A quantum-enabled attack on a single top-five U.S. bank could trigger a $2 trillion to $3.3 trillion cascade across the U.S. economy, according to a Citi report, equal to a 10% to 17% decline in real GDP.

This staggering estimate underscores a growing unease: the looming threat posed by quantum computing, which could unravel the cryptographic fabric of financial systems. Andrew Gault, a venture capitalist with deep roots in quantum tech, argues that the focus on Bitcoin wallet keys is misplaced. Instead, it's the data in transit—those encrypted messages darting between exchanges and financial institutions—that's the real Achilles' heel.

Gault, speaking to CoinDesk, emphasizes the vulnerability of data moving across networks today. Sophisticated adversaries are stockpiling encrypted traffic, planning to decrypt it once quantum capability matures. The notion that cybersecurity should focus only on data at rest is becoming obsolete.

Google's own security efforts align with this urgent shift. The tech giant targets 2029 to complete its post-quantum cryptography migration. Their strategy, shared by security engineering VP Heather Adkins and cryptography engineer Sophie Schmieg, pivots towards authenticating services and digital signatures.

The 'harvest now, decrypt later' strategy is gaining traction. Adversaries need only collect encrypted data now, waiting for the day they can unlock it with quantum computers. This isn't a distant future scenario; Citi's modeling and the Global Risk Institute's predictions anticipate a cryptographically relevant quantum computer could emerge by 2034, with probabilities ranging from 19% to 34%.

For Bitcoin and other cryptocurrencies, this means the threat surface extends beyond just wallet keys. Every signed transaction across public blockchain networks, exchange API packets, and interbank messages is potentially at risk. CoinShares tried to assuage fears earlier this year, suggesting only a fraction of Bitcoin could be compromised if stolen. But Gault's concerns extend to the entire proof layer that underpins financial systems, from ownership to transaction authorization and legal liability.

Ethereum has already embarked on a coordinated post-quantum migration, yet Bitcoin lags behind. Major exchanges and custodians are similarly silent on their readiness for this quantum leap.

The potential impact of a quantum breakthrough on the financial sector cannot be overstated. The financial system's reliance on cryptographic security means that a single breach could have widespread consequences, affecting everything from individual wealth to global markets. In particular, the Federal Reserve's Fedwire Funds Service, a crucial component of the U.S. banking infrastructure, could become a prime target for quantum-enabled attacks.

Andrew Gault, the venture capitalist who funded the quantum hardware labs now threatening bitcoin, says the industry is looking in the wrong place. Google's own security team moved in the same direction in March. A venture capitalist who has spent a decade backing deep-tech and quantum hardware startups says the bitcoin BTC$73,523.91 industry is fixated on the wrong half of the quantum problem, the wallet keys instead of the encrypted messages already moving between exchanges, bridges and custodians today.

Gault, CEO of networking firm ZeroTier and a founding partner of 7percent Ventures, explained that "The financial system's most dangerous vulnerability isn't stored data, it's the data moving between institutions right now." His portfolio includes British quantum-computing startup Universal Quantum. He noted, "Every interbank message, every payment authentication record, and every digital signature traveling across a network today is being collected by sophisticated adversaries who don't need to read it yet."

More from Coin Times

MACRO

Fed's Inflation Gauge Hits 3-Year High—Pressure Mounts for Rate Action

Fed's inflation gauge hits 3-year peak at 3.

CISOs and security teams have been trained to protect data at rest. What nobody wants to say out loud is that the adversary's strategy has changed. They're patient, they have storage, and they're building a library of today's encrypted traffic to decrypt the moment quantum capability crosses the threshold.

The Google Quantum AI research that rattled bitcoin in March showed a sufficiently powerful quantum computer could derive a bitcoin private key from an exposed public key in about nine minutes, came from outside his portfolio. The conversation since that paper has centered on the roughly 6.9 million BTC sitting in addresses with exposed public keys and Bitcoin's missing post-quantum migration plan.

But Gault says the more urgent exposure is the data already being collected off the open internet for decryption later, regardless of whether a working quantum computer exists yet. Google's own security engineers have moved the same direction. In a March post, the company set 2029 as its target for completing a post-quantum cryptography migration, citing progress on quantum hardware, error correction and factoring resource estimates.

The post, written by Google vice president of security engineering Heather Adkins and senior cryptography engineer Sophie Schmieg, said the company has reprioritized its internal threat model to focus on authentication services and digital signatures, the same wire-level signing infrastructure Gault has been pointing at. "The threat to encryption is relevant today with store-now-decrypt-later attacks," the post said.

The strategy driving that urgency is known in cryptography circles as "harvest now, decrypt later." It assumes adversaries don't need to read encrypted traffic today, only store it cheaply until a sufficiently powerful quantum computer arrives. Citi modeled the bank-system version of the scenario in February, estimating a quantum-enabled attack on a single top-five U.S. bank's access to the Fedwire Funds Service payment system could trigger a $2 trillion to $3.3 trillion cascade across the U.S. economy, equal to a 10% to 17% decline in real GDP.

The Global Risk Institute, cited in the same Citi report, puts the probability of a cryptographically relevant quantum computer arriving by 2034 at between 19% and 34%. For crypto, the wire-level surface is broader than the wallet one. Cross-chain bridge proofs, exchange API authentication packets, signed transactions broadcast and archived in public mempools, and the back-channel signing traffic between cold storage and trading desks all sit on the same vulnerability spectrum as the bank-grade encryption Citi was modeling.

CoinShares argued in a February report that the wallet-key fear is overstated, estimating only about 10,200 BTC are concentrated enough to move markets if stolen. Gault's worry is a different one. "The particularly uncomfortable reality for financial institutions is that the authentication records being harvested aren't just sensitive," he said. "It's the proof layer that determines who owns what, who authorized which transaction, and who bears legal liability."

Ethereum (ETH) has launched a coordinated post-quantum migration, but Bitcoin has not done the same. Major crypto exchanges and custodians, where most of the signing traffic lives, have not publicly committed to one either.

As the race against time continues, financial institutions must rethink their security frameworks to accommodate the impending quantum era. The clock is ticking, and the potential for quantum computing to disrupt the status quo is no longer just a theoretical possibility. It is a looming reality that demands immediate attention and action from industry leaders and stakeholders alike.