A venture capitalist who has spent a decade backing deep tech and quantum hardware startups says bitcoin The industry is obsessed with the wrong half of the quantum problem: wallet keys rather than the encrypted messages that already move between exchanges, bridges and custodians today.
“The most dangerous vulnerability in the financial system is not stored data, but data moving between institutions right now,” Andrew Gault, CEO of networking company ZeroTier, told CoinDesk in a recent talk.
Gault is CEO of networking company ZeroTier and founding partner of 7percent Ventures, a London and San Francisco-based deep tech company whose portfolio includes British quantum computing startup Universal Quantum.
“Every interbank message, every payment authentication record, and every digital signature that travels across a network today is collected by sophisticated adversaries who don’t need to read them yet,” he noted.
“CISOs and security teams have been trained to protect data at rest. What no one wants to say out loud is that the adversary’s strategy has changed. They are patient, they have storage, and they are building a library of current encrypted traffic to decrypt it the moment quantum capability crosses the threshold,” he added.
Google Quantum AI research that shook Bitcoin in March showed that a sufficiently powerful quantum computer could derive a Bitcoin private key from an exposed public key in about nine minutes, it came from outside its wallet.
The conversation since that article has focused on the approximately 6.9 million BTC found in addresses with exposed public keys and Bitcoin’s missing post-quantum migration plan.
But Gault says the most pressing exposure is the data that is already being collected from the open Internet to be deciphered later, regardless of whether there is still a functioning quantum computer.
Google’s own security engineers have moved in the same direction. In a March post, the company set a target year of 2029 to complete a post-quantum cryptography migration, citing advances in quantum hardware, bug fixes, and factorization resource estimates.
The post, written by Google VP of Security Engineering Heather Adkins and Senior Cryptography Engineer Sophie Schmieg, said the company has reprioritized its insider threat model to focus on digital signature and authentication services, the same wire-level signing infrastructure that Gault has been targeting.
“The threat to encryption is relevant today with store now, decrypt, then attacks,” the post said.
The strategy driving that urgency is known in crypto circles as “harvest now, decrypt later.” Adversaries are not supposed to read encrypted traffic today, just store it cheaply until a sufficiently powerful quantum computer arrives.
Citi modeled the banking system’s version of the scenario in February, estimating that a quantum attack on one of the top five US banks’ access to the Fedwire Funds Service payments system could trigger a cascade of between $2 and $3.3 trillion across the US economy, equivalent to a 10% to 17% drop in real GDP.
The Global Risk Institute, cited in the same Citi report, places the probability of a cryptographically relevant quantum computer arriving by 2034 between 19% and 34%.
For cryptocurrencies, the surface area at the wire level is wider than that of the wallet. Cross-chain bridging tests, exchange API authentication packets, signed transactions transmitted and archived in public mempools, and side-channel signing traffic between cold storage and trading desks are all on the same spectrum of vulnerability as the bank-grade encryption Citi was modeling.
CoinShares argued in a February report that the fear of wallet keys is overblown, estimating that only around 10,200 BTC are concentrated enough to move markets in the event of theft.
Gault’s concern is different. “The particularly uncomfortable reality for financial institutions is that the authentication records that are collected are not only sensitive,” he said. “It’s the layer of proof that determines who owns what, who authorized what transaction, and who has legal liability.”
Ethereum (ETH) has launched a coordinated post-quantum migration, but Bitcoin has not followed suit. Major cryptocurrency custodians and exchanges, where most of the signing traffic resides, have also not publicly committed to any.
