A prominent venture capitalist and CEO, Andrew Gault, has raised pivotal concerns within the cryptocurrency domain, particularly regarding Bitcoin and its vulnerability to quantum computing. With over ten years of experience investing in deep-tech and quantum hardware startups, Gault argues that the current focus in the industry has missed a critical aspect of the quantum threat.
During a recent discussion with CoinDesk, Gault emphasized that the most significant risk lies not in stored wallet keys, but in the sensitive data that transits between various financial institutions. He stated, “The financial system’s most dangerous vulnerability isn’t stored data; it’s the data moving between institutions right now.” This evolving threat landscape has prompted Gault to highlight the inadequacies of current cybersecurity measures, which primarily focus on data at rest rather than on data in motion.
According to Gault, sophisticated adversaries are not yet required to decode encrypted messages; instead, they are actively collecting data as it flows through networks, which allows them to potentially decrypt it in the future once quantum computing technology advances. He commented, “CISOs and security teams have been trained to protect data at rest. What nobody wants to say out loud is that the adversary’s strategy has changed. They’re patient, they have storage, and they’re building a library of today’s encrypted traffic.”
This warning comes after Google’s Quantum AI research indicated that a powerful quantum computer could potentially derive Bitcoin private keys from exposed public keys in a matter of minutes. This finding highlighted the vulnerability of approximately 6.9 million BTC currently residing in addresses with exposed public keys. While the conversation has mainly focused on the security of these wallets, Gault insists that the more pressing risk is from data actively being transmitted and collected over the internet.
Google’s security team recently echoed Gault’s sentiments, announcing a targeted timeline of 2029 for completing their migration to post-quantum cryptography. In a detailed post, the company indicated a shift in focus towards protecting authentication services and digital signatures, mirroring Gault’s concerns regarding wire-level signing infrastructure.
The urgency in addressing this threat is encapsulated in the cryptographic strategy known as “harvest now, decrypt later.” This approach allows adversaries to save encrypted traffic now for future decryption using advanced quantum computers, which could lead to catastrophic consequences. Citi’s modeling of a possible quantum-enabled attack on a major U.S. bank hints at a devastating economic impact that could potentially trigger a $2 trillion to $3.3 trillion cascade across the country, representing a significant decline in gross domestic product.
Gault further points out that vulnerabilities in cryptocurrency extend beyond wallet keys. Various elements, including cross-chain bridge proofs, exchange API authentication, and the signing traffic between cold storage and trading desks, are equally exposed to threats. This broad surface area for potential attacks presents a multifaceted challenge for crypto-related security.
While Ethereum has initiated a coordinated post-quantum migration, the Bitcoin network and its major exchanges have yet to establish a similar commitment. Gault’s observations highlight the urgency for financial institutions and crypto markets to reevaluate their security posture in the wake of an impending quantum computing era. He underscores that the implications go beyond mere theft; the integrity of transaction authentication and the ownership proof mechanisms are at stake. “It’s the proof layer that determines who owns what, who authorized which transaction, and who bears legal liability,” Gault concluded, illustrating the profound implications of this looming threat on the financial ecosystem.
