Bitcoin’s Quantum Threat Just Shifted, and Most of the Industry Is Staring at the Wrong Door

If someone broke into your house, but instead of stealing your TV, they took your locked filing cabinet with tons of important documents in there but no way to access them (because it’s a super-secure top-of-the-range filing cabinet) for nefarious purposes, you wouldn’t be that worried. But then one day they get their hands on a machine that can unlock the previously unlockable cabinet and now your documents are out in the open, and they can use them for, say, getting a loan in your name.

That’s basically what’s happening to Bitcoin’s security layer right now, except the filing cabinet is the entire financial internet and the unlocking machine is a quantum computer that doesn’t exist yet. Andrew Gault, CEO of networking firm ZeroTier and founding partner of deep-tech venture fund 7percent Ventures (whose portfolio includes quantum-computing startup Universal Quantum), said on May 30 that the crypto industry’s quantum anxiety is pointed in the wrong direction. Right now, everyone worries about wallet keys. But Gault says the actual exposure is the encrypted data already traveling between exchanges, bridges, and custodians today, data that adversaries are quietly stockpiling for future decryption.

The Copy-Now-Read-Later Problem

The strategy has a name in cryptography circles, and it goes by “harvest now, decrypt later.” State-level actors and sophisticated attackers don’t need a working quantum computer today. They just need cheap storage and patience. Every signed transaction broadcast to a public mempool, every API authentication packet between an exchange and its cold storage, every cross-chain bridge proof, all of it sits on networks where it can be captured and archived.

Gault put it bluntly:

“The adversary’s strategy has changed. They’re patient, they have storage, and they’re building a library of today’s encrypted traffic.”

He’s not alone in this assessment. Google’s security team published a post in March setting 2029 as the company’s deadline for completing a full post-quantum cryptography migration. Written by VP of security engineering Heather Adkins and senior cryptography engineer Sophie Schmieg, the post explicitly reprioritized Google’s threat model toward authentication services and digital signatures, the exact wire-level infrastructure Gault keeps flagging.

Citi modeled a version of this scenario for traditional banking in February. Its estimate is that a quantum-enabled attack on a single top-five U.S. bank’s Fedwire access could trigger a $2 trillion to $3.3 trillion cascade. That’s 10% to 17% of real GDP. The Global Risk Institute puts the probability of a cryptographically relevant quantum computer arriving by 2034 somewhere between 19% and 34%. So not tomorrow. But not never.

CoinShares countered in February that the wallet-key fear is overstated and estimated that only about 10,200 BTC is concentrated enough in exposed-public-key addresses to move markets if stolen. Fair point. But Gault’s concern operates on a completely different surface. The authentication records being harvested are far from being “just” financially sensitive. They’re the proof layer, who owns what, who authorized which transaction, who bears legal liability.

Who’s Actually Moving on the Bitcoin Quantum Threat

Ethereum has begun a coordinated post-quantum migration. Google set its 2029 deadline. Bitcoin has done neither. Major crypto exchanges and custodians, where most of the signing traffic actually lives, haven’t publicly committed to post-quantum protections for their wire-level infrastructure.

The uncomfortable math here is simple. The window for protecting data in transit closes the moment that data leaves your server. You can upgrade wallet cryptography later. You cannot un-send a packet already captured three years ago.

So the industry keeps debating whether quantum computers can crack wallet keys (they probably can, eventually, for a subset of addresses), whereas the quieter and arguably more consequential vulnerability just sits there humming on every network connection between every major piece of crypto infrastructure.

Naturally, nobody wants to spend money defending against a threat that hasn’t materialized yet. That’s how this always works. The fix is boring, expensive, and invisible when it succeeds. The failure is spectacular and obvious after the fact. Somewhere between those two outcomes, a bunch of encrypted packets are sitting on a server, waiting.