Most of the online reaction to Google Quantum AI's paper, released late Monday, focused on bitcoin. The nine-minute attack, a 41% theft probability and the 6.9 million in possibly exposed BTC.

Ethereum's section got less attention. It deserves more.

The whitepaper, co-authored with Ethereum Foundation researcher Justin Drake and Stanford's Dan Boneh, mapped five ways a quantum computer could attack Ethereum, each targeting a different part of the network.

The combined exposure exceeds $100 billion at current prices, and the knock-on effects could be far larger.

Wallets that can never hide

On bitcoin, your public key (the cryptographic identity tied to your funds) can stay hidden behind a hash, a kind of digital fingerprint, until you spend. On Ethereum, the moment a user sends a transaction, their public key is permanently visible on the blockchain.

There is no way to rotate it without abandoning the account entirely. Google estimates the top 1,000 Ethereum wallets by balance, holding roughly 20.5 million ETH, are exposed.

A quantum computer cracking one key every nine minutes could work through all 1,000 in under nine days.

The master keys to DeFi

Many smart contracts on Ethereum, the self-executing programs that power lending, trading and stablecoin issuance, give special privileges to a handful of administrator accounts. These admins can pause the contract, upgrade its code, or move funds.

Google found at least 70 major contracts with admin keys exposed on-chain, holding about 2.5 million ETH. But the bigger risk is what those keys control beyond ETH.

Admin accounts also govern minting authority for stablecoins like USDT and USDC, meaning a quantum attacker who cracks one could print unlimited tokens. The paper estimates roughly $200 billion in stablecoins and tokenized assets on Ethereum depend on these vulnerable admin keys.

Forging even one could trigger a chain reaction across every lending market that accepts those tokens as collateral.

Layer 2s built on vulnerable math

Ethereum processes the bulk of its transactions through Layer 2 networks, separate systems like Arbitrum and Optimism that handle activity off the main chain and report back.

These L2s rely on Ethereum's built-in cryptographic tools, none of which are quantum-resistant. The paper estimates at least 15 million ETH across major L2s and cross-chain bridges is exposed.

Only StarkNet, which uses a different type of math based on hash functions rather than elliptic curves, is considered safe.

Attacking the staking system

Ethereum secures itself through proof-of-stake, where validators (network participants who lock up ETH as collateral) vote on which transactions are valid. Those votes are authenticated using a digital signature scheme the paper considers vulnerable to quantum computers.

Roughly 37 million ETH is staked. If an attacker compromises one-third of validators, the network can no longer finalize transactions. Two-thirds gives the attacker the ability to rewrite the chain's history.

The paper notes that if staking is concentrated in large pools, such as Lido at roughly 20%, targeting a single provider's infrastructure could dramatically shorten the attack timeline.

The exploit you only need to run once

This is the vector with no precedent. Ethereum uses a system called Data Availability Sampling to verify that transaction data posted by L2 networks actually exists. That system depends on a one-time setup ceremony that generated a secret number, which was supposed to be destroyed afterward.

A quantum computer could recover that secret from publicly available data. Once recovered, it becomes a permanent tool, a piece of normal software, that can forge data verification proofs forever without needing quantum access again.

Google describes this exploit as "potentially tradable." Every L2 that depends on Ethereum's blob data system would be affected.

Ethereum's head start and its limits

Drake, one of the paper's co-authors, sits inside the Ethereum Foundation. The Foundation launched a post-quantum research portal last week backed by eight years of work, with test networks are shipping weekly and a multi-fork upgrade roadmap targets quantum-resistant cryptography by 2029.

Ethereum's 12-second block times also make real-time transaction theft far harder than on bitcoin, where blocks take 10 minutes.

But the paper is clear that upgrading Ethereum's base layer does not automatically fix the thousands of smart contracts already deployed on it. Each protocol, bridge and L2 would need to independently upgrade its own code and rotate its own keys. No single entity controls that process.