The Quantum Threat Hiding in Plain Traffic

A venture capitalist who has spent a decade backing deep-tech and quantum hardware startups says the bitcoin industry is fixated on the wrong half of the quantum problem — the wallet keys instead of the encrypted messages already moving between exchanges, bridges and custodians today. "The financial system's most dangerous vulnerability isn't stored data, it's the data moving between institutions right now," Andrew Gault, CEO of networking firm ZeroTier, told CoinDesk in a recent chat. "Every interbank message, every payment authentication record, and every digital signature traveling across a network today is being collected by sophisticated adversaries who don't need to read it yet," he noted. "CISOs and security teams have been trained to protect data at rest. What nobody wants to say out loud is that the adversary's strategy has changed. They're patient, they have storage, and they're building a library of today's encrypted traffic to decrypt the moment quantum capability crosses the threshold," he added.

Gault is CEO of networking firm ZeroTier and a founding partner of 7percent Ventures, a London- and San Francisco-based deep-tech firm whose portfolio includes British quantum-computing startup Universal Quantum. The Google Quantum AI research that rattled bitcoin in March showed a sufficiently powerful quantum computer could derive a bitcoin private key from an exposed public key in about nine minutes — came from outside his portfolio. The conversation since that paper has centered on the roughly 6.9 million $BTC sitting in addresses with exposed public keys and Bitcoin's missing post-quantum migration plan. But Gault says the more urgent exposure is the data already being collected off the open internet for decryption later, regardless of whether a working quantum computer exists yet.

Google's own security engineers have moved in the same direction. In a March post, the company set 2029 as its target for completing a post-quantum cryptography migration, citing progress on quantum hardware, error correction and factoring resource estimates. The post, written by Google vice president of security engineering Heather Adkins and senior cryptography engineer Sophie Schmieg, said the company has reprioritized its internal threat model to focus on authentication services and digital signatures — the same wire-level signing infrastructure Gault has been pointing at. "The threat to encryption is relevant today with store-now-decrypt-later attacks," the post said.

The strategy driving that urgency is known in cryptography circles as "harvest now, decrypt later." It assumes adversaries don't need to read encrypted traffic today — only store it cheaply until a sufficiently powerful quantum computer arrives. Crypto folks will recognize this as basically playing the long game, just with worse odds than a coin flip.

Citi modeled the bank-system version of the scenario in February, estimating a quantum-enabled attack on a single top-five U.S. bank's access to the Fedwire Funds Service payment system could trigger a $2 trillion to $3.3 trillion cascade across the U.S. economy, equal to a 10% to 17% decline in real GDP. The Global Risk Institute, cited in the same Citi report, puts the probability of a cryptographically relevant quantum computer arriving by 2034 at between 19% and 34%. For those keeping score at home, that's roughly a one-in-five to one-in-three chance of seeing this nightmare unfold within a decade.

For crypto, the wire-level surface is broader than the wallet one. Cross-chain bridge proofs, exchange API authentication packets, signed transactions broadcast and archived in public mempools, and the back-channel signing traffic between cold storage and trading desks all sit on the same vulnerability spectrum as the bank-grade encryption Citi was modeling. CoinShares argued in a February report that the wallet-key fear is overstated, estimating only about 10,200 $BTC are concentrated enough to move markets if stolen. Gault's worry is a different one. "The particularly uncomfortable reality for financial institutions is that the authentication records being harvested aren't just sensitive," he said. "It's the proof layer that determines who owns what, who authorized what, and who owes what to whom."