5 million ETH, are exposed.
A quantum computer deciphering one key every nine minutes could process all 1,000 in less than nine days.
The main keys of DeFi
Many smart contracts on Ethereum, the self-executing programs that manage lending, trading, and stablecoin issuance, grant special privileges to a handful of administrator accounts. These administrators can suspend the contract, update its code or transfer funds.
Google found at least 70 major contracts with admin keys exposed on-chain, holding around 2.5 million ETH. But the biggest risk lies in what these keys control beyond ETH.
Administrator accounts also govern the minting authority of stablecoins like USDT and USDC, meaning a quantum attacker who cracks one could print an unlimited number of tokens. The paper estimates that approximately $200 billion worth of stablecoins and tokenized assets on Ethereum depend on these vulnerable admin keys.
Forging even one could start a chain reaction across all lending markets that accept these tokens as collateral.
Layers 2 built on vulnerable math
Ethereum processes the bulk of its transactions through Layer 2 networks, separate systems like Arbitrum and Optimism that manage and report on activity off the main chain.
These L2s rely on Ethereum’s built-in cryptographic tools, none of which are quantum-resistant. The document estimates that at least 15 million ETH is exposed in major L2s and cross-chain bridges.
Only StarkNet, which uses a different type of calculation based on hash functions rather than elliptic curves, is considered secure.
Attacking the Staking System
Ethereum secures itself through proof-of-stake, where validators (network participants who lock up ETH as collateral) vote on which transactions are valid. These votes are authenticated using a digital signature system that the newspaper considers vulnerable to quantum computers.
Around 37 million ETH are at stake. If an attacker compromises a third of the validators, the network can no longer finalize transactions. Two-thirds gives the attacker the opportunity to rewrite the history of the channel.
The paper notes that if gambling is concentrated in large pools, like Lido at around 20%, targeting a single vendor’s infrastructure could significantly reduce the attack’s timeline.
The exploit that only needs to be performed once
This is the unprecedented vector. Ethereum uses a system called Data Availability Sampling to verify that transaction data published by L2 networks actually exists. This system depends on a unique installation ceremony that generated a secret number, which was supposed to be destroyed afterwards.
A quantum computer could recover this secret from publicly available data. Once recovered, it becomes a permanent tool, normal software, capable of forging data verification proofs forever without needing quantum access again.
Google describes this exploit as “potentially tradable.” Every L2 that depends on Ethereum’s blob data system would be affected.
Ethereum’s advance and its limits
Drake, one of the paper’s co-authors, serves on the Ethereum Foundation. The Foundation launched a post-quantum research portal last week, backed by eight years of work, with testnets shipping weekly and a multi-fork upgrade roadmap aiming for quantum-resistant cryptography by 2029.
Ethereum’s 12-second block times also make stealing transactions in real time much more difficult than on Bitcoin, where blocks take 10 minutes.
But the document makes clear that upgrading Ethereum’s base layer does not automatically patch the thousands of smart contracts already deployed on it. Each protocol, bridge, and L2 should independently upgrade their own code and rotate their own keys. No entity controls this process.
