Bitcoin's quantum threat: encrypted messages, not wallet keys
In brief
- Andrew Gault argues bitcoin's quantum risk centers on encrypted messages between institutions, not exposed private keys
- Google research showed quantum computers could derive bitcoin keys in nine minutes; 2029 post-quantum migration targeted
- 6.9 million BTC sit in addresses with exposed public keys; only 10,200 BTC concentrated enough to move markets
- Ethereum launched post-quantum migration; Bitcoin and major exchanges have not publicly committed
- Adversaries employ harvest-now-decrypt-later strategy, collecting encrypted traffic today for future decryption
The wrong target
The bitcoin industry's attention locked onto wallet keys after Google's quantum AI research in March showed a sufficiently powerful quantum computer could derive a bitcoin private key from an exposed public key in about nine minutes. Roughly 6.9 million BTC sit in addresses with exposed public keys.
But the numbers don't match the panic. CoinShares estimated in a February report that only about 10,200 BTC are concentrated enough to move markets if stolen via wallet-key attacks. Gault sees a different vulnerability: the wire-level signing infrastructure that authenticates transactions between institutions.
Google's own security team came to the same conclusion. The company set 2029 as its target for completing a post-quantum cryptography migration, citing progress on quantum threats. But Google's post-quantum migration focus has shifted to authentication services and digital signatures, the wire-level signing infrastructure — not stored wallet data.
Harvest now, decrypt later
The strategy driving that urgency is known as harvest now, decrypt later. Adversaries collect encrypted traffic today, betting they'll have quantum computers capable of decryption in the future.
The financial stakes are enormous. Citi modeled a quantum-enabled attack on a single top-five U.S. bank's access to the Fedwire Funds Service, estimating a cascade of $2 trillion to $3.3 trillion across the U.S. economy. The Global Risk Institute estimates the probability of a cryptographically relevant quantum computer arriving by 2034 at between 19% and 34%.
The coordination gap
Ethereum has launched a coordinated post-quantum migration, but Bitcoin has not. More critically, major crypto exchanges and custodians, where most of the signing traffic lives, have not publicly committed to one either.
That's where Gault's concern lands hardest. The risk isn't the 6.9 million BTC in exposed addresses. It's the authentication layer between institutions — the layer that proves ownership, authorizes transactions, and assigns liability. If adversaries can harvest that traffic and decrypt it later, they don't steal coins. They rewrite history.
