Crypto’s Quantum Threat Isn’t Where You Think It Is

Most of the conversation about quantum computing and cryptocurrency fixates on the fear that a future quantum machine will crack wallet keys and drain Bitcoin balances overnight. This fear is directionally correct but aimed at the wrong target. The more immediate problem has a name, and security researchers have been using it for years. It’s called “harvest now, decrypt later.” And it’s already happening.

In simple terms, harvest now, decrypt later means adversaries are copying and storing encrypted network traffic today and waiting for quantum hardware capable of reading it tomorrow. They don’t need a working quantum computer right now. They just need disk space and patience. Andrew Gault, the CEO of software-defined networking service ZeroTier, made this point explicitly in a May 2026 warning, when he argued that the data flowing between institutions in real time represents a far bigger vulnerability than static wallet keys sitting on a blockchain.

He’s right to shift the focus. Let’s face it, the crypto industry has spent years debating theoretical Q-Day timelines and ignoring the data already being siphoned off the wire.

The Proof Layer Problem

Gault’s specific concern is what he calls the “proof layer,” the authentication records, digital signatures, payment confirmations, and settlement messages continuously exchanged between financial institutions and blockchain networks. This is the information that determines ownership and responsibility across financial systems.

“The financial system’s most dangerous vulnerability isn’t stored data, it’s the data moving between institutions right now. Every interbank message, every payment authentication record, and every digital signature traveling across a network today is being collected by sophisticated adversaries who don’t need to read it yet.”

In other words, if an adversary captures this traffic now and decrypts it in five or ten years, they gain the ability to forge or dispute past transactions. That’s a systemic exposure. One compromised interbank settlement record has a different blast radius than one stolen private key.

The harvest now, decrypt later framework also changes the math on urgency. Post-quantum cryptography, the new encryption standards designed to resist quantum attacks, only protects data from the moment it’s deployed forward. Anything captured before the upgrade sits in adversary storage, permanently vulnerable. Every day without migration is another day of harvestable traffic.

Where Bitcoin and Ethereum Diverge

Ethereum has begun a coordinated post-quantum migration effort in 2026, with developers actively working toward protocol-level changes. Bitcoin hasn’t adopted a comparable plan. Its transactions still rely on the elliptic curve digital signature algorithm (ECDSA), which a sufficiently powerful quantum computer could theoretically break.

The timeline estimates for when such a computer arrives vary wildly. Analyst Nic Carter has placed Q-Day around 2035. Other estimates put it as early as 2027. Google’s ongoing quantum advances keep pushing the conversation back into public view, and venture investor Chamath Palihapitiya has described Bitcoin’s holdings as a potential “honeypot” for non-state actors.

Bitcoin’s community prizes deliberate, consensus-driven protocol changes. That caution has real value. Rushing a cryptographic migration could introduce bugs worse than the threat it addresses. But the harvest now, decrypt later problem doesn’t wait for consensus. The traffic being collected today won’t benefit from a migration completed in 2030.

The Commercial Interest Worth Acknowledging

Gault isn’t a neutral observer. ZeroTier recently launched ZeroTier Quantum, a networking platform built to meet NIST’s highest post-quantum cryptographic benchmarks. His company sells the solution to the exact problem he’s describing. This commercial interest is worth flagging.

But the underlying argument doesn’t collapse because the messenger has skin in the game. NIST finalized its first set of post-quantum encryption standards in 2024 precisely because the U.S. government’s own researchers recognized the harvest now, decrypt later threat as credible and present. The National Security Agency (NSA) has warned about the same data-collection risk. Gault is amplifying a concern that existed before his product did.

Rather than dismissing his framing because of the sales angle, it’s more useful to separate the claim from the pitch. The claim, that encrypted transit data is being harvested by sophisticated actors right now, is well-supported by public intelligence assessments. The pitch, that his product solves it, is a commercial decision each buyer can evaluate independently.

What This Means for Crypto Holders

The harvest now, decrypt later threat doesn’t create an obvious action item for someone holding Bitcoin in a cold wallet. Your keys aren’t the primary target of this specific attack vector. The concern is institutional. It’s about the infrastructure carrying transaction data between nodes, exchanges, custodians, and banks.

For protocol developers and exchange operators, the calculus is different. Every unencrypted or classically-encrypted message sent today is a liability with a delayed fuse. At the very least, organizations handling crypto transaction data should be evaluating post-quantum transport layer security now, not after Q-Day headlines start trending.

The crypto industry’s blind optimism about quantum timelines is the real risk. The threat isn’t a future computer. It’s a present-day tape recorder, running quietly, storing everything, waiting.