Bitcoin custody boom faces quantum computing threat by 2040
In brief
- BNY announces Bitcoin and Ethereum custody in Abu Dhabi with $59.4 trillion in assets under custody
- Standard Chartered to fully acquire Zodia Custody by end of August
- Quantum computers running Shor's algorithm could forge Bitcoin transactions at scale
- NIST deprecated current signature schemes after 2030, disallows them by 2035
- Industry debates Bitcoin's cryptographic migration timeline before quantum threat
The vault opens
Custody has become a strategic priority for the world's biggest banks. BNY, the world's largest custodian with $59.4 trillion in assets under custody and administration, is now offering Bitcoin and Ethereum safekeeping in Abu Dhabi. Standard Chartered's acquisition of Zodia Custody signals the same institutional bet: digital assets are here, and they need the same vault treatment as equities and bonds.
This shift matters because owning Bitcoin means controlling a private key—a long secret number that authorizes movement of the coins. Custodians protect that key using one of two methods. Multi-party computation, or MPC, splits a key into fragments held on separate machines, so the full number never exists in one place. Hardware security modules, or HSMs, lock the key inside a single piece of specialized, tamper-resistant hardware that destroys itself if anyone interferes.
Both approaches are solid against today's threats. Neither is ready for tomorrow.
The quantum problem
The signatures securing Bitcoin and Ethereum rely on elliptic curve cryptography. This scheme is mathematically hard to break with classical computers—the kind we have now. But a sufficiently large quantum computer running Shor's algorithm could solve those problems pretty quickly, meaning it could read a public key on the blockchain, derive the corresponding private key, and forge transactions.
The timeline buys some breathing room. Current quantum computers are research prototypes at roughly 100 qubits, far short of the hundreds of thousands needed. Taurus's own view is that a cryptographically relevant machine before 2040 is pretty unlikely based on current evidence.
Yet a Taurus report argues that every custodian on the market today remains exposed to a future quantum transition. Taurus is a Swiss digital asset technology firm that counts Deutsche Bank among its backers, so the warning carries institutional weight.
The migration clock
The US standards agency NIST published its first post-quantum cryptographic standards in August 2024. NIST IR 8547 deprecates today's signature schemes after 2030 and disallows them after 2035. That's a hard deadline for any system still relying on elliptic curves.
Bitcoin's upgrade path remains unclear. The protocol is deliberately conservative—changes require broad consensus among miners, developers, and node operators. A cryptographic migration touches the bedrock of the network. Wall Street is already debating how Bitcoin should adapt, but migrations of this scale take years. The banks now buying vaults may find themselves managing an asset whose security model is mid-transition.
Frequently asked questions
How do custodians protect Bitcoin private keys?
Custodians use two main approaches: multi-party computation (MPC) splits the key into fragments on separate machines so it never exists in one place, while hardware security modules (HSMs) lock the key in tamper-resistant hardware that self-destructs if interfered with.
Could a quantum computer steal Bitcoin?
Yes. A sufficiently large quantum computer running Shor's algorithm could derive a private key from a public key on the blockchain and forge transactions. Current quantum computers are research prototypes at roughly 100 qubits, far short of the hundreds of thousands needed.
When must Bitcoin upgrade its cryptography?
NIST deprecated today's signature schemes after 2030 and disallows them after 2035. Bitcoin's cryptographic migration is unclear, but must happen before these deadlines.
