Andrew Gault, a venture capitalist who has invested in quantum hardware labs now posing a risk to bitcoin, asserts that the industry is misdirected. In March, Google also shifted its focus in this direction.
By Shaurya Malwa|Edited by Sam ReynoldsUpdated May 30, 2026, 5:45 a.m. Published May 30, 2026, 5:27 a.m. 3 min readMake preferred onKey Points:
- Experts in security caution that the primary quantum threat to bitcoin and the entire financial system lies not with wallet keys but with the encrypted authentication data currently exchanged between institutions and covertly harvested.
- Threat actors are employing a strategy termed “harvest now, decrypt later,” accumulating encrypted interbank communications, transaction records, and digital signatures to decrypt when quantum computing power increases, a scenario that Google and Citi are actively analyzing on a tight schedule.
- While Ethereum has initiated a coordinated transition to post-quantum security, and Google aims for completion by 2029, Bitcoin and prominent crypto exchanges have yet to publicly announce similar protective measures for their signing processes.
A venture capitalist with a decade of experience investing in deep-tech and quantum startups claims that the bitcoin BTC$73,523.91 sector is concentrating on the less critical aspect of the quantum challenge, focusing on wallet keys instead of the encrypted data that is actively transmitted between exchanges, bridges, and custodians.
“The most significant vulnerability within the financial system is not in stored data but rather in the data actively being exchanged between institutions,” Andrew Gault, CEO of ZeroTier, told CoinDesk in a recent discussion.
Gault heads ZeroTier and is a founding partner at 7percent Ventures, a deep-tech firm based in London and San Francisco, which includes British quantum-computing startup Universal Quantum in its portfolio.
“Every message between banks, every payment authentication record, and every digital signature currently flowing through networks is being captured by sophisticated adversaries who don’t need to decrypt it right now,” he emphasized.
“CISOs and security teams have been trained to safeguard data at rest. What remains unspoken is that the adversary's approach has evolved. They are patient, they have storage capabilities, and they are compiling a library of today’s encrypted traffic to decrypt as soon as quantum technology reaches the necessary threshold,” he added.
The Google Quantum AI research that alarmed the bitcoin community in March indicated that a sufficiently advanced quantum computer could derive a bitcoin private key from a public key in roughly nine minutes, and this finding was not part of Gault's investment portfolio.
The discourse following that paper has revolved around the approximately 6.9 million BTC held in addresses with exposed public keys and Bitcoin's lack of a post-quantum transition strategy.
However, Gault argues that the more pressing issue is the data being harvested from the open internet for future decryption, irrespective of the existence of a functional quantum computer at this moment.
Google's security engineers have also shifted their focus accordingly. In a March blog post, the company set a 2029 deadline for completing its migration to post-quantum cryptography, citing advancements in quantum hardware, error correction, and resource estimates for factoring.
The post, authored by Heather Adkins, Google’s vice president of security engineering, and Sophie Schmieg, a senior cryptography engineer, stated that the company has reassessed its internal threat model to prioritize authentication services and digital signatures, aligning with the concerns raised by Gault regarding the signing infrastructure.
“The threat to encryption is pertinent today with store-now-decrypt-later tactics,” the post stated.
This approach, known in cryptographic discussions as "harvest now, decrypt later," posits that adversaries do not need immediate access to encrypted communications; they only need to save them affordably until a sufficiently powerful quantum computer is available.
Citi analyzed a bank-system version of this scenario in February, concluding that a quantum-enabled attack on a leading U.S. bank's access to the Fedwire Funds Service payment system could lead to a cascading economic impact of between $2 trillion and $3.3 trillion, translating to a 10% to 17% drop in real GDP.
The Global Risk Institute, referenced in the Citi report, estimates the likelihood of a cryptographically capable quantum computer emerging by 2034 to be between 19% and 34%.
In the cryptocurrency realm, the vulnerabilities at the wire level extend beyond those of wallet keys. This includes proofs for cross-chain bridges, authentication packets for exchange APIs, signed transactions recorded in public mempools, and the behind-the-scenes signing communications between cold storage and trading desks, all of which share similar vulnerabilities to the bank-grade encryption scenarios modeled by Citi.
CoinShares suggested in a February report that fears surrounding wallet keys are exaggerated, estimating that only about 10,200 BTC are concentrated enough to significantly affect markets if stolen.
Gault's concerns, however, lie elsewhere. “The particularly unsettling truth for financial institutions is that the harvested authentication records are not merely sensitive,” he stated. “They represent the proof layer that defines ownership, transaction authorization, and legal liability.”
While Ethereum has begun a coordinated migration to post-quantum security, Bitcoin has not followed suit. Major cryptocurrency exchanges and custodians, where much of the signing traffic occurs, have also not publicly committed to similar initiatives.
More For You
Mass Deployment of AI Agents Could Lead to a Security Crisis, Warns CertiK CEO
By Olivier Acuna|Edited by Jamie Crawley14 hours agoRonghui Gu provides advice on isolating AI agents during testing to prevent them from accessing sensitive personal information or digital assets.
Key Points:
- Security firm CertiK warns that the fast-paced deployment of autonomous AI agents, often untested and uncontained, is generating significant and dangerous “security debt” across systems and applications.
- By allowing AI agents access to local files, credentials, and financial resources, users inadvertently create potent insider threats that can endanger...