Quantum Threat to Bitcoin: In-Transit Signatures at Risk

Quantum danger to Bitcoin may be hiding in plain sight — and it isn’t just private keys. Andrew Gault, a decade-long backer of deep-tech and quantum hardware startups and CEO of networking firm ZeroTier, argues the crypto industry is focused on the wrong half of the quantum threat. In a recent CoinDesk interview, Gault — also a founding partner at London- and San Francisco-based 7percent Ventures, whose portfolio includes British quantum startup Universal Quantum — warned that the bigger vulnerability is not cold-wallet keys sitting idle, but the encrypted messages already streaming between exchanges, bridges, custodians and banks. “The financial system's most dangerous vulnerability isn't stored data, it's the data moving between institutions right now,” Gault said. He emphasized that every interbank message, payment authentication record and digital signature traversing networks today is being harvested by sophisticated actors who may not need to decrypt it now — only store it until quantum machines can break the encryption. The fear of quantum cracking private keys flared after Google Quantum AI researchers published results showing a sufficiently powerful quantum computer could derive a Bitcoin private key from an exposed public key in roughly nine minutes. That paper focused attention on about 6.9 million BTC currently sitting in addresses with exposed public keys and reignited concerns about Bitcoin’s lack of a coordinated post-quantum migration plan. But Gault says the more immediate problem is “harvest now, decrypt later” — the practice of capturing encrypted traffic today for decryption once quantum hardware catches up. Tech giants are already shifting priorities in that direction. In March, Google set 2029 as its target for completing a move to post-quantum cryptography, citing advances in quantum hardware, error correction and resource estimates. In a blog post, Google security leads Heather Adkins and Sophie Schmieg said the company has reprioritized its threat model toward authentication services and digital signatures — the same wire-level signing infrastructure Gault flags. “The threat to encryption is relevant today with store-now-decrypt-later attacks,” they wrote. The economic stakes are enormous. Citi modeled a quantum-enabled compromise of a single top-five U.S. bank’s access to the Fedwire Funds Service and estimated a cascading impact of $2 trillion to $3.3 trillion across the U.S. economy — a shock equal to a 10%–17% drop in real GDP. The Global Risk Institute, cited in Citi’s analysis, puts the probability of a cryptographically relevant quantum computer arriving by 2034 at roughly 19%–34%. For crypto, the attack surface is broader than just wallet keys. Cross-chain bridge proofs, exchange API authentications, signed transactions sitting in mempools, and the private signing traffic between cold storage and trading desks all live on the same vulnerability spectrum as bank-grade communications. CoinShares argued in February that the wallet-key fear may be overstated, estimating only about 10,200 BTC are concentrated enough to move markets if stolen. Gault’s concern is more structural: authentication records and signature proofs define who owns assets, who authorized transactions, and who bears legal liability — data that could be weaponized long after it’s collected. Some parts of the ecosystem are moving. Ethereum has launched a coordinated post-quantum migration effort. Bitcoin, however, has no comparable plan, and major exchanges and custodians — where much of the signing traffic is generated — have not publicly committed to a unified migration strategy. Until institutions treat moving-data encryption with the same urgency as stored keys, the industry could be building tomorrow’s vulnerabilities with today’s protocols.