Bitcoin’s biggest quantum risk may not be wallet keys. An early investor fears something bigger

Andrew Gault, the venture capitalist who funded the quantum hardware labs now threatening bitcoin, says the industry is looking in the wrong place. Google's own security team moved in the same direction in March.

What to know:

• Security experts warn that the most urgent quantum threat to bitcoin and the broader financial system is not wallet keys but the encrypted authentication data already moving between institutions and being quietly harvested today.
• Adversaries are pursuing a “harvest now, decrypt later” strategy, stockpiling encrypted interbank messages, payment records and digital signatures to unlock once quantum computers become powerful enough, a risk Google and Citi have both begun modeling on aggressive timelines.
• While Ethereum has begun a coordinated post-quantum migration and Google is targeting 2029 for its own transition, Bitcoin and major crypto exchanges and custodians have yet to commit publicly to similar protections for their wire-level signing infrastructure.

A venture capitalist who has spent a decade backing deep-tech and quantum hardware startups says the bitcoin BTC$73,523.91 industry is fixated on the wrong half of the quantum problem, the wallet keys instead of the encrypted messages already moving between exchanges, bridges and custodians today.

“The financial system's most dangerous vulnerability isn't stored data, it's the data moving between institutions right now," Andrew Gault, CEO of networking firm ZeroTier, told CoinDesk in a recent chat.

Gault is CEO of networking firm ZeroTier and a founding partner of 7percent Ventures, a London- and San Francisco-based deep-tech firm whose portfolio includes British quantum-computing startup Universal Quantum.

"Every interbank message, every payment authentication record, and every digital signature traveling across a network today is being collected by sophisticated adversaries who don't need to read it yet," he noted.

"CISOs and security teams have been trained to protect data at rest. What nobody wants to say out loud is that the adversary's strategy has changed. They're patient, they have storage, and they're building a library of today's encrypted traffic to decrypt the moment quantum capability crosses the threshold," he added.

The Google Quantum AI research that rattled bitcoin in March showed a sufficiently powerful quantum computer could derive a bitcoin private key from an exposed public key in about nine minutes, came from outside his portfolio.

The conversation since that paper has centered on the roughly 6.9 million BTC sitting in addresses with exposed public keys and Bitcoin's missing post-quantum migration plan.

But Gault says the more urgent exposure is the data already being collected off the open internet for decryption later, regardless of whether a working quantum computer exists yet.

Google's own security engineers have moved the same direction. In a March post, the company set 2029 as its target for completing a post-quantum cryptography migration, citing progress on quantum hardware, error correction and factoring resource estimates.

The post, written by Google vice president of security engineering Heather Adkins and senior cryptography engineer Sophie Schmieg, said the company has reprioritized its internal threat model to focus on authentication services and digital signatures, the same wire-level signing infrastructure Gault has been pointing at.

"The threat to encryption is relevant today with store-now-decrypt-later attacks," the post said.

The strategy driving that urgency is known in cryptography circles as "harvest now, decrypt later." It assumes adversaries don't need to read encrypted traffic today, only store it cheaply until a sufficiently powerful quantum computer arrives.

Citi modeled the bank-system version of the scenario in February, estimating a quantum-enabled attack on a single top-five U.S. bank's access to the Fedwire Funds Service payment system could trigger a $2 trillion to $3.3 trillion cascade across the U.S. economy, equal to a 10% to 17% decline in real GDP.

The Global Risk Institute, cited in the same Citi report, puts the probability of a cryptographically relevant quantum computer arriving by 2034 at between 19% and 34%.

For crypto, the wire-level surface is broader than the wallet one. Cross-chain bridge proofs, exchange API authentication packets, signed transactions broadcast and archived in public mempools, and the back-channel signing traffic between cold storage and trading desks all sit on the same vulnerability spectrum as the bank-grade encryption Citi was modeling.

CoinShares argued in a February report that the wallet-key fear is overstated, estimating only about 10,200 BTC are concentrated enough to move markets if stolen.

Gault's worry is a different one. "The particularly uncomfortable reality for financial institutions is that the authentication records being harvested aren't just sensitive," he said. "It's the proof layer that determines who owns what, who authorized which transaction, and who bears legal liability."

Ethereum (ETH) has launched a coordinated post-quantum migration, but Bitcoin has not done the same. Major crypto exchanges and custodians, where most of the signing traffic lives, have not publicly committed to one either.

More For You

Ronghui Gu shares tips on how to isolate AI agents while testing them so they do not have access to critical personal information or digital assets.

What to know:

• Security firm CertiK warns that the rapid deployment of autonomous AI agents, often unisolated and unvetted, is creating a massive and dangerous “security debt” across networks and applications.
• By granting AI agents access to local files, credentials and financial tools, users are effectively creating powerful insider threats that can be...

Bitcoin, ether, XRP, dogecoin lag a nine-week stocks rally as ETF demand cools

19 minutes ago

‘The banks will not accept it’: Dimon escalates battle over stablecoin rewards in CLARITY Act debate

9 hours ago

U.S. regulator says 24/7 trading is great for crypto, may not be fit for other sectors

13 hours ago

Mass deployment of AI agents is a disaster waiting to happen, says CertiK CEO

14 hours ago

Clarity Act Risks Regulation Without Oversight, Brookings Fellow Says

14 hours ago

Live markets: Bitcoin shrugs off early decline, but two-month winning streak is in jeopardy

15 hours ago

U.S. CFTC opens crypto 'perp' door with first approvals at Kalshi, Coinbase

16 hours ago

What American crypto asset perpetuals mean for the future of crypto

16 hours ago

Strategy's STRC slips below $99 as Strive captures investor attention

20 hours ago

Hyperliquid bigger than NASDAQ, says ICE CEO Jeffrey Sprecher

17 hours ago

Bitcoin ETF outflows reach record 9-day streak as investors pull $2.8 billion

19 hours ago

In this article

BTCBTC$73,523.91◢0.11%