A venture capitalist who has spent a decade backing deep-tech and quantum hardware startups says bitcoin the industry is fixated on the wrong half of the quantum problem, the keys of the wallet instead of the encrypted messages that already move between exchanges, bridges and repositories today.
“The most dangerous vulnerability in the financial system is not stored data, it’s data moving between institutions right now,” Andrew Gault, CEO of networking firm ZeroTier, told CoinDesk in a recent chat.
Gault is CEO of networking company ZeroTier and a founding partner of 7percent Ventures, a London- and San Francisco-based deep-tech firm whose portfolio includes UK quantum computing startup Universal Quantum.
“Every interbank message, every payment authorization record and every digital signature that travels across a network today is being collected by sophisticated adversaries who don’t need to read it yet,” he noted.
“CISOs and security teams have been trained to protect data at rest. What no one wants to say out loud is that the adversary’s strategy has changed. They are patient, they have storage, and they are building a library of today’s encrypted traffic to decrypt the moment quantum capacity crosses the threshold,” he added.
Google Quantum AI research that rattled bitcoin in March, showing that a sufficiently powerful quantum computer could derive a bitcoin private key from an exposed public key in about nine minutes, fell outside his portfolio.
The conversation since this paper has centered on the roughly 6.9 million BTC sitting at addresses with visible public keys and Bitcoin’s lack of a post-quantum migration plan.
But Gault says the more pressing exposure is the data already being collected from the open internet for decryption later, regardless of whether a working quantum computer exists yet.
Google’s own security engineers have moved in the same direction. In a post in March, the company set 2029 as its goal to complete a post-quantum cryptography migration, citing advances in quantum hardware, error correction and factoring resource estimates.
The post, written by Google vice president of security engineering Heather Adkins and senior cryptography engineer Sophie Schmieg, said the company has reprioritized its internal threat model to focus on authentication services and digital signatures, the same wire-level signing infrastructure that Gault has pointed to.
“The threat to encryption is relevant today with store-now-decrypt-later attacks,” the post said.
The strategy driving this urgency is known in cryptographic circles as “harvest now, decrypt later.” It assumes that adversaries don’t need to read encrypted traffic today, just store it cheaply until a sufficiently powerful quantum computer arrives.
Citi modeled the banking system version of the scenario in February, estimating that a quantum-enabled attack on a single top-five US bank’s access to the Fedwire Funds Service payment system could trigger a cascade of $2 trillion to $3.3 trillion in the US economy, equivalent to a 10% to 17% drop in real GDP.
The Global Risk Institute, cited in the same Citi report, estimates the probability of a cryptographically relevant quantum computer arriving in 2034 at between 19% and 34%.
For crypto, the wire-level surface is wider than that of the wallet. Cross-chain bridge proofs, exchange of API authentication packets, signed transactions being broadcast and archived in public mempools, and the back-channel signing traffic between cold storage and trading desks all sit on the same vulnerability spectrum as the bank-grade encryption Citi modeled.
CoinShares argued in a February report that wallet-key fears are overstated, estimating that only around 10,200 BTC are concentrated enough to move markets if stolen.
Gault’s concern is another. “The particularly unpleasant reality for financial institutions is that the authentication records that are harvested are not only sensitive,” he said. “It is the layer of evidence that determines who owns what, who authorized which transaction, and who bears the legal responsibility.”
Ethereum (ETH) has launched a coordinated post-quantum migration, but Bitcoin has not. Major crypto exchanges and custodians, where most of the signing traffic resides, have not publicly committed to one either.
