Andrew Gault, a prominent venture capitalist and CEO of networking firm ZeroTier, has raised concerns about the vulnerabilities facing the Bitcoin ecosystem due to advancements in quantum computing. Gault argues that the industry is misdirecting its focus on securing wallet keys rather than addressing the more pressing issue of encrypted data being transmitted across networks.
In a recent interview, Gault emphasized that the greatest risk to the financial system lies not in stored data but in the data exchanged between institutions. “The financial system’s most dangerous vulnerability isn’t stored data, it’s the data moving between institutions right now,” he stated.
“CISOs and security teams have been trained to protect data at rest. What nobody wants to say out loud is that the adversary’s strategy has changed. They’re patient, they have storage, and they’re building a library of today’s encrypted traffic to decrypt the moment quantum capability crosses the threshold,” he added.
Gault’s comments come in the wake of a March research paper from Google Quantum AI, which indicated that a sufficiently powerful quantum computer could derive a Bitcoin private key from an exposed public key in approximately nine minutes. This research has sparked discussions around the 6.9 million BTC currently held in addresses with exposed public keys, as well as Bitcoin’s lack of a post-quantum migration strategy.
However, Gault contends that the immediate threat stems from data already being collected from the open internet, which could be decrypted in the future, regardless of the current capabilities of quantum computers. This perspective aligns with recent shifts in focus by Google’s security team, which has set a target of 2029 for completing its transition to post-quantum cryptography. In a blog post, Google’s vice president of security engineering, Heather Adkins, and senior cryptography engineer, Sophie Schmieg, noted that the company is prioritizing its internal threat model to address vulnerabilities in authentication services and digital signatures.
“The threat to encryption is relevant today with store-now-decrypt-later attacks,” the post stated.
This strategy, known as “harvest now, decrypt later,” suggests that adversaries may not need to decrypt encrypted traffic immediately; instead, they can store it until quantum computing technology advances sufficiently. A report from Citi in February estimated that a quantum-enabled attack on a major U.S. bank could lead to a $2 trillion to $3.3 trillion impact on the economy, representing a potential decline of 10% to 17% in real GDP.
The Global Risk Institute, cited in the same report, estimates a 19% to 34% probability of a cryptographically relevant quantum computer emerging by 2034. Gault pointed out that the vulnerabilities extend beyond wallet keys, encompassing a wide range of data, including cross-chain bridge proofs, exchange API authentication packets, and signed transactions.
While Ethereum has initiated a coordinated post-quantum migration, Bitcoin has yet to adopt a similar strategy. Major cryptocurrency exchanges and custodians, which handle a significant portion of signing traffic, have not publicly committed to a post-quantum transition.
Gault’s concerns underscore the need for financial institutions to reevaluate their security measures in light of emerging quantum threats. He noted, “The particularly uncomfortable reality for financial institutions is that the authentication records being harvested aren’t just sensitive; it’s the proof layer that determines who owns what, who authorized which transaction, and who bears legal liability.”
Andrew Gault highlights the urgent need for the Bitcoin industry to address vulnerabilities posed by quantum computing, focusing on the risks associated with data transmission rather than just wallet security. His comments reflect a broader concern about the potential impacts of quantum technology on financial systems.