A new Google Quantum AI whitepaper outlines five vulnerabilities in Ethereum that could expose over $100 billion in assets to future quantum computing attacks. The study reveals that with the permanent visibility of Ethereum public keys once a transaction occurs, the top 1,000 wallets, along with at least 70 major admin-controlled smart contracts, are at significant risk. Google estimates that a quantum computer could compromise one Ethereum key every nine minutes, potentially leading to the loss of all 1,000 wallets within nine days.
The report emphasizes the potential consequences on Ethereum’s proof-of-stake system and various Layer 2 networks, which are also vulnerable. Existing contracts and infrastructure must undergo individual upgrades and rekeying separate from the general Ethereum upgrades planned by the Ethereum Foundation, targeted for 2029.
Wallets on Ethereum become permanently exposed once a user transacts, unlike Bitcoin, where public keys remain hidden until funds are spent. The whitepaper estimates that 20.5 million ETH is held across the top 1,000 wallets, placing these assets in jeopardy. If one of these wallets is compromised, the ramifications could extend to a broader range of smart contracts, which Google identifies as potentially housing 2.5 million ETH and governing roughly $200 billion in stablecoins.
The vulnerabilities extend to major Layer 2 systems, with estimates indicating that at least 15 million ETH across these platforms are similarly exposed. Only StarkNet is deemed safe due to its use of different cryptographic principles that do not rely on elliptic curves vulnerable to quantum attacks.
Ethereum’s proof-of-stake model, where validators stake ETH to confirm transactions, also risks exploitation. Approximately 37 million ETH is currently staked, and if an attacker were to compromise a third of the validators, transaction finalization would cease. Compromising two-thirds could enable an attacker to manipulate the blockchain’s history.
Additionally, the Data Availability Sampling system is identified as susceptible to a novel attack method. This system relies on a secret generated during a setup ceremony, which, if recovered by a quantum computer, would allow perpetual access to forge data verification proofs without ongoing quantum access.
Justin Drake, co-author of the report and a researcher at the Ethereum Foundation, has confirmed that the foundation plans to launch quantum-resistant upgrades by 2029. Meanwhile, the foundation’s recently established post-quantum research portal aims to facilitate ongoing advancements in this arena.
The paper further notes that while Ethereum’s rapid block times (12 seconds) render real-time theft more difficult compared to Bitcoin’s 10-minute intervals, the upgrades required for existing smart contracts are complex and not guaranteed to happen uniformly across the network.
Separately, the Ethereum layer-2 network, Base, is shifting from the Optimism tech stack toward a proprietary infrastructure. This transition aims to enhance operational independence and scalability as the network focuses on expanding tokenized asset markets and improving stablecoin payments. The shift is part of a broader movement to capitalize on rising institutional interest in on-chain finance.
