Concerns Over Quantum Vulnerabilities in Bitcoin

A venture capitalist with a decade of experience in deep tech and quantum hardware has raised alarms regarding Bitcoin, currently priced at $73,502.13. He believes the focus should shift away from wallet keys to the encrypted messages currently circulating between various exchanges, custodians, and bridges.

Andrew Gault, CEO of networking firm ZeroTier, shared in a recent discussion that the most significant risk to the financial system lies not in stored data but rather in the data actively being transmitted between institutions.

Gault, also a founding partner at 7 Percent Ventures—a deep tech firm based in London and San Francisco—cited the collection of sensitive interbank messages, payment authorizations, and digital signatures by sophisticated hackers. They don’t necessarily require the ability to read this data yet, but it’s being stored.

“CISOs and security teams traditionally focus on safeguarding data at rest,” he remarked. “What’s often overlooked is that the enemy’s strategy has evolved. They are patient, equipped with storage, and building a library of encrypted traffic to decrypt once quantum technology reaches a certain level.”

This concern was echoed by Google’s quantum AI research released earlier this year, which demonstrated that a powerful enough quantum computer could potentially derive a Bitcoin private key from a public key in only about nine minutes. This has led to discussions regarding the 6.9 million BTC linked to publicly accessible addresses and the absence of a transition plan for Bitcoin in a post-quantum world.

However, Gault stresses that the more pressing issue is that, regardless of the existence of quantum computers, data is already being collected from the internet, waiting to be decrypted later.

Google’s security engineers have expressed a similar direction. In March, the company set a target of completing its transition to post-quantum cryptography by 2029, acknowledging advancements in quantum technology, error correction, and other factors.

In a blog post from security leaders at Google, they indicated a shift in focus to authentication services and digital signatures, aligning with Gault’s concerns. They noted that many current threats center on storing encrypted data to decrypt later.

This idea, commonly referred to as “harvest now, decrypt later” in crypto discussions, assumes attackers don’t need immediate access to encrypted traffic; rather, they can store it inexpensively until quantum computing capabilities catch up.

A report from Citi in February analyzed potential vulnerabilities in banking systems, estimating that a quantum attack on a major U.S. bank could lead to losses ranging from $2 trillion to $3.3 trillion, which could translate to a 10% to 17% decline in real GDP.

The Global Risk Institute, referenced in Citi’s report, evaluated the probability of cryptographically relevant quantum computers emerging by 2034 to be between 19% and 34%.

For cryptocurrencies, Gault points out that vulnerabilities extend beyond just wallet keys. It includes various types of transaction data such as cross-chain bridge proofs, exchange API authentication, and signature traffic—all of which share similar risks as the bank-grade encryption from Citi’s projections.

While CoinShares indicated that fears surrounding wallet keys are overstated, estimating only about 10,200 BTC could significantly impact the market if stolen, Gault’s views highlight a broader concern. “The authentication records that are collected are not merely sensitive; they serve as a crucial evidence layer for ownership, transaction approval, and legal responsibility,” he stated.

Despite Ethereum beginning a coordinated post-quantum transition, Bitcoin has yet to take similar steps, leaving major exchanges and custodians silent on their commitments regarding these issues.